Help again...infected IE highjack log included
Logfile of HijackThis v1.99.1
Scan saved at 8:08:08 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\utilities\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\Video ActiveX Access\imsmain.exe
G:\Program Files\Video ActiveX Access\iesmn.exe
G:\Program Files\Video ActiveX Access\imsmn.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Video ActiveX Access\iesmin.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Video ActiveX Access\iesmin.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - G:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - G:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\utilities\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Scan saved at 8:08:08 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\utilities\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\Video ActiveX Access\imsmain.exe
G:\Program Files\Video ActiveX Access\iesmn.exe
G:\Program Files\Video ActiveX Access\imsmn.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Video ActiveX Access\iesmin.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Video ActiveX Access\iesmin.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - G:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - G:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\utilities\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Comments
Step #1
Please download SmitfraudFix
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Step #2
More information with a screenshot, can be found Here.
SmitFraudFix v2.202
Scan done at 16:16:51.62, Tue 07/10/2007
Run from F:\Appz\Zami Computer fix files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\utilities\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
G:\WINDOWS\System32\svchost.exe
G:\Utilities\BitComet070\BitComet.exe
G:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
G:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt185\spa.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» G:\
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32
G:\WINDOWS\system32\myqlejy.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Randy
»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Randy\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
G:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
G:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» G:\DOCUME~1\Randy\FAVORI~1
G:\DOCUME~1\Randy\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» G:\Program Files
G:\Program Files\VirusProtectPro 3.3\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"="biocomputing"
[HKEY_CLASSES_ROOT\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="G:\WINDOWS\system32\myqlejy.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="G:\WINDOWS\system32\myqlejy.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="G:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SMC EZ Card 10/100 PCI (SMC1211TX) - Packet Scheduler Miniport
DNS Server Search Order: 216.58.97.21
DNS Server Search Order: 216.58.97.20
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1E558CC7-C135-4A06-B958-D880A34EAB8B}: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1E558CC7-C135-4A06-B958-D880A34EAB8B}: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1E558CC7-C135-4A06-B958-D880A34EAB8B}: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1E558CC7-C135-4A06-B958-D880A34EAB8B}: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=216.58.97.21 216.58.97.20
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
ABBYY FineReader 5.0 Sprint Plus
Absolute Poker
ACDSee 5.0 PowerPack
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe SVG Viewer
ADS Tech Master Installer V3.8
ADS Tech V3.8 DVD Xpress DX2 CapWiz
Alambik Viewer
ASAPI Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 7.5
AVI DivX MPEG to DVD Converter & Burner Pro 2.9
BayGenie eBay Auction Sniper Pro Edition 2.8.3.0
BearShare
Belltech Business Cards Designer Pro 1.3
BitComet 0.70
Blaze Media Pro
CD Box Labeler Pro
CDRWIN
Cemu Key Updater 1.0a
Clean 5
coverXP (remove only)
Creative DVD Audio Plugin for Audigy Series
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Cypress USB Mass Storage Driver Installation
Deal or No Deal
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DJGPP
Dream Aquarium
DreamStripper Game
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD X Copy Platinum 4.0.3
DVD X Rescue
dvd43 1.4
DVDFab Decrypter 3.0.4.0
DVDFab Platinum 3.1.3.2
DVDZip Pro 3.0.1.1
Easy Video Joiner 5.21
Easy Video Splitter 1.28
EasyCleaner
ewido anti-spyware 4.0
Exact Audio Copy 0.95b4
FLAC Installer 1.1.2a (remove only)
FlashFXP
Full Tilt Poker
Google Desktop
Google Earth Pro
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Gravis Xperience 4.5
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Photo Imaging Software
HP Photo Printing Software
HP PSC & OfficeJet 4.7
HP Software Update
InterActual Player
InterVideo WinDVD 7
iPod for Windows 2005-09-23
IsoBuster 1.8
iTunes
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.26 Standard
Label Editor
LiSTBoX Studio v2.2.150
LiveUpdate 3.1 (Symantec Corporation)
Magic DVD Ripper V4.1
Magic ISO Maker v5.0 (build 0166)
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (2.0.0.4)
Mp3Doctor 5.11.055
MSN Messenger 7.5
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
Ogg Vorbis Redistributable V 1.0b (vorbis1_0_public_release)
PC Alert 4
PokerStars
Poppy for Windows
Printscreen 2000 V8.0
QuickTime
Registry Mechanic
SafeCast Shared Components
Score Poker
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Sentinel System Driver
SereneScreen Marine Aquarium 2
SpywareBlaster v3.3
Tar98
TMPGEnc DVD Author 1.6
Ulead Straight-to-Disc SDK
Ulead VideoStudio 9.0 SE DVD
UltimateBet
UltraISO V6.52 SR-2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
USB Storage Adapter FX (SM1)
WaveLab Lite
Westwood Shared Internet Components
Wicked Atmega Loader
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
XoftSpy
XVID MPEG-4 CODEC
XviD MPEG-4 Video Codec
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exeSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background
SmitFraudFix v2.202
Scan done at 16:45:13.71, Wed 07/11/2007
Run from F:\Appz\Zami Computer fix files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"="biocomputing"
[HKEY_CLASSES_ROOT\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="G:\WINDOWS\system32\myqlejy.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="G:\WINDOWS\system32\myqlejy.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
G:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
G:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
G:\DOCUME~1\Randy\FAVORI~1\Online Security Test.url Deleted
G:\Program Files\VirusProtectPro 3.3\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1E558CC7-C135-4A06-B958-D880A34EAB8B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1E558CC7-C135-4A06-B958-D880A34EAB8B}: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1E558CC7-C135-4A06-B958-D880A34EAB8B}: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1E558CC7-C135-4A06-B958-D880A34EAB8B}: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=216.58.97.21 216.58.97.20
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=216.58.97.21 216.58.97.20
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 4:58:21 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\WINDOWS\system32\devldr32.exe
G:\Utilities\Poppy\Poppy.exe
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
G:\utilities\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
G:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
G:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt994\spa.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?menu=sections§ionid=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\utilities\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton/Symantec or AVG.
When done, please post a fresh Hijackthis logfile.
I have had the Norton Antivirus removed on my computer though I thought and was using AVG antivirus, I guess so it seems there might of been traces of Norton still on my hd, so I downloaded The Norton Antivirus Removal Tool to completely uninstall all versions of Norton. here is my latest Highjack this log......
Logfile of HijackThis v1.99.1
Scan saved at 4:42:13 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\Utilities\Poppy\Poppy.exe
G:\WINDOWS\system32\devldr32.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\utilities\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\System32\svchost.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?menu=sections§ionid=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\utilities\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Once the scan is complete do the following:
AVG found infections and I Applied all actions....now I found Reports at top clicked but could not save a report as the "save report as" was ghosted out.
I closed AVG Anti-Spyware and rebooted out of safe mode. Do you have any idea why the "Save report as" would be ghosted out not enabling me to save a report to post here? many thanks again for working on my log!
Please try installing it again.
did the complete scan and found infections. if you have any infections you will be prompted, the select APPLY ALL ACTIONS. after selecting REPORTS icon on top,............the "Save Report as" button in the lower left hand of the screen is ghosted out. there is nothing but ghosted out items....there is nothing to click with the mouse....I checked the AVG Antispware dir on computer...there is no log there.....not sure now what to do....is there something we are both overlooking?.....again thankyou for taking the time on my situation here.......
Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with DrWeb-CureIt as follows:
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
A0020508.exe;C:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP109;Win32.HLLW.Gavir.81;Deleted.;
A0020509.exe;C:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP109;Win32.HLLW.Gavir.81;Deleted.;
A0020510.exe;C:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP109;Win32.HLLW.Gavir.81;Deleted.;
A0020511.exe;J:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP109;Win32.HLLW.Gavir.81;Deleted.;
CemuKeyUp.exe;C:\BELL\New Cemu v1.72;Win32.HLLW.Gavir.81;Deleted.;
CemuKeyUp_1.0a.exe;C:\BELL\Cemu1.72_Port4\CemuKeyUp\Cemukeyup1.0a;Win32.HLLW.Gavir.81;Deleted.;
CemuKeyUp_1.0a.exe;C:\BELL\Cemukeyup1.0a;Win32.HLLW.Gavir.81;Deleted.;
CemuKeyUp_1.0a.exe;J:\Cemu1.91_Port4\CemuKeyUp\Cemukeyup1.0a;Win32.HLLW.Gavir.81;Deleted.;
go[2].htm;G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\0ZRRE8HT;Archive contains infected objects;Moved.;
go[2].htm\JavaScript.4;G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\0ZRRE8HT\go[2].htm;Trojan.MulDrop.1010;;
go[2].htm\JavaScript.5;G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\0ZRRE8HT\go[2].htm;Trojan.MulDrop.1010;;
go[2].htm\JavaScript.7;G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\0ZRRE8HT\go[2].htm;Trojan.MulDrop.1010;;
mirc.exe;C:\Mirc;Program.mIRC.603;;
PATCH.EXE;G:\Utilities\All Media Fixer;Tool.DVTPatch;;
Process.exe;F:\Appz\Zami Computer fix files\SmitfraudFix;Tool.Prockill;;
restart.exe;F:\Appz\Zami Computer fix files\SmitfraudFix;Tool.ShutDown.11;;
uinst_cp.exe;G:\WINDOWS\system32;Adware.CasProg;Moved.;
Run by Randy on 2007-08-06 at 16:30:16
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
22: 2007-08-06 20:30:26 UTC - RP113 - Deckard's System Scanner Restore Point
21: 2007-08-06 01:10:45 UTC - RP112 - System Checkpoint
20: 2007-08-05 00:36:25 UTC - RP111 - System Checkpoint
19: 2007-08-03 18:55:02 UTC - RP110 - System Checkpoint
18: 2007-08-02 14:35:00 UTC - RP109 - System Checkpoint
-- First Restore Point --
1: 2007-07-19 23:07:19 UTC - RP92 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Randy.exe)
Logfile of HijackThis v1.99.1
Scan saved at 4:34:01 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\Utilities\iPod\bin\iPodService.exe
K:\dss.exe
G:\Utilities\Codespace Utility V7\c0d3sP4c3 Backdoor Utility v7.0-Public Release-01-25-2007\c0d3sP4c3 Backdoor Utility v7.0.exe
G:\UTILIT~1\HIJACK~1\Randy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nforce.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 G:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
-- HijackThis Fixed Entries (G:\UTILIT~1\HIJACK~1\backups\)
backup-20050409-004011-201 O2 - BHO: (no name) - {FBA819B5-BECF-B27B-6F9B-963F513D8D14} - G:\WINDOWS\apieb.dll
backup-20050409-004011-307 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://G:\WINDOWS\hvdjy.dll/sp.html#44768
backup-20050409-004011-373 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://G:\WINDOWS\hvdjy.dll/sp.html#44768
backup-20050409-004011-390 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://G:\WINDOWS\hvdjy.dll/sp.html#44768
backup-20050409-004011-405 R3 - Default URLSearchHook is missing
backup-20050409-004011-583 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://G:\WINDOWS\hvdjy.dll/sp.html#44768
backup-20050409-004011-768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://G:\WINDOWS\hvdjy.dll/sp.html#44768
backup-20050409-004011-927 O4 - HKLM\..\Run: [apior32.exe] G:\WINDOWS\system32\apior32.exe
backup-20050409-011526-268 O4 - HKLM\..\RunOnce: [ipeo32.exe] G:\WINDOWS\ipeo32.exe
backup-20050409-011526-400 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://G:\WINDOWS\system32\ckjkk.dll/sp.html#44768
backup-20050409-011526-578 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://G:\WINDOWS\system32\ckjkk.dll/sp.html#44768
backup-20050409-011526-599 R3 - Default URLSearchHook is missing
backup-20050409-011526-603 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://G:\WINDOWS\system32\ckjkk.dll/sp.html#44768
backup-20050409-011526-635 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://G:\WINDOWS\system32\ckjkk.dll/sp.html#44768
backup-20050409-011526-812 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://G:\WINDOWS\system32\ckjkk.dll/sp.html#44768
backup-20050409-011526-823 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://G:\WINDOWS\system32\ckjkk.dll/sp.html#44768
backup-20050409-011526-998 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://G:\WINDOWS\system32\ckjkk.dll/sp.html#44768
backup-20050409-011804-438 O4 - HKLM\..\Run: [apior32.exe] G:\WINDOWS\system32\apior32.exe
backup-20050409-011804-920 O2 - BHO: (no name) - {9E44FA49-A535-7682-FC88-962EB4CEBA8E} - G:\WINDOWS\d3zm.dll
backup-20050409-092940-147 O4 - HKLM\..\Run: [Microsoft IT Update] windowss.exe
backup-20050409-092940-157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20050409-092940-302 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20050409-092940-332 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20050409-092940-423 O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
backup-20050409-092940-557 O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
backup-20050409-092940-937 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20050409-092940-969 O4 - HKCU\..\Run: [Microsoft IT Update] windowss.exe
backup-20050410-165829-708 O4 - HKLM\..\RunServices: [Microsoft IT Update] windowss.exe
backup-20050410-165829-991 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20050410-175236-117 O4 - Global Startup: Microsoft Office.lnk = G:\Utilities\Microsoft Word\Office10\OSA.EXE
backup-20050410-175236-127 O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20050410-175236-272 O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20050410-175236-302 O4 - HKLM\..\Run: [dvd43] G:\Program Files\dvd43\dvd43_tray.exe
backup-20050410-175236-752 O4 - Global Startup: PC Alert 4.lnk = G:\Utilities\PC Alert 4\PCAlert4.exe
backup-20050410-175236-907 O4 - HKLM\..\Run: [AdaptecDirectCD] G:\UTILITIES\Easy CD Creator 5\DirectCD\DirectCD.exe
backup-20051009-000537-221 O4 - Global Startup: InterVideo WinCinema Manager.lnk = G:\Utilities\InterVideo\Common\Bin\WinCinemaMgr.exe
backup-20051009-000622-951 O4 - Startup: Check For Updates.lnk = G:\Utilities\Edonkey Lite 1.4.3.2\WiseUpdt.exe
backup-20051009-000712-436 O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
backup-20060831-084153-365 O4 - HKLM\..\Run: [vssms32] G:\WINDOWS\System32\vssms32.exe
backup-20060831-084153-398 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060831-084153-846 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070412-164826-172 R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
backup-20070412-164826-308 O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
backup-20070412-164826-528 O4 - HKLM\..\Run: [BOOK LESS PROGRAM LONG] G:\Documents and Settings\All Users\Application Data\Mapi Aim Book Less\seek window.exe
backup-20070417-174621-663 O20 - Winlogon Notify: mszsrn32 - G:\WINDOWS\system32\mszsrn32.dll (file missing)
backup-20070417-174621-884 O4 - HKCU\..\Run: [userinit] G:\WINDOWS\system32\ntos.exe
backup-20070417-174622-888 O23 - Service: COM+ Messages - Unknown owner - G:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001670 (file missing)
backup-20070430-025158-178 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070430-025158-559 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R0 prohlp02 (StarForce Protection Helper Driver v2) - g:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - g:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - g:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - g:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - g:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - g:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - g:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 kid_sys (Kensington Input Devices Class filter driver) - g:\windows\system32\drivers\kid_sys.sys <Not Verified; Kensington Technology Group; KIDD>
R1 NTIDrvr (Upper Class Filter Driver) - g:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R1 oxmf (OXPCI Bus enumerator) - g:\windows\system32\drivers\oxmf.sys <Not Verified; OEM; PCI bridge>
R1 oxser (OX16C95x Serial port driver) - g:\windows\system32\drivers\oxser.sys <Not Verified; OEM; OX16C95x>
R1 PCLEPCI - g:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 prodrv06 (StarForce Protection Environment Driver v6) - g:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 CdaC15BA - g:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 CDRPDACC (Arrowkey Device Access) - g:\utilities\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 Sentinel - g:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 AsapiW2K - g:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 EPPSCSIx (EPPSCSI Driver) - g:\windows\system32\drivers\eppscan.sys <Not Verified; EPPSCAN WDM Driver; EPPSCAN Parallel Port Device Driver>
R3 MarvinBus (Pinnacle Marvin Bus) - g:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin/MarvinPro>
R3 Oxmfuf (Filter driver for OX16PCI954 ports) - g:\windows\system32\drivers\oxmfuf.sys <Not Verified; OEM; PCI bridge>
R3 Pcouffin (VSO Software pcouffin) - g:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S0 xmasbus - g:\windows\system32\drivers\xmasbus.sys (file missing)
S0 xmasscsi - g:\windows\system32\drivers\xmasscsi.sys (file missing)
S2 windev-660f-554d - g:\windows\system32\windev-660f-554d.sys (file missing)
S3 DtvAudio - g:\windows\system32\drivers\dtvaudio.sys <Not Verified; XV Provide; DTVAudio>
S3 DtvVideo - g:\windows\system32\drivers\dtvvideo.sys <Not Verified; XV Provide; DTV Video Controller.>
S3 Dvd43 - g:\windows\system32\drivers\dvd43.sys <Not Verified; Captain Red; DVD For Free>
S3 dvd43llh - g:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
S3 giveio - g:\windows\system32\giveio.sys
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 ossrv (Creative OS Services Driver) - g:\windows\system32\drivers\ctoss2k.sys (file missing)
S3 pfc (Padus ASPI Shell) - g:\windows\system32\drivers\pfc.sys (file missing)
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - g:\windows\system32\drivers\rtl8139.sys (file missing)
S3 VPNET (DTVNet Ethernet Controller) - g:\windows\system32\drivers\dtvnet.sys <Not Verified; TwinHan Corp.; DTVNet DVB NDIS Driver for TwinHan series DVB PCI Adapters>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 GEARSecurity - g:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S4 C-DillaCdaC11BA - g:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
-- Device Manager: Disabled
No disabled devices found.
-- Scheduled Tasks
2007-08-05 17:00:01 432 --a
G:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-04 10:09:57 346 --a
G:\WINDOWS\Tasks\XoftSpySE.job
-- Files created between 2007-07-06 and 2007-08-06
2007-08-03 08:35:44 0 d
G:\Documents and Settings\Randy\DoctorWeb
2007-08-03 01:23:39 0 d
G:\Program Files\DssEvolution.com
2007-07-29 15:48:59 0 d
G:\Personal Colour Viewer 2.0
2007-07-29 15:33:05 0 d
G:\Colour Viewer 2.0
2007-07-25 18:33:41 520192
n--- G:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-07-25 18:33:20 0 d
G:\Program Files\ATI Technologies
2007-07-17 18:12:56 0 d
G:\Program Files\PokerRoom.com
2007-07-12 23:57:00 0 d
G:\Documents and Settings\Randy\Application Data\SIZE BLEH HELP
2007-07-12 23:57:00 0 d
G:\Documents and Settings\All Users\Application Data\Mapi Aim Book Less
2007-07-09 22:39:34 264 --a
G:\WINDOWS\system32\winsusrm.dll
2007-07-09 09:38:37 0 d-a
G:\Documents and Settings\All Users\Application Data\TEMP
2007-07-08 21:33:51 0 d
G:\Documents and Settings\Randy\Application Data\DVDFab
2007-07-06 00:28:14 81920 --a
G:\WINDOWS\system32\GiveioIns.dll <Not Verified; ; GiveioIns>
2007-07-06 00:28:13 294912 --a
G:\WINDOWS\system32\N2meProg.dll <Not Verified; N/A; terryp>
-- Find3M Report
2007-12-09 01:32:40 487936 --a
G:\WINDOWS\system32\rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>
2007-12-09 01:32:40 87040 --a
G:\WINDOWS\system32\ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>
2007-12-09 01:32:40 21504 --a
G:\WINDOWS\system32\ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-12-09 01:32:40 72704 --a
G:\WINDOWS\system32\ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio(tm) (32-bit) RealVideo Encoder SDK 5.0>
2007-12-09 01:32:40 81920 --a
G:\WINDOWS\system32\ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio(tm) (32-bit) RealVideo Encoder SDK 5.0>
2007-12-09 01:32:40 352768 --a
G:\WINDOWS\system32\pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>
2007-12-09 01:32:40 131072 --a
G:\WINDOWS\system32\pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>
2007-12-09 01:32:40 130560 --a
G:\WINDOWS\system32\pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio(tm) Encoder (32-bit)>
2007-12-09 01:32:40 85504 --a
G:\WINDOWS\system32\encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-12-09 01:32:40 61952 --a
G:\WINDOWS\system32\decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-08-06 16:02:12 0 d
G:\Program Files\PokerStars
2007-08-06 09:31:19 0 d
G:\Documents and Settings\Randy\Application Data\AVG7
2007-08-04 20:54:35 0 d
G:\Program Files\CarbonPoker
2007-08-03 22:55:18 73216 --a
G:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-07-27 08:47:22 0 d
G:\Documents and Settings\Randy\Application Data\Vso
2007-07-27 08:45:57 34 --a
G:\Documents and Settings\Randy\Application Data\pcouffin.log
2007-07-27 08:45:48 47360 --a
G:\Documents and Settings\Randy\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-07-27 08:45:48 1144 --a
G:\Documents and Settings\Randy\Application Data\pcouffin.inf
2007-07-27 08:45:48 7887 --a
G:\Documents and Settings\Randy\Application Data\pcouffin.cat
2007-07-25 18:40:35 0 d
G:\Documents and Settings\Randy\Application Data\ATI
2007-07-19 19:06:57 2256 --a
G:\WINDOWS\current_settings.bin
2007-07-19 17:24:32 0 d
G:\Program Files\Absolute Poker
2007-07-19 15:08:22 0 d
G:\Program Files\Full Tilt Poker
2007-07-12 16:32:52 0 d
G:\Program Files\Common Files\Symantec Shared
2007-07-11 17:30:39 0 d
G:\Program Files\UltimateBet
2007-07-11 16:45:21 2144 --a
G:\WINDOWS\system32\tmp.reg
2007-07-09 15:53:23 424 --a
G:\delete.bat
2007-06-28 17:46:41 40 --a
G:\WINDOWS\system32\uppim.dll
2007-06-27 03:15:46 0 d
G:\Program Files\Windows Media Connect 2
2007-06-14 21:43:57 0 d
G:\Documents and Settings\Randy\Application Data\RipIt4Me
2007-06-11 12:45:16 0 d--h
G:\Program Files\InstallShield Installation Information
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [10/21/2005 06:27 PM]
"AVG7_CC"="G:\UTILIT~1\Grisoft\AVG7\avgcc.exe" [05/21/2007 08:47 AM]
"NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"Google Desktop Search"="G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/06/2007 02:04 AM]
"PSDrvCheck"="G:\WINDOWS\system32\PSDrvCheck.exe" [11/10/2003 04:06 PM]
"New.net Startup"="G:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL" []
"ATICCC"="G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 04:41 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"updateMgr"="G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [11/22/2004 08:18 AM]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/11/2007 02:26 PM]
G:\Documents and Settings\Randy\Start Menu\Programs\Startup\
Poppy for Windows.lnk - G:\Utilities\Poppy\Poppy.exe [8/4/2006 1:14:24 AM]
G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
Google Updater.lnk - G:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/11/2007 2:26:26 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
WgaLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=G:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=G:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"g:\utilities\HP Camera Software\Photo Imaging\Hpi_Monitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"G:\utilities\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"C-DillaCdaC11BA"=2 (0x2)
-- End of Deckard's System Scanner: finished at 2007-08-06 at 16:34:40
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 1900+
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 511.48 MiB / 153.23 MiB
Pagefile Memory (total/avail): 1248.52 MiB / 878.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.68 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 22.36 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 18.76 GiB total, 17.19 GiB free.
G: is Fixed (NTFS) - 18.58 GiB total, 4.91 GiB free.
H: is Fixed (FAT32) - 18.71 GiB total, 13.25 GiB free.
I: is Fixed (FAT32) - 18.45 GiB total, 18.41 GiB free.
J: is Fixed (NTFS) - 74.53 GiB total, 50.51 GiB free.
K: is Fixed (NTFS) - 53.47 GiB total, 36.37 GiB free.
L: is CDROM (No Media)
-- Security Center
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
AV: AVG 7.5.476 v7.5.476 (GRISOFT)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\Program Files\\MSN Messenger\\msnmsgr.exe"="G:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\\Utilities\\BitTorrent\\bittorrent.exe"="G:\\Utilities\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"G:\\WINDOWS\\System32\\vssms32.exe"="G:\\WINDOWS\\System32\\vssms32.exe:*:Enabled:Dnode"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Mirc\\mirc.exe"="C:\\Mirc\\mirc.exe:*:Enabled:mIRC"
"G:\\Program Files\\MSN Messenger\\msnmsgr.exe"="G:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"G:\\Utilities\\BitComet070\\BitComet.exe"="G:\\Utilities\\BitComet070\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"G:\\Utilities\\iTunes\\iTunes.exe"="G:\\Utilities\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"G:\\Utilities\\InterVideo\\DVD7\\WinDVD.exe"="G:\\Utilities\\InterVideo\\DVD7\\WinDVD.exe:*:Enabled:WinDVD"
"G:\\Utilities\\FlashFXP\\FlashFXP.exe"="G:\\Utilities\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP"
"F:\\Appz\\utorrent.exe"="F:\\Appz\\utorrent.exe:*:Enabled:utorrent"
"G:\\Utilities\\BearShare\\BearShare.exe"="G:\\Utilities\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"G:\\Utilities\\AVG7\\avgw.exe"="G:\\Utilities\\AVG7\\avgw.exe:*:Enabled:AVG Anti-Virus for Windows"
"G:\\Utilities\\AVG7\\avgcc.exe"="G:\\Utilities\\AVG7\\avgcc.exe:*:Enabled:AVG Control Center"
"G:\\Utilities\\Grisoft\\AVG7\\avginet.exe"="G:\\Utilities\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"G:\\Utilities\\Grisoft\\AVG7\\avgamsvr.exe"="G:\\Utilities\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"G:\\Utilities\\Grisoft\\AVG7\\avgcc.exe"="G:\\Utilities\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"G:\\Utilities\\Grisoft\\AVG7\\avgemc.exe"="G:\\Utilities\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"G:\\WINDOWS\\ServicePackFiles\\i386\\rtcshare.exe"="G:\\WINDOWS\\ServicePackFiles\\i386\\rtcshare.exe:*:Enabled:RTC App Sharing"
-- Environment Variables
ALLUSERSPROFILE=G:\Documents and Settings\All Users
APPDATA=G:\Documents and Settings\Randy\Application Data
CLASSPATH=G:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=G:\Program Files\Common Files
COMPUTERNAME=RANDY-NEW
ComSpec=G:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=G:
HOMEPATH=\Documents and Settings\Randy
LOGONSERVER=\\RANDY-NEW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=G:\WINDOWS\system32;G:\WINDOWS;G:\WINDOWS\system32\WBEM;G:\Program Files\Common Files\Roxio Shared\DLLShared;G:\Program Files\Common Files\Adaptec Shared\System;G:\Program Files\Common Files\Ulead Systems\MPEG;G:\utilities\Ulead DVD MovieFactory 3 Disc Creator;G:\Program Files\Pinnacle\Shared Files\InstantCDDVD\;G:\Program Files\Utilities\Ulead DVD MovieFactory 3 Disc Creator;G:\Program Files\QuickTime\QTSystem\;C:\DJGPP\BIN;G:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=G:\Program Files
PROMPT=$P$G
QTJAVA=G:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=G:
SystemRoot=G:\WINDOWS
TEMP=G:\DOCUME~1\Randy\LOCALS~1\Temp
TMP=G:\DOCUME~1\Randy\LOCALS~1\Temp
USERDOMAIN=RANDY-NEW
USERNAME=Randy
USERPROFILE=G:\Documents and Settings\Randy
windir=G:\WINDOWS
-- User Profiles
Randy (admin)
Administrator (admin)
-- Add/Remove Programs
--> G:\utilities\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 G:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Absolute Poker --> G:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
ACDSee 5.0 PowerPack --> MsiExec.exe /I{5058B085-AA79-41E5-A726-681B4C4B846E}
Ad-Aware SE Personal --> G:\UTILIT~1\AD-AWA~2\UNWISE.EXE G:\UTILIT~1\AD-AWA~2\INSTALL.LOG
Adobe Flash Player ActiveX --> G:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe SVG Viewer --> G:\WINDOWS\IsUninst.exe -f"G:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
ADS Tech Master Installer V3.8 --> G:\PROGRA~1\ADSTech\UNWISE.EXE G:\PROGRA~1\ADSTech\INSTALL.LOG
ADS Tech V3.8 DVD Xpress DX2 CapWiz --> G:\PROGRA~1\ADSTEC~1\UNWISE.EXE G:\PROGRA~1\ADSTEC~1\INSTALL.LOG
Alambik Viewer --> G:\utilities\Alambik Viewer\Uninstall.exe
ASAPI Update --> G:\WINDOWS\system32\IWUNIN~1.EXE -uninstall G:\WINDOWS\ISUNINST.EXE -fG:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ATI - Software Uninstall Utility --> G:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver --> rundll32 G:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> G:\utilities\Grisoft\AVG7\setup.exe /UNINSTALL
AVI DivX MPEG to DVD Converter & Burner Pro 2.9 --> "G:\utilities\AVI DivX MPEG to DVD Converter & Burner Pro\unins000.exe"
BayGenie eBay Auction Sniper Pro Edition 2.8.3.0 --> "G:\utilities\BayGenie\ProEdition\unins000.exe"
BEACH CLUB BINGO PINBALL SIMULATION --> G:\WINDOWS\st6unst.exe -n "C:\Ball Bingo Pinball\Beach Club\ST6UNST.LOG"
BearShare --> G:\UTILIT~1\BEARSH~1\UNWISE.EXE G:\UTILIT~1\BEARSH~1\INSTALL.LOG
Belltech Business Cards Designer Pro 1.3 --> "G:\utilities\Belltech Business Cards Designer Pro\unins000.exe"
BitComet 0.70 --> G:\utilities\BitComet070\uninst.exe
Blaze Media Pro --> "G:\Documents and Settings\All Users\Application Data\{FBDA53F5-763E-4114-A576-612E9769C133}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
CD Box Labeler Pro --> "G:\utilities\CD Box Labeler Pro\unins000.exe"
CDRWIN --> G:\UTILIT~1\CDRWIN3\UNWISE.EXE G:\UTILIT~1\CDRWIN3\INSTALL.LOG
Cemu Key Updater 1.0a --> C:\BELL\CEMU1.72_PORT4\Uninstal.exe
Clean 5 --> G:\UTILIT~1\Pinnacle\CLEAN5~1\UNINST~1.EXE G:\UTILIT~1\Pinnacle\CLEAN5~1\INSTALL.LOG
coverXP (remove only) --> "G:\Utilities\Coverxp pro\coverXP\cxp-uninst.exe"
Creative DVD Audio Plugin for Audigy Series --> "G:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "C:\Cucusoft\avi-dvd-pro\unins000.exe"
Cypress USB Mass Storage Driver Installation --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Deal or No Deal --> MsiExec.exe /X{CEA0BA90-DED4-169F-BA18-D9F57E43E6AD}
DivX Codec --> G:\utilities\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> G:\utilities\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> G:\utilities\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> G:\utilities\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> G:\utilities\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DJGPP --> C:\DJGPP\UNWISE.EXE C:\DJGPP\INSTALL.LOG
Dream Aquarium --> "G:\utilities\Dream Aquarium\UnInstall.exe"
DreamStripper Game --> MsiExec.exe /I{7E4D9F60-AAD0-424B-B6FB-8EEB75E23137}
DVD Decrypter (Remove Only) --> "G:\Utilities\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "G:\Utilities\DVD Shrink\unins000.exe"
DVD X Copy Platinum 4.0.3 --> "G:\utilities\DVDXcopy Platinum\uninstall.exe"
DVD X Rescue --> G:\UTILIT~1\DVDXRE~1\UNWISE.EXE G:\UTILIT~1\DVDXRE~1\INSTALL.LOG
dvd43 1.4 --> "G:\Program Files\dvd43\unins000.exe"
DVDFab Decrypter 3.0.4.0 --> "G:\utlities\DVDFab Decrypter 3\unins000.exe"
DVDFab Platinum 3.1.4.8 Beta --> "G:\utilities\DVDFab Platinum 3\unins000.exe"
DVDZip Pro 3.0.1.1 --> "G:\utilities\DVDZip Pro 3.0.1.1\unins000.exe"
Easy Video Joiner 5.21 --> "G:\utilities\Easy Video Joiner\unins000.exe"
Easy Video Splitter 1.28 --> "G:\utilities\Easy Video Splitter\unins000.exe"
EasyCleaner --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
ERSTE BINGO PINBALL SIMULATION --> G:\WINDOWS\st6unst.exe -n "C:\Ball Bingo Pinball\Erste\ST6UNST.LOG"
Exact Audio Copy 0.95b4 --> G:\Utilities\Exact Audio Copy\uninst.exe
FLAC Installer 1.1.2a (remove only) --> G:\Program Files\FLAC\uninstall.exe
FlashFXP --> G:\UTILIT~1\FlashFXP\UNWISE.EXE G:\UTILIT~1\FlashFXP\INSTALL.LOG
Full Tilt Poker --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Google Desktop --> G:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth Pro --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "g:\program files\google\googletoolbar2.dll"
Google Updater --> "G:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Gravis Xperience 4.5 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{13599F5D-20A2-449A-BA81-A7D8B98A8DF1}\Setup.exe" -u
HijackThis 1.99.1 --> G:\Utilities\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "G:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7 --> G:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> G:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo Imaging Software --> G:\WINDOWS\IsUninst.exe -f"g:\utilities\HP Camera Software\Photo Imaging\Uninstall.isu" -c"g:\utilities\HP Camera Software\Photo Imaging\hpiunCX.dll
HP Photo Printing Software --> G:\WINDOWS\IsUninst.exe -f"g:\utilities\HP Camera Software\Photo Printing\Uninstall.isu" -c"g:\utilities\HP Camera Software\Photo Printing\hpiunPC.dll
HP PSC & OfficeJet 4.7 --> "G:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
InterActual Player --> G:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 7 --> "G:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
iPod for Windows 2005-09-23 --> G:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
IsoBuster 1.8 --> "G:\utilities\IsoBuster\Uninst\unins000.exe"
iTunes --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.26 Standard --> "G:\utilities\K-Lite Codec Pack\unins000.exe"
Label Editor --> "G:\utilities\Steinberg\Label Editor\Uninstall.exe" "G:\utilities\Steinberg\Label Editor\install.log"
LiSTBoX Studio v2.2.150 --> G:\Utilities\ListboxStudio\Uninstal.exe
Magic DVD Ripper V4.1 --> "G:\utilities\MagicDVDRipper\unins000.exe"
Magic ISO Maker v5.0 (build 0166) --> G:\UTILIT~1\MagicISO\UNWISE.EXE G:\UTILIT~1\MagicISO\INSTALL.LOG
MIAMI BEACH BINGO PINBALL SIMULATION --> G:\WINDOWS\st6unst.exe -n "C:\Ball Bingo Pinball\Miami Beach\ST6UNST.LOG"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "G:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "C:\Mirc\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.4) --> G:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.6) --> G:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mp3Doctor 5.11.055 --> G:\utilities\Mp3Doctor\unins000.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection G:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar --> G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
Nero 6 Ultra Edition --> G:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Night Club BINGO PINBALL SIMULATION --> G:\WINDOWS\st6unst.exe -n "C:\Bally Bingo Pinball\Night Club\ST6UNST.LOG"
Ogg Vorbis Redistributable V 1.0b (vorbis1_0_public_release) --> "G:\Program Files\OggVorbis\unins000.exe"
PC Alert 4 --> G:\WINDOWS\IsUninst.exe -f"G:\utilities\PC Alert 4\Uninst.isu"
Personal Colour Viewer --> MsiExec.exe /I{2DEE9597-1269-46FD-B5F8-E0DD10385D19}
PokerRoom.com (remove only) --> "G:\Program Files\PokerRoom.com\uninstall.exe"
PokerStars --> G:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
Poppy for Windows --> G:\utilities\Poppy\UNWISE.EXE
Printscreen 2000 V8.0 --> G:\WINDOWS\uninst.exe -fg:\utilities\PrintScreen2000\DeIsL1.isu -cg:\utilities\PrintScreen2000\_ISREG32.DLL
QuickTime --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Registry Mechanic --> "G:\utilities\Registry Mechanic\unins000.exe"
SafeCast Shared Components --> G:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Score Poker --> MsiExec.exe /X{F58BFB58-9943-4DC5-9EED-E9B01C103DD5}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel System Driver --> G:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
SereneScreen Marine Aquarium 2 --> "G:\utilities\Marine Aquarium 2\unins000.exe"
SILVER SAILS BINGO PINBALL SIMULATION --> G:\WINDOWS\st6unst.exe -n "C:\Bally Bingo Pinball\Silver Sails\ST6UNST.LOG"
SpywareBlaster v3.3 --> "G:\utilities\SpywareBlaster\unins000.exe"
Tar98 --> G:\UTILIT~1\Tar98\UNWISE.EXE G:\UTILIT~1\Tar98\INSTALL.LOG
TMPGEnc DVD Author 1.6 --> MsiExec.exe /I{1A995D22-F711-4199-83D4-579B593A46C5}
Ulead Straight-to-Disc SDK --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\setup.exe" -l0x9
Ulead VideoStudio 9.0 SE DVD --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\Setup.exe" -l0x9
UltimateBet --> G:\PROGRA~1\ULTIMA~1\UNWISE.EXE G:\PROGRA~1\ULTIMA~1\INSTALL.LOG
UltraISO V6.52 SR-2 --> G:\utilities\UltraISO\unins000.exe
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Visual Pinball --> MsiExec.exe /I{B36C4994-A563-4339-8754-CCCE51314A4C}
WaveLab Lite --> "G:\utilities\Steinberg\WaveLab Lite\Uninstall.exe" "G:\utilities\Steinberg\WaveLab Lite\install.log"
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Wicked Atmega Loader --> G:\WINDOWS\st6unst.exe -n "c:\BELL\Atmega Loader\ST6UNST.LOG"
Wicked Atmega Loader (j:\Atmega Loader\) --> G:\WINDOWS\st6unst.exe -n "j:\Atmega Loader\ST6UNST.LOG"
Winamp (remove only) --> "G:\utlities\Winamp\UninstWA.exe"
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "G:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> G:\Utilities\Winrar3.3\uninstall.exe
XoftSpySE --> G:\utilities\XoftSpySE\uninstall.exe
XVID MPEG-4 CODEC --> G:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 G:\WINDOWS\inf\xvid.inf
XviD MPEG-4 Video Codec --> G:\Utilities\XviD\unins000.exe
-- Application Event Log
Event ID #45521: Warning
Event Submitted/Written: 08/04/2007 10:30:02 AM
Event Source: Userenv
Event Description:
Windows saved user RANDY-NEW\Randy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Event ID #45520: Error
Event Submitted/Written: 08/03/2007 11:17:13 PM
Event Source: Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shdocvw.dll, version 6.0.2900.3121, fault address 0x00018d53.
Processing media-specific event for [iexplore.exe!ws!]
Event ID #45519: Error
Event Submitted/Written: 08/03/2007 06:55:25 PM
Event Source: Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event ID #45513: Warning
Event Submitted/Written: 08/03/2007 08:30:52 AM
Event Source: Userenv
Event Description:
Windows saved user RANDY-NEW\Randy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Event ID #45502: Error
Event Submitted/Written: 08/01/2007 07:11:22 PM
Event Source: Application Hang
Event Description:
Hanging application ntvdm.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event ID #91046: Warning
Event Submitted/Written: 08/06/2007 02:07:04 PM
Event Source: Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E02954A06C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event ID #91045: Warning
Event Submitted/Written: 08/06/2007 02:06:31 PM
Event Source: Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E02954A06C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event ID #91044: Warning
Event Submitted/Written: 08/06/2007 02:05:28 PM
Event Source: Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E02954A06C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event ID #91043: Warning
Event Submitted/Written: 08/06/2007 02:03:22 PM
Event Source: Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E02954A06C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event ID #91042: Warning
Event Submitted/Written: 08/06/2007 01:59:06 PM
Event Source: Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E02954A06C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2007-08-06 at 16:34:40
You should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
- Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
( 2 )(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please download Combofix to your desktop.
- Double click on Combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallhere are the logs Report.txt and new HijackThis log....
please find part (2) in next log...
SDFix: Version 1.96
Run by Randy on Wed 08/08/2007 at 04:21 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: G:\UTILIT~1\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
G:\WINDOWS\hkr32.asm - Deleted
Removing Temp Files...
ADS Check:
G:\WINDOWS
No streams found.
G:\WINDOWS\system32
No streams found.
G:\WINDOWS\system32\svchost.exe
No streams found.
G:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"G:\\Utilities\\BitTorrent\\bittorrent.exe"="G:\\Utilities\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"G:\\WINDOWS\\System32\\vssms32.exe"="G:\\WINDOWS\\System32\\vssms32.exe:*:Enabled:Dnode"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Mirc\\mirc.exe"="C:\\Mirc\\mirc.exe:*:Enabled:mIRC"
"G:\\Program Files\\MSN Messenger\\msnmsgr.exe"="G:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"G:\\Utilities\\BitComet070\\BitComet.exe"="G:\\Utilities\\BitComet070\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"G:\\Utilities\\iTunes\\iTunes.exe"="G:\\Utilities\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"G:\\Utilities\\InterVideo\\DVD7\\WinDVD.exe"="G:\\Utilities\\InterVideo\\DVD7\\WinDVD.exe:*:Enabled:WinDVD"
"G:\\Utilities\\FlashFXP\\FlashFXP.exe"="G:\\Utilities\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP"
"F:\\Appz\\utorrent.exe"="F:\\Appz\\utorrent.exe:*:Enabled:utorrent"
"G:\\Utilities\\BearShare\\BearShare.exe"="G:\\Utilities\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"G:\\Utilities\\AVG7\\avgw.exe"="G:\\Utilities\\AVG7\\avgw.exe:*:Enabled:AVG Anti-Virus for Windows"
"G:\\Utilities\\AVG7\\avgcc.exe"="G:\\Utilities\\AVG7\\avgcc.exe:*:Enabled:AVG Control Center"
"G:\\Utilities\\Grisoft\\AVG7\\avginet.exe"="G:\\Utilities\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"G:\\Utilities\\Grisoft\\AVG7\\avgamsvr.exe"="G:\\Utilities\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"G:\\Utilities\\Grisoft\\AVG7\\avgcc.exe"="G:\\Utilities\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"G:\\Utilities\\Grisoft\\AVG7\\avgemc.exe"="G:\\Utilities\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"G:\\WINDOWS\\ServicePackFiles\\i386\\rtcshare.exe"="G:\\WINDOWS\\ServicePackFiles\\i386\\rtcshare.exe:*:Enabled:RTC App Sharing"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\Program Files\\MSN Messenger\\msnmsgr.exe"="G:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
Remaining Files:
Backups Folder: - G:\UTILIT~1\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
G:\WINDOWS\twain.dll
G:\WINDOWS\twain_32.dll
G:\WINDOWS\Twunk_16.dll
G:\WINDOWS\Twunk_32.dll
G:\WINDOWS\system32\msvcirt.dll
G:\WINDOWS\system32\msvcp60.dll
G:\WINDOWS\system32\oleaut32.dll
G:\Program Files\messenger\msmsgs.exe
G:\Program Files\Windows Media Player\mplayer2.exe
G:\Program Files\Windows Media Player\wmplayer.exe
G:\Utilities\IsoBuster\Help\AHlp.exe
G:\WINDOWS\system32\regsvr32.exe
G:\Deckard\System Scanner\backup\DOCUME~1\Randy\LOCALS~1\Temp\BIT3E.tmp
G:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
G:\WINDOWS\system32\config\default.tmp.LOG
G:\WINDOWS\system32\config\software.tmp.LOG
G:\WINDOWS\system32\config\system.tmp.LOG
Finished
Logfile of HijackThis v1.99.1
Scan saved at 4:36:09 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\System32\svchost.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nforce.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 G:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.205 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\#SharedObjects\QJXVNBJR\iforex.com
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\#SharedObjects\QJXVNBJR\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\#SharedObjects\QJXVNBJR\www.broadcaster.com
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\#SharedObjects\QJXVNBJR\www.broadcaster.com\played_list.sol
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\#SharedObjects\QJXVNBJR\www.broadcaster.com\video_queue.sol
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
G:\DOCUME~1\Randy\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
G:\Program Files\Common Files\{34984~1
G:\Program Files\Common Files\{54984~1
G:\WINDOWS\system32\drivers\sfsync03.sys
G:\WINDOWS\system32\npdxufyd.exe
G:\WINDOWS\system32\redirect.dll
G:\WINDOWS\system32\wsnpoem
G:\WINDOWS\system32\wsnpoem\audio.dll.cla
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
\LEGACY_SFSYNC03
\sfsync03
((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))
2007-08-08 16:37 51,200 --a
G:\WINDOWS\nircmd.exe
2007-08-08 16:19 <DIR> d
G:\WINDOWS\ERUNT
2007-08-06 16:30 <DIR> d
G:\Deckard
2007-08-03 08:35 <DIR> d
G:\DOCUME~1\Randy\DoctorWeb
2007-08-03 01:23 <DIR> d
G:\Program Files\DssEvolution.com
2007-07-29 15:48 <DIR> d
G:\Personal Colour Viewer 2.0
2007-07-29 15:33 <DIR> d
G:\Colour Viewer 2.0
2007-07-25 18:33 520,192
G:\WINDOWS\system32\ati2sgag.exe
2007-07-25 18:33 <DIR> d
G:\Program Files\ATI Technologies
2007-07-25 18:26 1,408,000 --a--c--- G:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-07-25 18:26 1,408,000 --a
G:\WINDOWS\system32\ativvaxx.dll
2007-07-25 18:25 870,784 --a--c--- G:\WINDOWS\system32\dllcache\ati3d1ag.dll
2007-07-25 18:25 870,784 --a
G:\WINDOWS\system32\ati3d1ag.dll
2007-07-25 18:25 377,984 --a--c--- G:\WINDOWS\system32\dllcache\ati2dvaa.dll
2007-07-25 18:25 377,984 --a
G:\WINDOWS\system32\ati2dvaa.dll
2007-07-25 18:25 32,768 --a--c--- G:\WINDOWS\system32\dllcache\ativtmxx.dll
2007-07-25 18:25 32,768 --a
G:\WINDOWS\system32\ativtmxx.dll
2007-07-25 18:25 282,624 --a--c--- G:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-07-25 18:25 282,624 --a
G:\WINDOWS\system32\ati2cqag.dll
2007-07-25 18:25 2,693,280 --a--c--- G:\WINDOWS\system32\dllcache\ati3duag.dll
2007-07-25 18:25 2,693,280 --a
G:\WINDOWS\system32\ati3duag.dll
2007-07-17 18:12 <DIR> d
G:\Program Files\PokerRoom.com
2007-07-12 23:57 <DIR> d
G:\DOCUME~1\Randy\APPLIC~1\SIZE BLEH HELP
2007-07-12 23:57 <DIR> d
G:\DOCUME~1\ALLUSE~1\APPLIC~1\Mapi Aim Book Less
2007-07-09 22:39 264 --a
G:\WINDOWS\system32\winsusrm.dll
2007-07-09 09:38 <DIR> d-a
G:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-08 21:33 <DIR> d
G:\DOCUME~1\Randy\APPLIC~1\DVDFab
2007-07-08 20:37 87,608 --a
G:\DOCUME~1\Randy\APPLIC~1\inst.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-12-09 01:32 87040 --a
G:\WINDOWS\system32\ra32sipr.dll
2007-12-09 01:32 85504 --a
G:\WINDOWS\system32\encdnet.dll
2007-12-09 01:32 81920 --a
G:\WINDOWS\system32\ra3214_4.dll
2007-12-09 01:32 72704 --a
G:\WINDOWS\system32\ra3228_8.dll
2007-12-09 01:32 61952 --a
G:\WINDOWS\system32\decdnet.dll
2007-12-09 01:32 487936 --a
G:\WINDOWS\system32\rmbe3260.dll
2007-12-09 01:32 352768 --a
G:\WINDOWS\system32\pngu3263.dll
2007-12-09 01:32 21504 --a
G:\WINDOWS\system32\ra32dnet.dll
2007-12-09 01:32 131072 --a
G:\WINDOWS\system32\pneng50.dll
2007-12-09 01:32 130560 --a
G:\WINDOWS\system32\pnc3250.dll
2007-08-07 15:10
d
G:\Program Files\PokerStars
2007-08-06 22:11 73216 --a
G:\WINDOWS\ST6UNST.EXE
2007-08-06 22:11 249856
G:\WINDOWS\Setup1.exe
2007-08-04 20:54
d
G:\Program Files\CarbonPoker
2007-07-27 08:47
d
G:\DOCUME~1\Randy\APPLIC~1\Vso
2007-07-27 08:45 47360 --a
G:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-27 08:45 47360 --a
G:\DOCUME~1\Randy\APPLIC~1\pcouffin.sys
2007-07-25 18:40
d
G:\DOCUME~1\Randy\APPLIC~1\ATI
2007-07-19 19:06 2256 --a
G:\WINDOWS\current_settings.bin
2007-07-19 17:24
d
G:\Program Files\Absolute Poker
2007-07-19 15:08
d
G:\Program Files\Full Tilt Poker
2007-07-12 16:32
d
G:\Program Files\Common Files\Symantec Shared
2007-07-11 17:30
d
G:\Program Files\UltimateBet
2007-07-11 16:45 2144 --a
G:\WINDOWS\system32\tmp.reg
2007-07-09 15:53 424 --a
G:\delete.bat
2007-07-06 00:28 81920 --a
G:\WINDOWS\system32\GiveioIns.dll
2007-07-06 00:28 294912 --a
G:\WINDOWS\system32\N2meProg.dll
2007-06-28 17:46 40 --a
G:\WINDOWS\system32\uppim.dll
2007-06-27 03:15
d
G:\Program Files\Windows Media Connect 2
2007-06-14 21:43
d
G:\DOCUME~1\Randy\APPLIC~1\RipIt4Me
2007-06-11 12:45
d--h
G:\Program Files\InstallShield Installation Information
2007-05-16 11:12 86528
c--- G:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504
c--- G:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a
G:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520
c--- G:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976
c--- G:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816
c--- G:\WINDOWS\system32\dllcache\msoe.dll
2007-01-28 22:35 87608 --a
G:\DOCUME~1\Randy\APPLIC~1\ezpinst.exe
2006-06-29 20:39 32696
G:\DOCUME~1\Randy\APPLIC~1\GDIPFONTCACHEV1.DAT
2004-08-04 03:56 93184 --a
G:\Program Files\iexplore.exe
2003-08-27 14:19 36963 -r
G:\Program Files\Common Files\SM1updtr.dll
2001-08-23 12:00:00 94,784 -csh--w G:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w G:\WINDOWS\twain_32.dll
2004-08-20 03:26:54 1,216 -csh--w G:\WINDOWS\Twunk_16.dll
2004-08-20 03:26:54 1,216 -csh--w G:\WINDOWS\Twunk_32.dll
2004-08-04 07:56:43 54,784 --sh--w G:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sha-w G:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56:44 553,472 --sh--w G:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56:55 11,776 --sh--w G:\WINDOWS\system32\regsvr32.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2005-10-21 18:27]
"AVG7_CC"="G:\UTILIT~1\Grisoft\AVG7\avgcc.exe" [2007-05-21 08:47]
"NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Google Desktop Search"="G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-06 02:04]
"PSDrvCheck"="G:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06]
"ATICCC"="G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"updateMgr"="G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 14:26]
G:\Documents and Settings\Randy\Start Menu\Programs\Startup\
Poppy for Windows.lnk - G:\Utilities\Poppy\Poppy.exe [2006-08-04 01:14:24]
G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Google Updater.lnk - G:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-11 14:26:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
WgaLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=G:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=G:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"g:\utilities\HP Camera Software\Photo Imaging\Hpi_Monitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"G:\utilities\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"C-DillaCdaC11BA"=2 (0x2)
R0 prohlp02;StarForce Protection Helper Driver v2;G:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;G:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;G:\WINDOWS\system32\drivers\sfhlp01.sys
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);G:\WINDOWS\system32\drivers\sfvfs02.sys
R1 kid_sys;Kensington Input Devices Class filter driver;G:\WINDOWS\system32\drivers\KID_SYS.sys
R1 NTIDrvr;Upper Class Filter Driver;G:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R1 oxmf;OXPCI Bus enumerator;G:\WINDOWS\system32\DRIVERS\oxmf.sys
R1 oxser;OX16C95x Serial port driver;G:\WINDOWS\system32\DRIVERS\oxser.sys
R1 PCLEPCI;PCLEPCI;\??\G:\WINDOWS\System32\drivers\pclepci.sys
R1 prodrv06;StarForce Protection Environment Driver v6;G:\WINDOWS\system32\drivers\prodrv06.sys
R1 Udfreadr_xp;Udfreadr_xp;G:\WINDOWS\system32\drivers\Udfreadr_xp.sys
R2 CdaC15BA;CdaC15BA;\??\G:\WINDOWS\System32\drivers\CdaC15BA.SYS
R2 CDRPDACC;Arrowkey Device Access;\??\G:\utilities\Shared\CDRPDACC.SYS
R2 NWCWorkstation;Client Service for NetWare;G:\WINDOWS\System32\svchost.exe -k netsvcs
R2 Sentinel;Sentinel;G:\WINDOWS\system32\Drivers\SENTINEL.SYS
R3 EPPSCSIx;EPPSCSI Driver;G:\WINDOWS\system32\DRIVERS\EPPSCAN.sys
R3 MarvinBus;Pinnacle Marvin Bus;G:\WINDOWS\system32\DRIVERS\MarvinBus.sys
R3 NWRDR;NetWare Rdr;G:\WINDOWS\system32\DRIVERS\nwrdr.sys
R3 Oxmfuf;Filter driver for OX16PCI954 ports;G:\WINDOWS\system32\DRIVERS\oxmfuf.sys
R3 Pcouffin;VSO Software pcouffin;G:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;G:\WINDOWS\system32\DRIVERS\SMC1211.SYS
R3 vulfntrs;VIA USB Roothub Lower Filter;G:\WINDOWS\system32\Drivers\vulfntr.sys
R3 WISTechVIDCAP;ADS DVD XPRESS DX2;G:\WINDOWS\system32\drivers\wisgostrm.sys
S0 xmasbus;xmasbus;G:\WINDOWS\system32\DRIVERS\xmasbus.sys
S0 xmasscsi;xmasscsi;G:\WINDOWS\system32\Drivers\xmasscsi.sys
S1 cdudf_xp;cdudf_xp;G:\WINDOWS\system32\drivers\cdudf_xp.sys
S2 windev-660f-554d;windev-660f-554d;\??\G:\WINDOWS\system32\windev-660f-554d.sys
S3 DtvAudio;DtvAudio;G:\WINDOWS\system32\DRIVERS\DtvAudio.sys
S3 DtvVideo;DtvVideo;G:\WINDOWS\system32\DRIVERS\DtvVideo.sys
S3 Dvd43;Dvd43;G:\WINDOWS\system32\DRIVERS\Dvd43.sys
S3 dvd43llh;dvd43llh;G:\WINDOWS\system32\DRIVERS\dvd43llh.sys
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS
S3 LPDSVC;TCP/IP Print Server;G:\WINDOWS\System32\tcpsvcs.exe
S3 ntgrip;Gravis GamePort device driver;G:\WINDOWS\system32\drivers\ntgrip.sys
S3 ntxpgp;Gravis Xperience GamePort device driver;G:\WINDOWS\system32\drivers\ntxpgp.sys
S3 VPNET;DTVNet Ethernet Controller;G:\WINDOWS\system32\DRIVERS\DTVNet.sys
S3 vulfnths;VIA USB Host Controller Lower Filter;G:\WINDOWS\system32\Drivers\vulfnth.sys
S4 Cdr4_xp;Cdr4_xp;G:\WINDOWS\system32\drivers\Cdr4_xp.sys
Contents of the 'Scheduled Tasks' folder
2007-08-08 20:44:45 G:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-04 14:09:57 G:\WINDOWS\Tasks\XoftSpySE.job - G:\utilities\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 16:45:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000007b
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-08 16:47:50 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 2007-08-08 16:47
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 4:49:59 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\devldr32.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\System32\svchost.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
You should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.
Please download AboutBuster 6.0
Then unzip all files from the zip folder to a folder or your desktop. Start it by double-clicking on the aboutbuster.exe icon and then click on the Update button to check for new updates. If any updates exist, please install them. Exit AboutBuster and reboot into safe mode.
Once in safe mode double-click on the aboutbuster.exe icon again and click on the Begin Removal button. When it has finished scanning you will see a message stating that the Scan Completed and you should press OK. When the next information window opens press the Exit button. Then finally press the OK button again when it tells you a log has been saved.
( 2 )
Please download NoLop and save it to your desktop.
alternate download link 1
alternate download link 2
- First close any other programs you have running as this will require a reboot.
- Double click NoLop.exe to run it.
- Now click the button labeled "Search and Destroy"
- When scanning is finished you will be prompted to reboot only if infected. Click OK.
- Now click the "REBOOT" button.
- A Message should popup from NoLop. If not, double click the program again and it will finish.
- Please post the contents of C:\NoLop.log along with a fresh HijackThis log in your next reply.
--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..<<your computer will now be scanned for infected files>>
Please Post About:Buster Log & C:\Nolop.log
Please Note: any existing old logs will have now been renamed to NoLop!OLD.log
Fix running from: K:\
[8/9/2007]
[4:11:21 PM]
---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.
---Listing AppData sub directories---
G:\Documents and Settings\Administrator\Application Data\Microsoft
G:\Documents and Settings\All Users\Application Data\1.0.0.0 -- EMPTY Directory
G:\Documents and Settings\All Users\Application Data\Acd Systems
G:\Documents and Settings\All Users\Application Data\Adobe
G:\Documents and Settings\All Users\Application Data\Agn
G:\Documents and Settings\All Users\Application Data\Apple Computer
G:\Documents and Settings\All Users\Application Data\Arcsoft
G:\Documents and Settings\All Users\Application Data\Avg7
G:\Documents and Settings\All Users\Application Data\Cyberlink
G:\Documents and Settings\All Users\Application Data\Dvd Shrink
G:\Documents and Settings\All Users\Application Data\Goland
G:\Documents and Settings\All Users\Application Data\Google
G:\Documents and Settings\All Users\Application Data\Google Updater
G:\Documents and Settings\All Users\Application Data\Grisoft
G:\Documents and Settings\All Users\Application Data\Hp
G:\Documents and Settings\All Users\Application Data\Installshield
G:\Documents and Settings\All Users\Application Data\Invoice2go
G:\Documents and Settings\All Users\Application Data\Links 2003
G:\Documents and Settings\All Users\Application Data\Macrovision
G:\Documents and Settings\All Users\Application Data\Mapi Aim Book Less -- EMPTY Directory
G:\Documents and Settings\All Users\Application Data\Microsoft
G:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
G:\Documents and Settings\All Users\Application Data\Msn6
G:\Documents and Settings\All Users\Application Data\N2edit
G:\Documents and Settings\All Users\Application Data\Napster
G:\Documents and Settings\All Users\Application Data\Pinnacle
G:\Documents and Settings\All Users\Application Data\Quicktime
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
G:\Documents and Settings\All Users\Application Data\Symantec
G:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
G:\Documents and Settings\All Users\Application Data\Ulead Systems
G:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
G:\Documents and Settings\All Users\Application Data\{fbda53f5-763e-4114-a576-612e9769c133}
G:\Documents and Settings\Default User\Application Data\Microsoft
G:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
G:\Documents and Settings\Localservice\Application Data\Microsoft
G:\Documents and Settings\Localservice\Application Data\Symantec
G:\Documents and Settings\Networkservice\Application Data\Microsoft
G:\Documents and Settings\Randy\Application Data\.bittornado
G:\Documents and Settings\Randy\Application Data\.bittorrent
G:\Documents and Settings\Randy\Application Data\Acd Systems
G:\Documents and Settings\Randy\Application Data\Adobe
G:\Documents and Settings\Randy\Application Data\Adobeum
G:\Documents and Settings\Randy\Application Data\Ahead
G:\Documents and Settings\Randy\Application Data\Apple Computer
G:\Documents and Settings\Randy\Application Data\Arcsoft
G:\Documents and Settings\Randy\Application Data\Ati
G:\Documents and Settings\Randy\Application Data\Avg7
G:\Documents and Settings\Randy\Application Data\Azureus
G:\Documents and Settings\Randy\Application Data\Develcor
G:\Documents and Settings\Randy\Application Data\Divx
G:\Documents and Settings\Randy\Application Data\Dvdcss
G:\Documents and Settings\Randy\Application Data\Dvdfab
G:\Documents and Settings\Randy\Application Data\Epson
G:\Documents and Settings\Randy\Application Data\Google
G:\Documents and Settings\Randy\Application Data\Help
G:\Documents and Settings\Randy\Application Data\Intervideo
G:\Documents and Settings\Randy\Application Data\Isolatedstorage
G:\Documents and Settings\Randy\Application Data\Kazaa Lite
G:\Documents and Settings\Randy\Application Data\Lavasoft
G:\Documents and Settings\Randy\Application Data\Leadertech
G:\Documents and Settings\Randy\Application Data\Lycos -- EMPTY Directory
G:\Documents and Settings\Randy\Application Data\Lycos(2)
G:\Documents and Settings\Randy\Application Data\Macromedia
G:\Documents and Settings\Randy\Application Data\Media Player Classic
G:\Documents and Settings\Randy\Application Data\Microgaming
G:\Documents and Settings\Randy\Application Data\Microsoft
G:\Documents and Settings\Randy\Application Data\Mozilla
G:\Documents and Settings\Randy\Application Data\Msn6 -- EMPTY Directory
G:\Documents and Settings\Randy\Application Data\Nut4pokrr
G:\Documents and Settings\Randy\Application Data\Real
G:\Documents and Settings\Randy\Application Data\Ripit4me
G:\Documents and Settings\Randy\Application Data\Roxio
G:\Documents and Settings\Randy\Application Data\Serif
G:\Documents and Settings\Randy\Application Data\Seven Zip
G:\Documents and Settings\Randy\Application Data\Share-to-web Upload Folder -- EMPTY Directory
G:\Documents and Settings\Randy\Application Data\Size Bleh Help -- EMPTY Directory
G:\Documents and Settings\Randy\Application Data\Steinberg
G:\Documents and Settings\Randy\Application Data\Sun
G:\Documents and Settings\Randy\Application Data\Symantec
G:\Documents and Settings\Randy\Application Data\Talkback
G:\Documents and Settings\Randy\Application Data\Ulead Systems
G:\Documents and Settings\Randy\Application Data\Utorrent
G:\Documents and Settings\Randy\Application Data\Vso -- EMPTY Directory
G:\Documents and Settings\Randy\Application Data\Wholesecurity
Logfile of HijackThis v1.99.1
Scan saved at 4:15:43 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\WINDOWS\system32\devldr32.exe
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
AboutBuster 6.07
Scan started on [8/9/2007] at [3:55:57 PM]
G:\WINDOWS\ymtca.dat
G:\WINDOWS\system32\ekois.dat
G:\WINDOWS\system32\giuqt.log
G:\WINDOWS\system32\gkigo.txt
G:\WINDOWS\system32\iiplm.dat
G:\WINDOWS\system32\uuurn.dat
Scan was COMPLETED SUCCESSFULLY at 3:58:04 PM
AboutBuster 6.07
Scan started on [8/9/2007] at [4:03:04 PM]
G:\WINDOWS\ymtca.dat
G:\WINDOWS\system32\ekois.dat
G:\WINDOWS\system32\giuqt.log
G:\WINDOWS\system32\gkigo.txt
G:\WINDOWS\system32\iiplm.dat
G:\WINDOWS\system32\uuurn.dat
Scan was COMPLETED SUCCESSFULLY at 4:06:49 PM
( 1 )
Now, Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
G:\Documents and Settings\All Users\Application Data\Mapi Aim Book Less
G:\Documents and Settings\Randy\Application Data\Size Bleh Help
( 2 )
Have you installes any of those Poker programs on your system?
If not you are able to remove them via Add/Remove Programs.
This is how you do it, Go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
UltimateBet
Absolute Poker
Party Poker
Carbon poker Anything Related to poker.
Lines Colored With darkblue are all optional to fix, you decide.
Please open HiJackThis and scan. Check the boxes next to all the entries listed below
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - G:\Documents and Settings\Randy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - G:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis
( 3 )
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Once the scan is complete do the following:
Logfile of HijackThis v1.99.1
Scan saved at 1:25:01 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\UTILIT~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\WINDOWS\system32\devldr32.exe
G:\Utilities\Poppy\Poppy.exe
G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\Utilities\BitComet070\BitComet.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nforce.nl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://G:\utilities\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\Utilities\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O15 - Trusted Zone: http://virtualearth.msn.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF295EE-1837-44AE-8D4C-72F84DE3C942}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
o If it wants to install an ActiveX component allow ito It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
o When download is complete, click on My Computer to start the scan
o When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report
Incident Status Location
Spyware:spyware/whazit Not disinfected g:\windows\system32\fiz1
Adware:adware/virtualbouncer Not disinfected g:\windows\system32\INNERADINSTALL.LOG
Adware:adware/searchaid Not disinfected g:\windows\system32\sdkwk32.exe
Adware:adware/sbsoft Not disinfected g:\windows\downloaded program files\webdlg32.inf
Spyware:spyware/betterinet Not disinfected g:\windows\inf\biini.inf
Adware:adware/twain-tech Not disinfected g:\windows\satmat.ini
Adware:adware/ncase Not disinfected g:\windows\system32\FLEOK
Adware:adware/sidesearch Not disinfected G:\Documents and Settings\Randy\Application Data\Lycos
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/slagent Not disinfected Windows Registry
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@ads.gorillanation[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@atwola[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@ccbill[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@did-it[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@go[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@kinghost[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@offeroptimizer[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@outster[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@pop.mircx[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@smni[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Cookies\randy@xiti[1].txt
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bi.inf
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bi5.inf
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\biini.inf
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\flashtlk.inf
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~apropos0\setup.inf
Hacktool:Hacktool/PatchTCPSP2 Not disinfected C:\Mirc\download\Hackers_toolkit_2005.zip[Hackers_toolkit_2005/appz/Cracks/HellLabs Proxy Checker v7.4.18/Parche Win XP-2000/patch211.zip][patch211/EvID4226Patch.exe]
Potentially unwanted tool:Application/GoldenEye Not disinfected C:\Mirc\download\Hackers_toolkit_2005.zip[Hackers_toolkit_2005/appz/Golden eye 2005/gesetup.exe]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\a.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\bq.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\dc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\du.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\i.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\j.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\p.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\q.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\s.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\t.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\EbatesMoeMoneyMaker\System\Code\u.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\a.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\b.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\ba.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\be.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bg.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\bh.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bi.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bj.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\bk.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\bo.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\bp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\br.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bw.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\by.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\bz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\c.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\ca.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\ce.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cg.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\ch.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\ci.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cj.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\ck.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cn.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\co.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cp.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\cq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\cr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cs.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\ct.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\cx.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\cz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\d.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\da.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\db.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\dc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\dd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\de.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\df.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\di.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\dl.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\dn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\dp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\dr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\ds.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\dt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\du.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\dv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\dw.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\dy.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\dz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\ed.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\f.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\h.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\i.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\j.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\l.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\m.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\GroksterSupport\System\Code\n.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\p.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\q.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\r.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\s.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\t.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\u.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\w.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\GroksterSupport\System\Code\x.class
Adware:Adware/SideSearch Not disinfected C:\Program Files\Lycos\Sidesearch\Offline.htm
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\a.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\b.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\ba.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\be.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bg.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\bh.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bi.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bj.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\bk.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\bo.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\bp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\br.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bw.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\by.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\bz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\c.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\ca.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\ce.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cg.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\ch.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\ci.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cj.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\ck.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cn.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\co.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cp.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\cq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\cr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cs.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\ct.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\cx.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\cz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\d.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\da.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\db.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\dc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\dd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\de.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\df.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\di.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\dl.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\dn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\dp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\dr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\ds.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\dt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\du.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\dv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\dw.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\dy.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\dz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\ed.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\f.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\h.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\i.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\j.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\l.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\m.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\n.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\p.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\q.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\r.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\s.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\t.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\u.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\w.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\websearch\System\Code\x.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\websearch\System\Code\y.class
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi5.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\flashtlk.inf
Spyware:Spyware/Apropos Not disinfected C:\WINDOWS\system32\auto_update_uninstall.log
Potentially unwanted tool:Application/Processor Not disinfected F:\Appz\Zami Computer fix files\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected F:\Appz\Zami Computer fix files\SmitfraudFix\restart.exe
Spyware:Cookie/DriveCleaner Not disinfected G:\Deckard\System Scanner\backup\DOCUME~1\Randy\LOCALS~1\Temp\Cookies\randy@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected G:\Deckard\System Scanner\backup\DOCUME~1\Randy\LOCALS~1\Temp\Cookies\randy@errorsafe[1].txt
Spyware:Cookie/DriveCleaner Not disinfected G:\Deckard\System Scanner\backup\DOCUME~1\Randy\LOCALS~1\Temp\Cookies\randy@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected G:\Deckard\System Scanner\backup\DOCUME~1\Randy\LOCALS~1\Temp\Cookies\randy@www.drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected G:\Deckard\System Scanner\backup\DOCUME~1\Randy\LOCALS~1\Temp\Cookies\randy@www.errorsafe[1].txt
Adware:Adware/VideoActiveXObject Not disinfected G:\Deckard\System Scanner\backup\DOCUME~1\Randy\LOCALS~1\Temp\temp.frECA0\iesunst.exe
Adware:Adware/VideoActiveXObject Not disinfected G:\Deckard\System Scanner\backup\DOCUME~1\Randy\LOCALS~1\Temp\temp.frECA0\uninst.exe
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/adultfriendfinder Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.apmebf.com/]
Spyware:Cookie/Xiti Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.xiti.com/]
Spyware:Cookie/Humanclick Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[hc2.humanclick.com/hc/57349262]
Spyware:Cookie/Humanclick Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/DriveCleaner Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/ErrorSafe Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Go Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.go.com/]
Spyware:Cookie/bravenetA Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.bravenet.com/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.pacificpoker.com/]
Spyware:Cookie/Toplist Not disinfected G:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\default.kps\cookies.txt[.toplist.cz/]
Spyware:Cookie/888 Not disinfected G:\Documents and Settings\Randy\Cookies\randy@888[2].txt
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\Randy\Cookies\randy@ad.yieldmanager[2].txt
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\Randy\Cookies\randy@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected G:\Documents and Settings\Randy\Cookies\randy@burstnet[2].txt
Spyware:Cookie/Barelylegal Not disinfected G:\Documents and Settings\Randy\Cookies\randy@c.fsx[1].txt
Spyware:Cookie/Casalemedia Not disinfected G:\Documents and Settings\Randy\Cookies\randy@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected G:\Documents and Settings\Randy\Cookies\randy@ccbill[1].txt
Spyware:Cookie/Cd Freaks Not disinfected G:\Documents and Settings\Randy\Cookies\randy@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected G:\Documents and Settings\Randy\Cookies\randy@club.cdfreaks[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected G:\Documents and Settings\Randy\Cookies\randy@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected G:\Documents and Settings\Randy\Cookies\randy@go[1].txt
Spyware:Cookie/Go Not disinfected G:\Documents and Settings\Randy\Cookies\randy@go[2].txt
Spyware:Cookie/Malwarewipe Not disinfected G:\Documents and Settings\Randy\Cookies\randy@malwarewiped[2].txt
Spyware:Cookie/RealMedia Not disinfected G:\Documents and Settings\Randy\Cookies\randy@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\Randy\Cookies\randy@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected G:\Documents and Settings\Randy\Cookies\randy@statcounter[2].txt
Spyware:Cookie/Toplist Not disinfected G:\Documents and Settings\Randy\Cookies\randy@toplist[2].txt
Spyware:Cookie/Xiti Not disinfected G:\Documents and Settings\Randy\Cookies\randy@xiti[2].txt
Spyware:Cookie/Zedo Not disinfected G:\Documents and Settings\Randy\Cookies\randy@zedo[1].txt
Potentially unwanted tool:Application/BrilliantDigital Not disinfected G:\Program Files\KaZaA Lite\bdcore.dll
Adware:Adware/SideSearch Not disinfected G:\Program Files\Lycos(2)\Sidesearch(2)\offline.htm
Potentially unwanted tool:Application/BrilliantDigital Not disinfected G:\RECYCLED\Dg3\BDCORE.DLL
Potentially unwanted tool:Application/BrilliantDigital Not disinfected G:\RECYCLED\Dg5\bdcore.dll
Potentially unwanted tool:Application/iWon Not disinfected G:\Utilities\Hijackthis\backups\backup-20070412-164826-308.inf
Potentially unwanted tool:Application/Processor Not disinfected G:\Utilities\SDFix\SDFix\apps\Process.exe
Adware:Adware/Cydoor Not disinfected G:\UTILITY\LIMEWIRE\24~1.4\CYDOOR~1.EXE
Spyware:Spyware/BetterInet Not disinfected G:\WINDOWS\inf\satmat.inf
Potentially unwanted tool:Application/NirCmd.A Not disinfected G:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected K:\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected K:\SDFix.exe[SDFix\apps\Process.exe]
Hacktool:HackTool/CrackSearch.A Not disinfected Local Folders\Deleted Items\Re: ECM\CrackSearcher.exe
Hacktool:HackTool/CrackSearch.A Not disinfected Local Folders\Deleted Items\from Randy\CrackSearcher.exe
Hacktool:HackTool/CrackSearch.A Not disinfected Local Folders\Deleted Items\searcher\Searcher.exe
Save this as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Let me know the result of combofix.
Also Re-run panda acitve scan.
You can attach the logfile into your message.
Thanks.
ComboFix 07-08-07.6 - "Randy" 2007-08-15 23:21:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.160 [GMT -4:00]
Command switches used :: K:\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\inf\bi.inf
C:\WINDOWS\inf\bi5.inf
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\inf\flashtlk.inf
C:\WINDOWS\system32\auto_update_uninstall.log
g:\windows\system32\INNERADINSTALL.LOG
g:\windows\system32\sdkwk32.exe
g:\windows\downloaded program files\webdlg32.inf
g:\windows\inf\biini.inf
g:\windows\satmat.ini
C:\Mirc\download\Hackers_toolkit_2005.zip
G:\WINDOWS\inf\satmat.inf
G:\WINDOWS\nircmd.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\2513d2.DLL
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Corecomp.ini
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Ctl3d32.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IsUninst.Exe
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\license.txt
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\value.shl
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\_wa3chksum
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\equalizer-winshade\window-elements.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\equalizer\window-elements.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\player-winshade\background.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\player-winshade\window-elements.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\player\numfont.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\player\window-elements.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\playlist\window-elements.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\screenshot.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\scripts\center.m
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\scripts\center.maki
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\scripts\firststart.m
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\scripts\firststart.maki
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\scripts\hide.m
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\scripts\hide.maki
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\scripts\main.m
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\scripts\main.maki
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\skin.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\video\logo.png
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\color-presets.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\eq-advanced-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\eq-advanced.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\eq-elements.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\eq-normal-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\eq-normal.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\eq-shade-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\eq-shade.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\eq.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\player-elements.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\player-normal-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\player-normal.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\player-shade-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\player-shade.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\player.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-elements.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-normal-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-normal.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-shade-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-shade.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\pledit.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\studio.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\thinger.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\tooltip.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\video-elements.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\video-normal-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\video-normal.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\video-shade-group.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\video-shade.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\_wa3sktmp\Default\xml\video.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{542130F7-CAB0-4070-A707-15177761FBB8}.htm
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\_IsRes.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd1.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd10.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd2.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd3.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd4.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd5.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd6.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd7.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd8.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\BBrd9.bmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\default.pal
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\isrt.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\LecSetup.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\license.txt
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\Product.tab
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\setup.ini
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\setup.inx
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\Setup.tab
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\{A1981877-5B9F-4001-A070-A05DD352EA23}\StringTable-0009-English.ips
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\{A5E9FF20-C46F-4019-9237-68B1332F3118}\corecomp.ini
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~148.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~apropos0\atla.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~apropos0\atlw.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~apropos0\setup.inf
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF15E0.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF24E0.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF27D0.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF28B9.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF2A20.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF2CD2.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF2E4E.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF2EB4.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF3157.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF3336.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF365D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF3962.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF3A48.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF3A94.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF3BAC.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF3BE8.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF3E65.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF4611.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF4629.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF4733.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF4CE0.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF522F.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF5819.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF5904.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF5917.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF5F75.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF604A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF618C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF61DD.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6344.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF63C0.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6660.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF669A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6923.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF692F.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF698B.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6B55.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6BEE.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6C95.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6D03.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6DA8.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6DBE.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6DD5.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6E76.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6EB2.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF6F1A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF709C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF730C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF736D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF738E.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF73D5.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF7403.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF75D9.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF768B.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF76D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF77B0.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF77B3.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF7BC9.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF8036.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF8044.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF846E.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF8897.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF8948.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF8A2A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF8EA5.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF91AB.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF945C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF94F6.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF95D2.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF9713.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF9781.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF97AA.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF98AF.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF98E9.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF9A4B.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF9CED.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DF9DB3.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFA064.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFA0A1.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFA665.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFA6C7.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFA75D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFA8D8.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFAE47.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFBFA0.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFBFF3.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFC036.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFC61A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFC88D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFCE21.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFD85F.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFDC30.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFE385.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFE8D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFF7BA.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~DFFC6C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~e5d141.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~MySetup.exe
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~WRD0001.doc
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\~WRS0000.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\51.mpg
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\image1.gif
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\index.html
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\play.asx
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\play.gif
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\PlayerDetection.js
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\replay.gif
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\spacer.gif
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\51.zip\wmp6.html
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\818b.rra
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ACD12.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ACD158.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ACD22.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ACD28.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ACD38.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ACDB1.tmp.wav
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\AutoUpdate0\setup.inf
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bi.inf
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bi5.inf
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\biini.inf
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bundle.inf
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bundletracking.asp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bye1.tmp\Disk1\data1.cab
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bye1.tmp\Disk1\data1.hdr
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bye1.tmp\Disk1\engine32.cab
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bye1.tmp\Disk1\layout.bin
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bye1.tmp\Disk1\setup.boot
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bye1.tmp\Disk1\setup.exe
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\bye1.tmp\Disk1\setup.ini
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\CmdLineExt03.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\control.xml
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\eauninstall.exe
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\filelist.txt
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\flashtlk.inf
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\gain.txt
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\gdA.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\GLF132.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\GLF2D.EXE
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Halo CD-Key.rtf
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\home.url
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ImageReadyTemp.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\isp3E.tmp\_setup.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\isp3F.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ispr8a36.rra
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\ispr8b4f.rra
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\klitekpp241sn-en.eXE
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\kmdb.html
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\memfile.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\mindset1006.sah
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\miracle.nfo
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\MPC10.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\MPC11.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\MPC12.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\MPC17.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\MPC1A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\MPC39.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\MPCA.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\MSSSerif120.fon
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\mun283.exe
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Need For Speed Underground_uninst.exe
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\null.rgn
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\offcln10.log
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Office XP Professional with FrontPage Setup(0001).txt
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Office XP Professional with FrontPage Setup(0001)_Task(0001).txt
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_194.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_38c.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_618.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_62c.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_638.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_670.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_678.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_688.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_694.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_75c.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_7e0.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_9bc.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_a70.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Perflib_Perfdata_f84.dat
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\plf4.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\plf42.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem1.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem10.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem11.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem12.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem13.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem14.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem15.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem16.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem17.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem18.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem19.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem1A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem1B.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem1C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem1D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem1E.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem1F.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem2.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem20.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem21.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem22.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem23.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem24.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem3.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem4.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem5.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem6.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem7.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem8.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem85.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\rem9.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\remA.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\remB.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\remC.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\remD.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\remE.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\remF.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\set1.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\set1C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Set2.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Set3D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\SetC.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\SIntf16.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\SIntf32.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\SIntfNT.dll
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\SuperBarInstall.exe
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tem6.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp34.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp35.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp36.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp37.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp38.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp39.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp3A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp3B.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp3C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp45.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp46.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp69.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp6A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp6B.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\tmp6C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\TWAIN.LOG
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Twain001.Mtx
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Twunk001.MTX
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Twunk002.MTX
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Uninst.exe
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Updater\LogFiles\12-17-03 8 17 PM (full).txt
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\Updater\LogFiles\12-17-03 8 17 PM.txt
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\VBE\MSForms.exd
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\WER8A.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\WER8A.tmp.dir00\IEXPLORE.EXE.mdmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\WER8B.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\WER8B.tmp.dir00\IEXPLORE.EXE.mdmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\WER8C.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\WER8C.tmp.dir00\IEXPLORE.EXE.mdmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\WER8D.tmp
C:\Documents and Settings\Randy.RANDY-JDXWY5915\Local Settings\Temp\WER8D.tmp.dir00\IEXPLORE.EXE.mdmp
C:\Mirc\download\Hackers_toolkit_2005.zip
C:\Program Files\EbatesMoeMoneyMaker
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\merchants.dls
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\Randy\userdata.dls
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\systemdata.dls
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\updates.dls
C:\Program Files\EbatesMoeMoneyMaker\Applications\ebatesver2.dls
C:\Program Files\EbatesMoeMoneyMaker\Applications\Eeid14.dls
C:\Program Files\EbatesMoeMoneyMaker\System\Code\a.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\b.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ba.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bb.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bc.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bd.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\be.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bg.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bh.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bi.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bj.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bk.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bl.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bm.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bn.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bo.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bp.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bq.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\br.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bt.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bu.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bv.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bw.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bx.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\by.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bz.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\c.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ca.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cb.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cc.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cd.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ce.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cf.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cg.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ch.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ci.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cj.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ck.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cl.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cm.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cn.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\co.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cp.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cq.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cr.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cs.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ct.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cu.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cv.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cw.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cx.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cy.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cz.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\d.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\da.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\db.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dc.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dd.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\de.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\df.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dg.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dh.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\di.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dj.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dk.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dl.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dn.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dp.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dq.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dr.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ds.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dt.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\du.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dv.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dw.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dy.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dz.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\e.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ea.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\eb.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ec.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ed.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\f.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\g.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\h.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\i.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\j.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\k.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\l.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\m.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\Main.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\n.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\p.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\q.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\r.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\s.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\t.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\u.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\v.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\w.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\x.class
C:\Program Files\EbatesMoeMoneyMaker\System\Code\y.class
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_autorediroffer0.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_disable0.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_memoffer0.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_nonmemoffer0.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_preferences0.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_script0.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Html\topmoxie_conflicts2.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Html\topmoxie_proxy.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_clickhere.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_getcashback.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_getcashbck.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_no.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_submit.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_yes.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\Clear.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\ebates.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\ebateslogo1.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\logo_topmox.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_question.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_reminder.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\Moe_top.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_with_cash.gif
C:\Program Files\EbatesMoeMoneyMaker\System\Images\Spacer.gif
C:\Program Files\EbatesMoeMoneyMaker\System\System\Browsers.dls
C:\Program Files\EbatesMoeMoneyMaker\System\System\Loader.dls
C:\Program Files\EbatesMoeMoneyMaker\System\System\personality.dls
C:\Program Files\EbatesMoeMoneyMaker\System\System\Shopping.dls
C:\Program Files\EbatesMoeMoneyMaker\System\System\System.dls
C:\Program Files\EbatesMoeMoneyMaker\System\Temp\dump.txt
C:\Program Files\GroksterSupport
C:\Program Files\GroksterSupport\ApplicationData\Administrator\dataexcludegrokstershopsaved.dls
C:\Program Files\GroksterSupport\ApplicationData\Administrator\userdatagrokstershop.dls
C:\Program Files\GroksterSupport\ApplicationData\merchants.dls
C:\Program Files\GroksterSupport\ApplicationData\Randy\dataexcludegrokstershopsaved.dls
C:\Program Files\GroksterSupport\ApplicationData\Randy\userdatagrokstershop.dls
C:\Program Files\GroksterSupport\ApplicationData\systemdata.dls
C:\Program Files\GroksterSupport\ApplicationData\systemdata1.dls
C:\Program Files\GroksterSupport\ApplicationData\updates.dls
C:\Program Files\GroksterSupport\Applications\datamerchgrokstershopsaved.dls
C:\Program Files\GroksterSupport\Applications\grokstershop.dls
C:\Program Files\GroksterSupport\Applications\grokstershopupdater.dls
C:\Program Files\GroksterSupport\System\Code\a.class
C:\Program Files\GroksterSupport\System\Code\b.class
C:\Program Files\GroksterSupport\System\Code\ba.class
C:\Program Files\GroksterSupport\System\Code\bb.class
C:\Program Files\GroksterSupport\System\Code\bc.class
C:\Program Files\GroksterSupport\System\Code\bd.class
C:\Program Files\GroksterSupport\System\Code\be.class
C:\Program Files\GroksterSupport\System\Code\bg.class
C:\Program Files\GroksterSupport\System\Code\bh.class
C:\Program Files\GroksterSupport\System\Code\bi.class
C:\Program Files\GroksterSupport\System\Code\bj.class
C:\Program Files\GroksterSupport\System\Code\bk.class
C:\Program Files\GroksterSupport\System\Code\bl.class
C:\Program Files\GroksterSupport\System\Code\bm.class
C:\Program Files\GroksterSupport\System\Code\bn.class
C:\Program Files\GroksterSupport\System\Code\bo.class
C:\Program Files\GroksterSupport\System\Code\bp.class
C:\Program Files\GroksterSupport\System\Code\bq.class
C:\Program Files\GroksterSupport\System\Code\br.class
C:\Program Files\GroksterSupport\System\Code\bs.class
C:\Program Files\GroksterSupport\System\Code\bt.class
C:\Program Files\GroksterSupport\System\Code\bu.class
C:\Program Files\GroksterSupport\System\Code\bv.class
C:\Program Files\GroksterSupport\System\Code\bw.class
C:\Program Files\GroksterSupport\System\Code\bx.class
C:\Program Files\GroksterSupport\System\Code\by.class
C:\Program Files\GroksterSupport\System\Code\bz.class
C:\Program Files\GroksterSupport\System\Code\c.class
C:\Program Files\GroksterSupport\System\Code\ca.class
C:\Program Files\GroksterSupport\System\Code\cb.class
C:\Program Files\GroksterSupport\System\Code\cc.class
C:\Program Files\GroksterSupport\System\Code\cd.class
C:\Program Files\GroksterSupport\System\Code\ce.class
C:\Program Files\GroksterSupport\System\Code\cf.class
C:\Program Files\GroksterSupport\System\Code\cg.class
C:\Program Files\GroksterSupport\System\Code\ch.class
C:\Program Files\GroksterSupport\System\Code\ci.class
C:\Program Files\GroksterSupport\System\Code\cj.class
C:\Program Files\GroksterSupport\System\Code\ck.class
C:\Program Files\GroksterSupport\System\Code\cl.class
C:\Program Files\GroksterSupport\System\Code\cm.class
C:\Program Files\GroksterSupport\System\Code\cn.class
C:\Program Files\GroksterSupport\System\Code\co.class
C:\Program Files\GroksterSupport\System\Code\cp.class
C:\Program Files\GroksterSupport\System\Code\cq.class
C:\Program Files\GroksterSupport\System\Code\cr.class
C:\Program Files\GroksterSupport\System\Code\cs.class
C:\Program Files\GroksterSupport\System\Code\ct.class
C:\Program Files\GroksterSupport\System\Code\cu.class
C:\Program Files\GroksterSupport\System\Code\cv.class
C:\Program Files\GroksterSupport\System\Code\cw.class
C:\Program Files\GroksterSupport\System\Code\cx.class
C:\Program Files\GroksterSupport\System\Code\cy.class
C:\Program Files\GroksterSupport\System\Code\cz.class
C:\Program Files\GroksterSupport\System\Code\d.class
C:\Program Files\GroksterSupport\System\Code\da.class
C:\Program Files\GroksterSupport\System\Code\db.class
C:\Program Files\GroksterSupport\System\Code\dc.class
C:\Program Files\GroksterSupport\System\Code\dd.class
C:\Program Files\GroksterSupport\System\Code\de.class
C:\Program Files\GroksterSupport\System\Code\df.class
C:\Program Files\GroksterSupport\System\Code\dg.class
C:\Program Files\GroksterSupport\System\Code\dh.class
C:\Program Files\GroksterSupport\System\Code\di.class
C:\Program Files\GroksterSupport\System\Code\dj.class
C:\Program Files\GroksterSupport\System\Code\dk.class
C:\Program Files\GroksterSupport\System\Code\dl.class
C:\Program Files\GroksterSupport\System\Code\dn.class
C:\Program Files\GroksterSupport\System\Code\dp.class
C:\Program Files\GroksterSupport\System\Code\dq.class
C:\Program Files\GroksterSupport\System\Code\dr.class
C:\Program Files\GroksterSupport\System\Code\ds.class
C:\Program Files\GroksterSupport\System\Code\dt.class
C:\Program Files\GroksterSupport\System\Code\du.class
C:\Program Files\GroksterSupport\System\Code\dv.class
C:\Program Files\GroksterSupport\System\Code\dw.class
C:\Program Files\GroksterSupport\System\Code\dy.class
C:\Program Files\GroksterSupport\System\Code\dz.class
C:\Program Files\GroksterSupport\System\Code\e.class
C:\Program Files\GroksterSupport\System\Code\ea.class
C:\Program Files\GroksterSupport\System\Code\eb.class
C:\Program Files\GroksterSupport\System\Code\ec.class
C:\Program Files\GroksterSupport\System\Code\ed.class
C:\Program Files\GroksterSupport\System\Code\f.class
C:\Program Files\GroksterSupport\System\Code\g.class
C:\Program Files\GroksterSupport\System\Code\h.class
C:\Program Files\GroksterSupport\System\Code\i.class
C:\Program Files\GroksterSupport\System\Code\j.class
C:\Program Files\GroksterSupport\System\Code\k.class
C:\Program Files\GroksterSupport\System\Code\l.class
C:\Program Files\GroksterSupport\System\Code\m.class
C:\Program Files\GroksterSupport\System\Code\n.class
C:\Program Files\GroksterSupport\System\Code\o.class
C:\Program Files\GroksterSupport\System\Code\p.class
C:\Program Files\GroksterSupport\System\Code\q.class
C:\Program Files\GroksterSupport\System\Code\r.class
C:\Program Files\GroksterSupport\System\Code\s.class
C:\Program Files\GroksterSupport\System\Code\t.class
C:\Program Files\GroksterSupport\System\Code\u.class
C:\Program Files\GroksterSupport\System\Code\v.class
C:\Program Files\GroksterSupport\System\Code\w.class
C:\Program Files\GroksterSupport\System\Code\x.class
C:\Program Files\GroksterSupport\System\Code\y.class
C:\Program Files\GroksterSupport\System\Html\grokstershop_confirm0.htm
C:\Program Files\GroksterSupport\System\Html\grokstershop_confirm1.htm
C:\Program Files\GroksterSupport\System\Html\grokstershop_offer0.htm
C:\Program Files\GroksterSupport\System\Html\grokstershop_offer1.htm
C:\Program Files\GroksterSupport\System\Html\grokstershop_preferences0.htm
C:\Program Files\GroksterSupport\System\Html\grokstershop_preferences1.htm
C:\Program Files\GroksterSupport\System\Html\grokstershop_script0.htm
C:\Program Files\GroksterSupport\System\Html\topmoxie_conflicts2.htm
C:\Program Files\GroksterSupport\System\Html\topmoxie_proxy.htm
C:\Program Files\GroksterSupport\System\Images\grokster_logo.gif
C:\Program Files\GroksterSupport\System\Images\grokstershop_clickhere_lg3.gif
C:\Program Files\GroksterSupport\System\Images\lw_ls_offer_click_here4.gif
C:\Program Files\GroksterSupport\System\MTemp\encryption.bin
C:\Program Files\GroksterSupport\System\MTemp\logfile.txt
C:\Program Files\GroksterSupport\System\System\Browsers.dls
C:\Program Files\GroksterSupport\System\System\Loader.dls
C:\Program Files\GroksterSupport\System\System\personality.dls
C:\Program Files\GroksterSupport\System\System\Shopping.dls
C:\Program Files\GroksterSupport\System\System\System.dls
C:\Program Files\GroksterSupport\System\Temp\dump.txt
C:\Program Files\GroksterSupport\System\Temp\grokstershop_script0.htm
C:\Program Files\GroksterSupport\System\Temp\grokstershop_script0_wo.htm
C:\Program Files\GroksterSupport\websearch_grock.exe
C:\Program Files\Lycos
C:\Program Files\Lycos\Sidesearch\Offline.htm
C:\Program Files\websearch
C:\Program Files\websearch\ApplicationData\Administrator\userdata.dls
C:\Program Files\websearch\ApplicationData\merchants.dls
C:\Program Files\websearch\ApplicationData\Randy\userdata.dls
C:\Program Files\websearch\ApplicationData\systemdata.dls
C:\Program Files\websearch\ApplicationData\systemdata1.dls
C:\Program Files\websearch\ApplicationData\updates.dls
C:\Program Files\websearch\Applications\datamerchgrokstershopsaved.dls
C:\Program Files\websearch\Applications\websearch_grock.dls
C:\Program Files\websearch\System\Code\a.class
C:\Program Files\websearch\System\Code\b.class
C:\Program Files\websearch\System\Code\ba.class
C:\Program Files\websearch\System\Code\bb.class
C:\Program Files\websearch\System\Code\bc.class
C:\Program Files\websearch\System\Code\bd.class
C:\Program Files\websearch\System\Code\be.class
C:\Program Files\websearch\System\Code\bg.class
C:\Program Files\websearch\System\Code\bh.class
C:\Program Files\websearch\System\Code\bi.class
C:\Program Files\websearch\System\Code\bj.class
C:\Program Files\websearch\System\Code\bk.class
C:\Program Files\websearch\System\Code\bl.class
C:\Program Files\websearch\System\Code\bm.class
C:\Program Files\websearch\System\Code\bn.class
C:\Program Files\websearch\System\Code\bo.class
C:\Program Files\websearch\System\Code\bp.class
C:\Program Files\websearch\System\Code\bq.class
C:\Program Files\websearch\System\Code\br.class
C:\Program Files\websearch\System\Code\bs.class
C:\Program Files\websearch\System\Code\bt.class
C:\Program Files\websearch\System\Code\bu.class
C:\Program Files\websearch\System\Code\bv.class
C:\Program Files\websearch\System\Code\bw.class
C:\Program Files\websearch\System\Code\bx.class
C:\Program Files\websearch\System\Code\by.class
C:\Program Files\websearch\System\Code\bz.class
C:\Program Files\websearch\System\Code\c.class
C:\Program Files\websearch\System\Code\ca.class
C:\Program Files\websearch\System\Code\cb.class
C:\Program Files\websearch\System\Code\cc.class
C:\Program Files\websearch\System\Code\cd.class
C:\Program Files\websearch\System\Code\ce.class
C:\Program Files\websearch\System\Code\cf.class
C:\Program Files\websearch\System\Code\cg.class
C:\Program Files\websearch\System\Code\ch.class
C:\Program Files\websearch\System\Code\ci.class
C:\Program Files\websearch\System\Code\cj.class
C:\Program Files\websearch\System\Code\ck.class
C:\Program Files\websearch\System\Code\cl.class
C:\Program Files\websearch\System\Code\cm.class
C:\Program Files\websearch\System\Code\cn.class
C:\Program Files\websearch\System\Code\co.class
C:\Program Files\websearch\System\Code\cp.class
C:\Program Files\websearch\System\Code\cq.class
C:\Program Files\websearch\System\Code\cr.class
C:\Program Files\websearch\System\Code\cs.class
C:\Program Files\websearch\System\Code\ct.class
C:\Program Files\websearch\System\Code\cu.class
C:\Program Files\websearch\System\Code\cv.class
C:\Program Files\websearch\System\Code\cw.class
C:\Program Files\websearch\System\Code\cx.class
C:\Program Files\websearch\System\Code\cy.class
C:\Program Files\websearch\System\Code\cz.class
C:\Program Files\websearch\System\Code\d.class
C:\Program Files\websearch\System\Code\da.class
C:\Program Files\websearch\System\Code\db.class
C:\Program Files\websearch\System\Code\dc.class
C:\Program Files\websearch\System\Code\dd.class
C:\Program Files\websearch\System\Code\de.class
C:\Program Files\websearch\System\Code\df.class
C:\Program Files\websearch\System\Code\dg.class
C:\Program Files\websearch\System\Code\dh.class
C:\Program Files\websearch\System\Code\di.class
C:\Program Files\websearch\System\Code\dj.class
C:\Program Files\websearch\System\Code\dk.class
C:\Program Files\websearch\System\Code\dl.class
C:\Program Files\websearch\System\Code\dn.class
C:\Program Files\websearch\System\Code\dp.class
C:\Program Files\websearch\System\Code\dq.class
C:\Program Files\websearch\System\Code\dr.class
C:\Program Files\websearch\System\Code\ds.class
C:\Program Files\websearch\System\Code\dt.class
C:\Program Files\websearch\System\Code\du.class
C:\Program Files\websearch\System\Code\dv.class
C:\Program Files\websearch\System\Code\dw.class
C:\Program Files\websearch\System\Code\dy.class
C:\Program Files\websearch\System\Code\dz.class
C:\Program Files\websearch\System\Code\e.class
C:\Program Files\websearch\System\Code\ea.class
C:\Program Files\websearch\System\Code\eb.class
C:\Program Files\websearch\System\Code\ec.class
C:\Program Files\websearch\System\Code\ed.class
C:\Program Files\websearch\System\Code\f.class
C:\Program Files\websearch\System\Code\g.class
C:\Program Files\websearch\System\Code\h.class
C:\Program Files\websearch\System\Code\i.class
C:\Program Files\websearch\System\Code\j.class
C:\Program Files\websearch\System\Code\k.class
C:\Program Files\websearch\System\Code\l.class
C:\Program Files\websearch\System\Code\m.class
C:\Program Files\websearch\System\Code\n.class
C:\Program Files\websearch\System\Code\o.class
C:\Program Files\websearch\System\Code\p.class
C:\Program Files\websearch\System\Code\q.class
C:\Program Files\websearch\System\Code\r.class
C:\Program Files\websearch\System\Code\s.class
C:\Program Files\websearch\System\Code\t.class
C:\Program Files\websearch\System\Code\u.class
C:\Program Files\websearch\System\Code\v.class
C:\Program Files\websearch\System\Code\w.class
C:\Program Files\websearch\System\Code\x.class
C:\Program Files\websearch\System\Code\y.class
C:\Program Files\websearch\System\Html\ebates_autorediroffer0.htm
C:\Program Files\websearch\System\Html\ebates_disable0.htm
C:\Program Files\websearch\System\Html\ebates_memoffer0.htm
C:\Program Files\websearch\System\Html\ebates_nonmemoffer0.htm
C:\Program Files\websearch\System\Html\ebates_preferences0.htm
C:\Program Files\websearch\System\Html\ebates_script0.htm
C:\Program Files\websearch\System\Html\grokstershop_confirm1.htm
C:\Program Files\websearch\System\Html\grokstershop_offer1.htm
C:\Program Files\websearch\System\Html\grokstershop_preferences1.htm
C:\Program Files\websearch\System\Html\grokstershop_script0.htm
C:\Program Files\websearch\System\Html\topmoxie_conflicts2.htm
C:\Program Files\websearch\System\Html\topmoxie_proxy.htm
C:\Program Files\websearch\System\Images\button_clickhere.gif
C:\Program Files\websearch\System\Images\button_getcashback.gif
C:\Program Files\websearch\System\Images\button_getcashbck.gif
C:\Program Files\websearch\System\Images\button_no.gif
C:\Program Files\websearch\System\Images\button_submit.gif
C:\Program Files\websearch\System\Images\button_yes.gif
C:\Program Files\websearch\System\Images\clear.gif
C:\Program Files\websearch\System\Images\ebates.gif
C:\Program Files\websearch\System\Images\ebateslogo1.gif
C:\Program Files\websearch\System\Images\grokster_logo.gif
C:\Program Files\websearch\System\Images\grokstershop_clickhere_lg3.gif
C:\Program Files\websearch\System\Images\logo_topmox.gif
C:\Program Files\websearch\System\Images\lw_ls_offer_click_here4.gif
C:\Program Files\websearch\System\Images\moe_question.gif
C:\Program Files\websearch\System\Images\moe_reminder.gif
C:\Program Files\websearch\System\Images\moe_top.gif
C:\Program Files\websearch\System\Images\moe_with_cash.gif
C:\Program Files\websearch\System\Images\spacer.gif
C:\Program Files\websearch\System\System\browsers.dls
C:\Program Files\websearch\System\System\loader.dls
C:\Program Files\websearch\System\System\personality.dls
C:\Program Files\websearch\System\System\shopping.dls
C:\Program Files\websearch\System\System\system.dls
C:\Program Files\websearch\System\Temp\dump.txt
C:\Program Files\websearch\System\Temp\run.txt
C:\Program Files\websearch\websearch.inf
C:\WINDOWS\inf\bi.inf
C:\WINDOWS\inf\bi5.inf
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\inf\flashtlk.inf
C:\WINDOWS\system32\auto_update_uninstall.log
F:\Appz\Zami Computer fix files\SmitfraudFix
F:\Appz\Zami Computer fix files\SmitfraudFix\dumphive.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\GenericRenosFix.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\HostsChk.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\Process.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\restart.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\SmitfraudFix.cmd
F:\Appz\Zami Computer fix files\SmitfraudFix\SmiUpdate.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\SrchSTS.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\swreg.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\swsc.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\swxcacls.exe
F:\Appz\Zami Computer fix files\SmitfraudFix\unzip.exe
G:\Documents and Settings\Randy\Application Data\Lycos
G:\Program Files\Lycos(2)
G:\Program Files\Lycos(2)\Sidesearch(2)\offline.htm
G:\RECYCLED\Dg3
G:\RECYCLED\Dg3\AVIPRE~1.EXE
G:\RECYCLED\Dg3\BDCORE.DLL
G:\RECYCLED\Dg3\BDUPD.DLL
G:\RECYCLED\Dg3\CD_CLINT.DLL
G:\RECYCLED\Dg3\DAT_VIEW.EXE
G:\RECYCLED\Dg3\DB\NP.TMP
G:\RECYCLED\Dg3\HELP.ICO
G:\RECYCLED\Dg3\KAZAA.EXE
G:\RECYCLED\Dg3\KAZAAH~1.CHM
G:\RECYCLED\Dg3\KZSCAN.DLL
G:\RECYCLED\Dg3\LIBFN.DLL
G:\RECYCLED\Dg3\SHARED.ICO
G:\RECYCLED\Dg3\SIG2DAT.EXE
G:\RECYCLED\Dg3\SPEEDU~1.EXE
G:\RECYCLED\Dg3\TSI2.CAB
G:\RECYCLED\Dg3\UNINS000.DAT
G:\RECYCLED\Dg3\UNINS000.EXE
G:\RECYCLED\Dg3\WEB\GO.GIF
G:\RECYCLED\Dg3\WEB\START.HTM
G:\RECYCLED\Dg5
G:\RECYCLED\Dg5\bdcore.dll
G:\RECYCLED\Dg5\cd_clint.dll
G:\RECYCLED\Dg5\db\data256.dbb
G:\RECYCLED\Dg5\Kazaa.exe
G:\RECYCLED\Dg5\kazaahelp.chm
G:\RECYCLED\Dg5\kzscan.dll
G:\RECYCLED\Dg5\Unins000.dat
G:\RECYCLED\Dg5\Web\Go.gif
G:\RECYCLED\Dg5\Web\Start.htm
G:\Utilities\Hijackthis\backups
G:\Utilities\Hijackthis\backups\backup-20050409-004011-201
G:\Utilities\Hijackthis\backups\backup-20050409-004011-307
G:\Utilities\Hijackthis\backups\backup-20050409-004011-373
G:\Utilities\Hijackthis\backups\backup-20050409-004011-390
G:\Utilities\Hijackthis\backups\backup-20050409-004011-405
G:\Utilities\Hijackthis\backups\backup-20050409-004011-583
G:\Utilities\Hijackthis\backups\backup-20050409-004011-768
G:\Utilities\Hijackthis\backups\backup-20050409-004011-927
G:\Utilities\Hijackthis\backups\backup-20050409-011526-268
G:\Utilities\Hijackthis\backups\backup-20050409-011526-400
G:\Utilities\Hijackthis\backups\backup-20050409-011526-578
G:\Utilities\Hijackthis\backups\backup-20050409-011526-599
G:\Utilities\Hijackthis\backups\backup-20050409-011526-603
G:\Utilities\Hijackthis\backups\backup-20050409-011526-635
G:\Utilities\Hijackthis\backups\backup-20050409-011526-812
G:\Utilities\Hijackthis\backups\backup-20050409-011526-823
G:\Utilities\Hijackthis\backups\backup-20050409-011526-998
G:\Utilities\Hijackthis\backups\backup-20050409-011804-438
G:\Utilities\Hijackthis\backups\backup-20050409-011804-920
G:\Utilities\Hijackthis\backups\backup-20050409-092940-147
G:\Utilities\Hijackthis\backups\backup-20050409-092940-157
G:\Utilities\Hijackthis\backups\backup-20050409-092940-302
G:\Utilities\Hijackthis\backups\backup-20050409-092940-332
G:\Utilities\Hijackthis\backups\backup-20050409-092940-423
G:\Utilities\Hijackthis\backups\backup-20050409-092940-423.inf
G:\Utilities\Hijackthis\backups\backup-20050409-092940-557
G:\Utilities\Hijackthis\backups\backup-20050409-092940-557.inf
G:\Utilities\Hijackthis\backups\backup-20050409-092940-937
G:\Utilities\Hijackthis\backups\backup-20050409-092940-969
G:\Utilities\Hijackthis\backups\backup-20050410-165829-708
G:\Utilities\Hijackthis\backups\backup-20050410-165829-991
G:\Utilities\Hijackthis\backups\backup-20050410-175236-117
G:\Utilities\Hijackthis\backups\backup-20050410-175236-117-Microsoft Office.lnk
G:\Utilities\Hijackthis\backups\backup-20050410-175236-127
G:\Utilities\Hijackthis\backups\backup-20050410-175236-272
G:\Utilities\Hijackthis\backups\backup-20050410-175236-302
G:\Utilities\Hijackthis\backups\backup-20050410-175236-752
G:\Utilities\Hijackthis\backups\backup-20050410-175236-752-PC Alert 4.lnk
G:\Utilities\Hijackthis\backups\backup-20050410-175236-907
G:\Utilities\Hijackthis\backups\backup-20051009-000537-221
G:\Utilities\Hijackthis\backups\backup-20051009-000537-221-InterVideo WinCinema Manager.lnk
G:\Utilities\Hijackthis\backups\backup-20051009-000622-951
G:\Utilities\Hijackthis\backups\backup-20051009-000712-436
G:\Utilities\Hijackthis\backups\backup-20060831-084153-365
G:\Utilities\Hijackthis\backups\backup-20060831-084153-398
G:\Utilities\Hijackthis\backups\backup-20060831-084153-846
G:\Utilities\Hijackthis\backups\backup-20070412-164826-172
G:\Utilities\Hijackthis\backups\backup-20070412-164826-308
G:\Utilities\Hijackthis\backups\backup-20070412-164826-308.inf
G:\Utilities\Hijackthis\backups\backup-20070412-164826-528
G:\Utilities\Hijackthis\backups\backup-20070417-174621-663
G:\Utilities\Hijackthis\backups\backup-20070417-174621-884
G:\Utilities\Hijackthis\backups\backup-20070417-174622-888
G:\Utilities\Hijackthis\backups\backup-20070430-025158-178
G:\Utilities\Hijackthis\backups\backup-20070430-025158-559
G:\Utilities\Hijackthis\backups\backup-20070810-164808-203
G:\Utilities\Hijackthis\backups\backup-20070810-164808-211
G:\Utilities\Hijackthis\backups\backup-20070810-164808-431
G:\Utilities\Hijackthis\backups\backup-20070810-165330-248
G:\Utilities\Hijackthis\backups\backup-20070810-165330-449
G:\Utilities\Hijackthis\backups\backup-20070810-165330-479
G:\Utilities\Hijackthis\backups\backup-20070810-165330-801
G:\Utilities\Hijackthis\backups\backup-20070810-165330-813
G:\Utilities\Hijackthis\backups\backup-20070810-165330-908
G:\Utilities\Hijackthis\backups\backup-20070810-165330-971
G:\Utilities\Hijackthis\backups\backup-20070810-165512-126
G:\Utilities\Hijackthis\backups\backup-20070810-165512-126.inf
G:\Utilities\Hijackthis\backups\backup-20070810-165512-825
G:\Utilities\SDFix
G:\Utilities\SDFix\SDFix\apps\assosfix.reg
G:\Utilities\SDFix\SDFix\apps\cliptext.exe
G:\Utilities\SDFix\SDFix\apps\download.exe
G:\Utilities\SDFix\SDFix\apps\dummy.sys
G:\Utilities\SDFix\SDFix\apps\Enable_Command_Prompt.reg
G:\Utilities\SDFix\SDFix\apps\ERDNT.E_E
G:\Utilities\SDFix\SDFix\apps\ERDNTDOS.LOC
G:\Utilities\SDFix\SDFix\apps\ERDNTWIN.LOC
G:\Utilities\SDFix\SDFix\apps\ERUNT.EXE
G:\Utilities\SDFix\SDFix\apps\ERUNT.LOC
G:\Utilities\SDFix\SDFix\apps\fix.reg
G:\Utilities\SDFix\SDFix\apps\FixBH.reg
G:\Utilities\SDFix\SDFix\apps\FIXCU.reg
G:\Utilities\SDFix\SDFix\apps\FIXLM.reg
G:\Utilities\SDFix\SDFix\apps\FixPath.exe
G:\Utilities\SDFix\SDFix\apps\FixRedir.reg
G:\Utilities\SDFix\SDFix\apps\FixWebCheck.reg
G:\Utilities\SDFix\SDFix\apps\fixXP.reg
G:\Utilities\SDFix\SDFix\apps\FixXPsp2.reg
G:\Utilities\SDFix\SDFix\apps\HPFix.reg
G:\Utilities\SDFix\SDFix\apps\HPFix2.reg
G:\Utilities\SDFix\SDFix\apps\leg2.txt
G:\Utilities\SDFix\SDFix\apps\legacy.txt
G:\Utilities\SDFix\SDFix\apps\legacybk.txt
G:\Utilities\SDFix\SDFix\apps\locate.com
G:\Utilities\SDFix\SDFix\apps\LS.exe
G:\Utilities\SDFix\SDFix\apps\MD5File.exe
G:\Utilities\SDFix\SDFix\apps\moveex.exe
G:\Utilities\SDFix\SDFix\apps\MyGcpvFix.reg
G:\Utilities\SDFix\SDFix\apps\MyGkFix2.reg
G:\Utilities\SDFix\SDFix\apps\Process.exe
G:\Utilities\SDFix\SDFix\apps\RegDACL.exe
G:\Utilities\SDFix\SDFix\apps\Rem.txt
G:\Utilities\SDFix\SDFix\apps\Rem2.txt
G:\Utilities\SDFix\SDFix\apps\Replace\W2K.exe
G:\Utilities\SDFix\SDFix\apps\Replace\XP.exe
G:\Utilities\SDFix\SDFix\apps\Reset_AppInit_DLLs.reg
G:\Utilities\SDFix\SDFix\apps\RestartIt!.exe
G:\Utilities\SDFix\SDFix\apps\Restore_SecurityCenter.reg
G:\Utilities\SDFix\SDFix\apps\Restore_SharedAccess.reg
G:\Utilities\SDFix\SDFix\apps\sc.exe
G:\Utilities\SDFix\SDFix\apps\SF.exe
G:\Utilities\SDFix\SDFix\apps\shutdown.exe
G:\Utilities\SDFix\SDFix\apps\srv2.txt
G:\Utilities\SDFix\SDFix\apps\svc.txt
G:\Utilities\SDFix\SDFix\apps\svcbk.txt
G:\Utilities\SDFix\SDFix\apps\swreg.exe
G:\Utilities\SDFix\SDFix\apps\swsc.exe
G:\Utilities\SDFix\SDFix\apps\unzip.exe
G:\Utilities\SDFix\SDFix\apps\zip.exe
G:\Utilities\SDFix\SDFix\backups\attrib.exe
G:\Utilities\SDFix\SDFix\backups\backupreg.zip
G:\Utilities\SDFix\SDFix\backups\backups.zip
G:\Utilities\SDFix\SDFix\backups\find.exe
G:\Utilities\SDFix\SDFix\backups\findstr.exe
G:\Utilities\SDFix\SDFix\backups\HOSTS
G:\Utilities\SDFix\SDFix\backups\regedit.exe
G:\Utilities\SDFix\SDFix\catchme.exe
G:\Utilities\SDFix\SDFix\dummy.sys
G:\Utilities\SDFix\SDFix\Report.txt
G:\Utilities\SDFix\SDFix\RunThis.bat
G:\Utilities\SDFix\SDFix\SDFIX_ReadMe_Online.url
g:\windows\downloaded program files\webdlg32.inf
g:\windows\inf\biini.inf
G:\WINDOWS\inf\satmat.inf
G:\WINDOWS\nircmd.exe
g:\windows\satmat.ini
g:\windows\system32\FLEOK
g:\windows\system32\INNERADINSTALL.LOG
g:\windows\system32\sdkwk32.exe
((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))
2007-08-14 17:39 549,376
c--- G:\WINDOWS\system32\dllcache\oleaut32.dll
2007-08-14 17:39 1,033,216
c--- G:\WINDOWS\system32\dllcache\explorer.exe
2007-08-14 17:38 282,112
c--- G:\WINDOWS\system32\dllcache\gdi32.dll
2007-08-12 10:41 <DIR> d
G:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-08-10 16:58 3,968 --a
G:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-08 16:19 <DIR> d
G:\WINDOWS\ERUNT
2007-08-06 16:30 <DIR> d
G:\Deckard
2007-08-03 08:35 <DIR> d
G:\DOCUME~1\Randy\DoctorWeb
2007-08-03 01:23 <DIR> d
G:\Program Files\DssEvolution.com
2007-07-29 15:48 <DIR> d
G:\Personal Colour Viewer 2.0
2007-07-29 15:33 <DIR> d
G:\Colour Viewer 2.0
2007-07-25 18:33 520,192
G:\WINDOWS\system32\ati2sgag.exe
2007-07-25 18:33 <DIR> d
G:\Program Files\ATI Technologies
2007-07-25 18:26 1,408,000 --a--c--- G:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-07-25 18:26 1,408,000 --a
G:\WINDOWS\system32\ativvaxx.dll
2007-07-25 18:25 870,784 --a--c--- G:\WINDOWS\system32\dllcache\ati3d1ag.dll
2007-07-25 18:25 870,784 --a
G:\WINDOWS\system32\ati3d1ag.dll
2007-07-25 18:25 377,984 --a--c--- G:\WINDOWS\system32\dllcache\ati2dvaa.dll
2007-07-25 18:25 377,984 --a
G:\WINDOWS\system32\ati2dvaa.dll
2007-07-25 18:25 32,768 --a--c--- G:\WINDOWS\system32\dllcache\ativtmxx.dll
2007-07-25 18:25 32,768 --a
G:\WINDOWS\system32\ativtmxx.dll
2007-07-25 18:25 282,624 --a--c--- G:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-07-25 18:25 282,624 --a
G:\WINDOWS\system32\ati2cqag.dll
2007-07-25 18:25 2,693,280 --a--c--- G:\WINDOWS\system32\dllcache\ati3duag.dll
2007-07-25 18:25 2,693,280 --a
G:\WINDOWS\system32\ati3duag.dll
2007-07-17 18:12 <DIR> d
G:\Program Files\PokerRoom.com
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-12-09 01:32 87040 --a
G:\WINDOWS\system32\ra32sipr.dll
2007-12-09 01:32 85504 --a
G:\WINDOWS\system32\encdnet.dll
2007-12-09 01:32 81920 --a
G:\WINDOWS\system32\ra3214_4.dll
2007-12-09 01:32 72704 --a
G:\WINDOWS\system32\ra3228_8.dll
2007-12-09 01:32 61952 --a
G:\WINDOWS\system32\decdnet.dll
2007-12-09 01:32 487936 --a
G:\WINDOWS\system32\rmbe3260.dll
2007-12-09 01:32 352768 --a
G:\WINDOWS\system32\pngu3263.dll
2007-12-09 01:32 21504 --a
G:\WINDOWS\system32\ra32dnet.dll
2007-12-09 01:32 131072 --a
G:\WINDOWS\system32\pneng50.dll
2007-12-09 01:32 130560 --a
G:\WINDOWS\system32\pnc3250.dll
2007-08-14 06:32
d
G:\Program Files\PokerStars
2007-08-12 21:49
d
G:\Program Files\Google
2007-08-12 13:30
d
G:\DOCUME~1\Randy\APPLIC~1\Vso
2007-08-12 00:41
d
G:\Program Files\CarbonPoker
2007-08-10 16:42
d--h
G:\Program Files\InstallShield Installation Information
2007-08-10 16:42
d
G:\Program Files\Full Tilt Poker
2007-08-10 16:40
d
G:\Program Files\Absolute Poker
2007-08-10 16:39
d
G:\Program Files\UltimateBet
2007-08-09 16:11 530 --a
G:\delete.bat
2007-08-06 22:11 73216 --a
G:\WINDOWS\ST6UNST.EXE
2007-08-06 22:11 249856
G:\WINDOWS\Setup1.exe
2007-07-27 08:45 87608 --a
G:\DOCUME~1\Randy\APPLIC~1\inst.exe
2007-07-27 08:45 47360 --a
G:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-27 08:45 47360 --a
G:\DOCUME~1\Randy\APPLIC~1\pcouffin.sys
2007-07-25 18:40
d
G:\DOCUME~1\Randy\APPLIC~1\ATI
2007-07-19 19:06 2256 --a
G:\WINDOWS\current_settings.bin
2007-07-12 16:32
d
G:\Program Files\Common Files\Symantec Shared
2007-07-11 16:45 2144 --a
G:\WINDOWS\system32\tmp.reg
2007-07-09 22:41 264 --a
G:\WINDOWS\system32\winsusrm.dll
2007-07-08 21:33
d
G:\DOCUME~1\Randy\APPLIC~1\DVDFab
2007-07-06 00:28 81920 --a
G:\WINDOWS\system32\GiveioIns.dll
2007-07-06 00:28 294912 --a
G:\WINDOWS\system32\N2meProg.dll
2007-06-28 17:46 40 --a
G:\WINDOWS\system32\uppim.dll
2007-06-27 03:15
d
G:\Program Files\Windows Media Connect 2
2007-06-26 11:13 851968 --a--c--- G:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 --a--c--- G:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a--c--- G:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 02:08 1104896 --a
G:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a
G:\WINDOWS\system32\gdi32.dll
2007-06-14 14:09 96256 --a--c--- G:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 --a--c--- G:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 --a--c--- G:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 --a--c--- G:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112
c--- G:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 --a--c--- G:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 --a--c--- G:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 --a--c--- G:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 251392 --a--c--- G:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 --a--c--- G:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 --a--c--- G:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040
c--- G:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528
c--- G:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 --a--c--- G:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --a--c--- G:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488
c--- G:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 11:09 3058688 --a--c--- G:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 10:07 18432 --a--c--- G:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a
G:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944
c--- G:\WINDOWS\system32\dllcache\wmp.dll
2007-05-17 07:28 549376 ---hs---- G:\WINDOWS\system32\oleaut32.dll
2007-05-16 11:12 86528
c--- G:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504
c--- G:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a
G:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520
c--- G:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976
c--- G:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816
c--- G:\WINDOWS\system32\dllcache\msoe.dll
2007-01-28 22:35 87608 --a
G:\DOCUME~1\Randy\APPLIC~1\ezpinst.exe
2006-06-29 20:39 32696
G:\DOCUME~1\Randy\APPLIC~1\GDIPFONTCACHEV1.DAT
2004-08-04 03:56 93184 --a
G:\Program Files\iexplore.exe
2003-08-27 14:19 36963 -r
G:\Program Files\Common Files\SM1updtr.dll
2001-08-23 12:00:00 94,784 -csh--w G:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w G:\WINDOWS\twain_32.dll
2004-08-20 03:26:54 1,216 -csh--w G:\WINDOWS\Twunk_16.dll
2004-08-20 03:26:54 1,216 -csh--w G:\WINDOWS\Twunk_32.dll
2004-08-04 07:56:43 54,784 --sh--w G:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sha-w G:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56:55 11,776 --sh--w G:\WINDOWS\system32\regsvr32.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2005-10-21 18:27]
"AVG7_CC"="G:\UTILIT~1\Grisoft\AVG7\avgcc.exe" [2007-08-15 16:17]
"NeroFilterCheck"="G:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Google Desktop Search"="G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-06 02:04]
"PSDrvCheck"="G:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06]
"ATICCC"="G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"!AVG Anti-Spyware"="G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-10 17:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"updateMgr"="G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 14:26]
G:\Documents and Settings\Randy\Start Menu\Programs\Startup\
Poppy for Windows.lnk - G:\Utilities\Poppy\Poppy.exe [2006-08-04 01:14:24]
G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Google Updater.lnk - G:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-11 14:26:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=G:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=G:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"g:\utilities\HP Camera Software\Photo Imaging\Hpi_Monitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"G:\utilities\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"C-DillaCdaC11BA"=2 (0x2)
R0 prohlp02;StarForce Protection Helper Driver v2;G:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;G:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;G:\WINDOWS\system32\drivers\sfhlp01.sys
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);G:\WINDOWS\system32\drivers\sfvfs02.sys
R1 kid_sys;Kensington Input Devices Class filter driver;G:\WINDOWS\system32\drivers\KID_SYS.sys
R1 NTIDrvr;Upper Class Filter Driver;G:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R1 oxmf;OXPCI Bus enumerator;G:\WINDOWS\system32\DRIVERS\oxmf.sys
R1 oxser;OX16C95x Serial port driver;G:\WINDOWS\system32\DRIVERS\oxser.sys
R1 PCLEPCI;PCLEPCI;\??\G:\WINDOWS\System32\drivers\pclepci.sys
R1 prodrv06;StarForce Protection Environment Driver v6;G:\WINDOWS\system32\drivers\prodrv06.sys
R1 Udfreadr_xp;Udfreadr_xp;G:\WINDOWS\system32\drivers\Udfreadr_xp.sys
R2 CdaC15BA;CdaC15BA;\??\G:\WINDOWS\System32\drivers\CdaC15BA.SYS
R2 CDRPDACC;Arrowkey Device Access;\??\G:\utilities\Shared\CDRPDACC.SYS
R2 NWCWorkstation;Client Service for NetWare;G:\WINDOWS\System32\svchost.exe -k netsvcs
R2 Sentinel;Sentinel;G:\WINDOWS\system32\Drivers\SENTINEL.SYS
R3 EPPSCSIx;EPPSCSI Driver;G:\WINDOWS\system32\DRIVERS\EPPSCAN.sys
R3 MarvinBus;Pinnacle Marvin Bus;G:\WINDOWS\system32\DRIVERS\MarvinBus.sys
R3 NWRDR;NetWare Rdr;G:\WINDOWS\system32\DRIVERS\nwrdr.sys
R3 Oxmfuf;Filter driver for OX16PCI954 ports;G:\WINDOWS\system32\DRIVERS\oxmfuf.sys
R3 Pcouffin;VSO Software pcouffin;G:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;G:\WINDOWS\system32\DRIVERS\SMC1211.SYS
R3 vulfntrs;VIA USB Roothub Lower Filter;G:\WINDOWS\system32\Drivers\vulfntr.sys
R3 WISTechVIDCAP;ADS DVD XPRESS DX2;G:\WINDOWS\system32\drivers\wisgostrm.sys
S0 xmasbus;xmasbus;G:\WINDOWS\system32\DRIVERS\xmasbus.sys
S0 xmasscsi;xmasscsi;G:\WINDOWS\system32\Drivers\xmasscsi.sys
S1 cdudf_xp;cdudf_xp;G:\WINDOWS\system32\drivers\cdudf_xp.sys
S2 windev-660f-554d;windev-660f-554d;\??\G:\WINDOWS\system32\windev-660f-554d.sys
S3 DtvAudio;DtvAudio;G:\WINDOWS\system32\DRIVERS\DtvAudio.sys
S3 DtvVideo;DtvVideo;G:\WINDOWS\system32\DRIVERS\DtvVideo.sys
S3 Dvd43;Dvd43;G:\WINDOWS\system32\DRIVERS\Dvd43.sys
S3 dvd43llh;dvd43llh;G:\WINDOWS\system32\DRIVERS\dvd43llh.sys
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS
S3 LPDSVC;TCP/IP Print Server;G:\WINDOWS\System32\tcpsvcs.exe
S3 ntgrip;Gravis GamePort device driver;G:\WINDOWS\system32\drivers\ntgrip.sys
S3 ntxpgp;Gravis Xperience GamePort device driver;G:\WINDOWS\system32\drivers\ntxpgp.sys
S3 VPNET;DTVNet Ethernet Controller;G:\WINDOWS\system32\DRIVERS\DTVNet.sys
S3 vulfnths;VIA USB Host Controller Lower Filter;G:\WINDOWS\system32\Drivers\vulfnth.sys
S4 Cdr4_xp;Cdr4_xp;G:\WINDOWS\system32\drivers\Cdr4_xp.sys
Contents of the 'Scheduled Tasks' folder
2007-08-16 03:30:43 G:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-14 10:32:22 G:\WINDOWS\Tasks\XoftSpySE.job - G:\utilities\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-15 23:31:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-15 23:34:31 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 2007-08-15 23:34
G:\ComboFix2.txt ... 2007-08-08 16:47
--- E O F ---