Windows XP freeze after the loading screen

Unknown · February 2008

Hi,
I don't know why, but since a little time, my Windows XP tends to freeze after loading screen with the Windows sign. Then it's just a black screen, it can't go in the welcoming screen. When I used system restore, it's good for a while but afterward it just restarts. Can anyone help me please??

Thank you!!

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:37 AM, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Xu XiaoYan\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147729691265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3844FF67-9B80-4148-AE0E-297BFD7173A0}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 19769 bytes

Thank you!!

Harudath · February 2008

BrmfBAgS.exe came up as a googlewhack- on a spyware removal website, that may be your problem.

(http://spywarefiles.prevx.com/RRGCHA1964465/BRMFBAGS.EXE.html)

EDIT: Ignore that, it took a while to load the "This file is safe" part ¬_¬

Mikail-Critchki · February 2008

Maybe check what programs that run on startup. If everything seems normal you could try and disable all of them and disable all the non-windows services.

I doubt this would fix it but you'll never know. I think I had a problem like this at school and I just reformat my hard drive, maybe it's time for you to do the same. But...to be on the safe side wait for more replies.

Leonardo · February 2008

I'm moving this to the Spyware and Virus Removal Forum. If it turns out the problem is Windows or hardware induced, we can move the thread again to the appropriate forum.

Please be patient at SVR. Our volunteers can be inundated at times with infected computer threads.

Strike_12 · March 2008

I really can;t figure out what is the problem... Like sometimes it works, and sometimes not, I just have to force shut-down again and again until it works. If you guys need any more informations just say it.

THX!!

Leonardo · March 2008

Strike_12, our Spyware and Virus removal volunteers are probably backlogged - so many infested computers. I know it's a pain when you are wanting to use your computer, but let's wait and see what the SVR volunteers say.

Katana · March 2008

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

Sorry for the delay

SmitFraud Look
Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Please post the above log along with a fresh HJT log in your reply

Strike_12 · March 2008

Hi Katana thank you for replying!

I just downloaded the SmitfraudFix.exe from the link above, but I can't run it, not even from the root of my system drive which indeed is C:\:p

I got this error message when I try to run it:
C:\SmitfraudFix.exe is not a valid Win32 application.

And here is my newest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:37 PM, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://ca.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147729691265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3844FF67-9B80-4148-AE0E-297BFD7173A0}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 20619 bytes

Thank you once again!!!

Katana · March 2008

Strike_12 wrote:

C:\SmitfraudFix.exe is not a valid Win32 application.

That doesn't sound good

Download and Run ComboFix

Download Combofix from the link below :

ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

Strike_12 · March 2008

OK, my computer must be badly infested because it just took more than 30 minutes to finish everything

And during the scan there is an alarm from Norton which says I have a Trojan Anserin and it can't delete it.

Here is the ComboFix log:

ComboFix 08-03-03.15 - Xu XiaoYan 2008-03-06 18:40:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.243 [GMT -5:00]
Running from: C:\Documents and Settings\Xu XiaoYan\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\baidu
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\YDOT8R01\cnsminex_empty[3].htm
C:\Documents and Settings\Xu XiaoYan\Local Settings\Application Data\baidu
C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
C:\Program Files\uusee
C:\Program Files\uusee\ARMP.ocx
C:\Program Files\uusee\bak_in_psp.dll
C:\Program Files\uusee\in_psp.dll
C:\Program Files\uusee\MultiVMR9.dll
C:\Program Files\uusee\out_mmshttp.dll
C:\Program Files\uusee\patch_cmd.exe
C:\Program Files\uusee\u264Dec.ax
C:\Program Files\uusee\UFDeMux.ax
C:\Program Files\uusee\unins000.dat
C:\Program Files\uusee\unins000.exe
C:\Program Files\uusee\updateC2.ocx
C:\Program Files\uusee\uusee_video.dll
C:\Program Files\uusee\uuseeAudioDec.ax
C:\Program Files\uusee\vermini_x.ini
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\IA
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\uninstall_nmon.vbs
L:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

\LEGACY_BDGUARD

\LEGACY_CMDSERVICE

\LEGACY_NETWORK_MONITOR

\LEGACY_NTMLSVC

\LEGACY_SFSYNC02

\cmdService

\Network Monitor

\npf

\NtmlSvc

\sfsync02

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-06 11:11 . 2008-03-06 11:11 <DIR> d

C:\Program Files\Microsoft Money 2006
2008-03-04 18:03 . 2008-03-04 18:03 <DIR> d

C:\WINDOWS\.jagex_cache_32
2008-03-02 07:25 . 2008-03-02 07:36 <DIR> d

C:\Documents and Settings\All Users\Application Data\TNT-HF
2008-03-02 07:23 . 2008-03-02 07:23 <DIR> d

C:\Documents and Settings\All Users\Application Data\Gecko Software
2008-03-02 07:01 . 2004-10-06 13:08 606,208 --a

C:\WINDOWS\system32\btnplus1.ocx
2008-03-02 07:01 . 2004-07-26 10:51 311,296 --a

C:\WINDOWS\system32\c1sizer.ocx
2008-03-02 07:01 . 2004-06-15 14:16 81,920 --a

C:\WINDOWS\system32\axlAU.dll
2008-03-02 07:01 . 2004-04-08 22:18 28,672 --a

C:\WINDOWS\system32\vPrTXL.dll
2008-03-01 21:46 . 2008-03-01 21:46 <DIR> d

C:\Program Files\Trend Micro
2008-02-24 12:39 . 2008-02-24 12:39 <DIR> d

C:\Program Files\Xilisoft
2008-02-24 12:12 . 2008-02-24 12:13 <DIR> d

C:\Documents and Settings\Xu XiaoYan\dwhelper
2008-02-24 08:38 . 2008-02-24 08:38 <DIR> dr

C:\Documents and Settings\Xu XiaoYan\Application Data\Brother
2008-02-23 00:17 . 2008-02-23 00:17 <DIR> d

C:\Documents and Settings\Xu XiaoYan\Incomplete
2008-02-23 00:17 . 2008-03-06 13:08 <DIR> d

C:\Documents and Settings\Xu XiaoYan\Application Data\LimeWire
2008-02-16 10:57 . 2004-08-04 00:56 4,255 --a

C:\WINDOWS\system32\dllcache\adv01nt5.dll
2008-02-16 10:57 . 2004-08-04 00:56 3,967 --a

C:\WINDOWS\system32\dllcache\adv02nt5.dll
2008-02-16 10:57 . 2004-08-04 00:56 3,711 --a

C:\WINDOWS\system32\dllcache\adv09nt5.dll
2008-02-16 10:57 . 2004-08-04 00:56 3,647 --a

C:\WINDOWS\system32\dllcache\adv07nt5.dll
2008-02-16 10:57 . 2004-08-04 00:56 3,615 --a

C:\WINDOWS\system32\dllcache\adv05nt5.dll
2008-02-16 10:57 . 2004-08-04 00:56 3,135 --a

C:\WINDOWS\system32\dllcache\adv08nt5.dll
2008-02-06 20:23 . 2008-02-06 20:23 319 --a

C:\WINDOWS\game.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 04:38

d

w C:\Program Files\Common Files\Symantec Shared
2008-03-06 02:05

d

w C:\Program Files\Starcraft
2008-03-02 15:30

d

w C:\Program Files\FlashGet
2008-03-02 12:00

d

w C:\Program Files\Common Files\Download Manager
2008-03-01 17:27

d

w C:\Documents and Settings\Xu XiaoYan\Application Data\Azureus
2008-02-24 02:32

d

w C:\Program Files\Activision
2008-02-13 03:35

d

w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 22:10

d

w C:\Program Files\Gran Paradiso
2008-02-09 21:01

d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 15:39

d

r C:\Documents and Settings\HP_Owner\Application Data\Brother
2008-01-18 15:24

d

w C:\Documents and Settings\Xu XiaoYan\Application Data\ScanSoft
2008-01-18 01:17

d

w C:\Program Files\Steam
2008-01-13 20:21

d

w C:\Program Files\Zone Labs
2008-01-13 19:47

d

w C:\Program Files\Virtools
2008-01-13 19:45

d

w C:\Program Files\PC-Doctor for Windows
2008-01-13 19:44

d

w C:\Program Files\DriftCity
2008-01-11 15:59

d

w C:\Documents and Settings\HP_Owner\Application Data\Ahead
2008-01-08 03:04

d

w C:\Program Files\Common Files\Adobe
2008-01-08 01:51

d

w C:\Program Files\Common Files\InstallShield
2008-01-08 01:51

d

w C:\Program Files\Brother
2008-01-08 01:48

d

w C:\Program Files\ScanSoft
2008-01-08 01:48

d

w C:\Program Files\Common Files\ScanSoft Shared
2008-01-08 01:48

d

w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-08 01:47

d

w C:\Documents and Settings\All Users\Application Data\Brother
2008-01-08 01:34

d

w C:\Program Files\Windows Live
2008-01-08 01:31

d

w C:\Program Files\Windows Live Toolbar
2008-01-08 01:31

d

w C:\Program Files\Windows Live Favorites
2008-01-08 01:26

d

w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-08 01:24

d

w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-22 16:13 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-11-17 00:24 3,040 ----a-w C:\Program Files\INSTALL.LOG
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-10 03:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-08-04 04:00 22,040 ---h--w C:\Documents and Settings\Xu XiaoYan\Application Data\aon.dat
2007-01-21 17:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-01-07 04:30 56 --sh--r C:\WINDOWS\system32\5AB0B8CA9B.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 14:29 33936]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 17:34 245760]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 23:05 339968]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-13 09:24 100056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 23:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:00 455168]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 06:42 659456]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 20:29 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-29 20:15 282624]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:32 58984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24 278528]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 18:50 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-11 10:44 185632]
"GrooveMonitor"="C:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 18:52 849280]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30 864256]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]

C:\Documents and Settings\Lu YouWu\Start Menu\Programs\Startup\
Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2007-08-17 18:14:00 110592]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2006-12-17 21:42:51 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\1zy1\\counter-strike\\hl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24834:TCP"= 24834:TCP:BitComet 24834 TCP
"24834:UDP"= 24834:UDP:BitComet 24834 UDP

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4310cf7-993f-11db-ada7-0013d30a7c71}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A6CBBD4-E3C9-C738-E422-F9FE869A435E}]
C:\Program Files\drivers\msmsrs.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 23:17:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-27 00:00:00 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2007-12-26 23:59:59 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-03-03 19:50:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Lu YouWu.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-08 20:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-03-07 00:05:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 18:57:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

Other Running Processes

.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
.
**************************************************************************
.
Completion time: 2008-03-06 19:07:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 00:06:56
.
2008-02-13 03:38:13 --- E O F ---

Oh it was too long so the HJT log well be in another reply.

Strike_12 · March 2008

And here is the newest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:04 PM, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://ca.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147729691265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3844FF67-9B80-4148-AE0E-297BFD7173A0}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 20343 bytes

Once again thank you!!!:D

Katana · March 2008

Well, that got rid of quite a bit

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus
LimeWire
BitComet

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Installed Programs

Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Malwarebytes' Anti-Malware
Kaspersky Log
Installed Programs List
How are things running now ?

Strike_12 · March 2008

I'm sorry it took me taht much time. The e-mail I received was marked as unread. I'll send the logs as soon as I did them!

THANKS Katana!!!:D:D

And as for my computer, the freezing at loading screen doesn't appear anymore!!

But it sometimes freezes when I open my modem and try to connect myself to the internet.

Strike_12 · March 2008

Hi,

I just did the Kaspersky scan, and the log is a 46 MB big log file. Can I upload it from somewhere else and give you the link?

Katana · March 2008

Do you have the MalwareBytes log ?

Strike_12 · March 2008

not yet, I just had my end of term project week... I'll do them as soon as I finishes.

Tank you a lot Katana!!!!:D:D:D

Strike_12 · March 2008

Hi,

I have been trying and using the Malwarebytes' Anti-Malware, but each time it's at about 750 files it freezes. When I restart it it goes a little further, but freezes again. Do you know why it's going that?

And now the computer at start up sometimes still freezes, but relatively rarely. And when I log on to my account it takes a lot of times, the computer is just always running something and it's quite slow.

_______________________________________________
Here is my program list:

???? 5.0
¿ì³µ(FlashGet) 1.9.6.1073
802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10
Action Ball Deluxe
Ad-Aware SE Professional
Adobe Acrobat 8.1.0 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 7.0.9
Adobe Reader Chinese Simplified Fonts
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Agere Systems PCI Soft Modem
Alias DirectConnect 2.0
Arctic Quest (v. 1.1)
ATI Control Panel
ATI Display Driver
Autodesk DWF Viewer
Azureus
Ballz3D
Beach Soccer
BellCanada SmartCall
Bistro Stars (v. 1.1)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Brother MFL-Pro Suite
CABAL Online
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Cda Product Service - shared component
Centipede 3D
City Magnate (v. 1.0)
City Racer
CodeBaby Player (Remove Only) 1.0.2.15
CodeBaby Player (Remove Only) 1.0.2.19
Cosmic Bugs
Crayola Amazing Animals
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Crystal Maze from Hewlett-Packard Desktops (remove only)
Crystal Wizard
Dassault Systemes Software B06
Digital Photo Navigator 1.5
Diner Dash
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DownloaderXL Package 5.8.8
DVD Solution
Easy Internet Sign-up
Egg vs. Chicken
Emperor - RotMK Bonus Campaign
Emperor: Rise of the Middle Kingdom 1.0.1.0
Enhanced Multimedia Keyboard Solution
Final Drive Nitro from Hewlett-Packard Desktops (remove only)
Football Manager 2007
Franklin the Turtle's Clubhouse Adventures (remove only)
Froggy's Adventures
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Gran Paradiso (3.0a1)
Guild Wars
Haali Media Splitter
Help and Support Additions
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
hitman_ss Screen Saver
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Organize
HP Photosmart Cameras 4.5
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Ice Puzzle Deluxe
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java(TM) SE Runtime Environment 6 Update 1
Jeanne D'Pac
Kaspersky Online Scanner
K-Lite Mega Codec Pack 1.52 Beta
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
LimeWire PRO 4.12.11
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Longman Advanced American Dictionary
MANIA Jeux Player
Map Button (Windows Live Toolbar)
Matroska Pack
Maya 7.0
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft® Winter Fun Pack 2004 for Windows® XP
Mozilla Firefox (2.0.0.12)
MSN
MSN Money Investment Toolbox
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 4.0
Need for Speed Underground 2
Need for Speed™ Most Wanted
Nero Suite
Network Play System (Patching)
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton Security Scan
Norton WMI Update
Norton WMI Update
PaperPort
PC-Doctor for Windows
Pencil-Pal Kindergarten
Photosmart 320,370,7400,8100,8400 Series
Plantasia
Plato Video To PSP Converter Free 3.64
Poker Superstars II
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PowerDirector Express
PowerDVD
PowerProducer
Professor Fizzwizzle
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
Reader Rabbit - 1st Grade
Reader Rabbit - 2nd Grade
Reader Rabbit - Learn to Read
Reader Rabbit - Math Ages 4-6
Reader Rabbit Personalized Reading Ages 6-9
RealPlayer
RegScrubXP 3.25
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Rhapsody Player Engine
Rocknor's Donut Factory
Rome - Total War(TM)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sentinel System Driver
Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Warlords
Slyder from Hewlett-Packard Desktops (remove only)
Smart Menus (Windows Live Toolbar)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
SpeechRedist
Sponge Bob Collapse
Starcraft
Steam
Subway Scramble
Super Granny from Hewlett-Packard Desktops (remove only)
SymNet
TBS WMP Plug-in
The Core Media Player 4.0
Total Video Converter 3.02
Track 'n Trade 5.0
Track 'n Trade High Finance
Tradewinds from Hewlett-Packard Desktops (remove only)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
Updates from HP
UUSeePlugIn 4.2.24 °æ
Video Converter
WA Update v3.50 beta2
Wallpaper Changer for Windows XP
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
Xilisoft Video Converter 3
Xiph QuickTime Components
ZoneAlarm Pro

________________________________________

For the malware scan, can I use ad-aware since I already have it. Or can you suggest me another program?

Thank you

Katana · March 2008

You can use Ad-Aware if you like, but MalwareBytes is probably better for what we need. It has been quite a while since you posted the ComboFix log, please can you run it again and post the fresh log.

Strike_12 · March 2008

ok I'll do the como fix scan.

The problem is I would like to use the MalwareBytes scanner but each time it has scanned around 700 files the program freezes.

Katana · March 2008

I will speak to the authors of the tool, and see if they know why it is freezing. Please post a fresh HJT log along with the ComboFix log

Strike_12 · March 2008

Here is my newest HJT log file!

___________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:23 PM, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://ca.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147729691265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3844FF67-9B80-4148-AE0E-297BFD7173A0}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 20507 bytes

_________________________________________________

I'll do the ComboFix scan soon.

Thank you!

Katana · April 2008

Strike,
I don't want to sound petty, but I asked you for a fresh Combofix log on 17/03.
I still don't have it.

Malware can change in minutes, never mind days.
If you wish to continue then you need to post the logs I request a lot faster.

Strike_12 · April 2008

oh ok, I'm very sorry

, here is the log, on 03/31, if you need a newer one I'll do them right away.

ComboFix 08-03-25.4 - Xu XiaoYan 2008-03-31 19:58:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.452 [GMT -4:00]
Running from: C:\Documents and Settings\Xu XiaoYan\Desktop\Combo-Fix.exe
* Created a new restore point
.
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
Findstr -MIF:/ sursen
MTEE /+ d-delA.dat

Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-31 17:04 . 2008-03-31 17:09 <DIR> d

C:\Program Files\Firefly Studios
2008-03-29 01:51 . 2008-03-29 01:51 <DIR> d

C:\Program Files\Common Files\xing shared
2008-03-23 22:36 . 2008-03-31 17:16 <DIR> d

C:\Program Files\Steam
2008-03-21 09:57 . 2008-03-21 09:57 <DIR> d

C:\Program Files\Microsoft Silverlight
2008-03-16 09:42 . 2008-03-16 09:42 <DIR> d

C:\Documents and Settings\Xu XiaoYan\Application Data\Malwarebytes
2008-03-16 09:41 . 2008-03-16 09:41 <DIR> d

C:\Program Files\Malwarebytes' Anti-Malware
2008-03-16 09:41 . 2008-03-16 09:41 <DIR> d

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-15 21:08 . 2008-03-15 21:12 139,264 --a

C:\WINDOWS\War3Unin.exe
2008-03-15 21:08 . 2008-03-15 21:18 76,006 --a

C:\WINDOWS\War3Unin.dat
2008-03-15 21:08 . 2008-03-15 21:12 2,829 --a

C:\WINDOWS\War3Unin.pif
2008-03-15 21:05 . 2008-03-22 13:10 <DIR> d

C:\Program Files\Warcraft III
2008-03-10 19:23 . 2008-03-10 19:23 <DIR> d

C:\WINDOWS\system32\Kaspersky Lab
2008-03-10 19:23 . 2008-03-10 19:23 <DIR> d

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-10 12:39 . 2008-03-10 12:39 <DIR> d

C:\Program Files\OGPlanet
2008-03-06 12:11 . 2008-03-06 12:11 <DIR> d

C:\Program Files\Microsoft Money 2006
2008-03-04 19:03 . 2008-03-04 19:03 <DIR> d

C:\WINDOWS\.jagex_cache_32
2008-03-02 08:25 . 2008-03-02 08:36 <DIR> d

C:\Documents and Settings\All Users\Application Data\TNT-HF
2008-03-02 08:23 . 2008-03-02 08:23 <DIR> d

C:\Documents and Settings\All Users\Application Data\Gecko Software
2008-03-02 08:01 . 2004-10-06 14:08 606,208 --a

C:\WINDOWS\system32\btnplus1.ocx
2008-03-02 08:01 . 2004-07-26 11:51 311,296 --a

C:\WINDOWS\system32\c1sizer.ocx
2008-03-02 08:01 . 2004-06-15 15:16 81,920 --a

C:\WINDOWS\system32\axlAU.dll
2008-03-02 08:01 . 2004-04-08 23:18 28,672 --a

C:\WINDOWS\system32\vPrTXL.dll
2008-03-01 22:46 . 2008-03-01 22:46 <DIR> d

C:\Program Files\Trend Micro
2008-02-24 13:39 . 2008-02-24 13:39 <DIR> d

C:\Program Files\Xilisoft
2008-02-24 13:12 . 2008-02-24 13:13 <DIR> d

C:\Documents and Settings\Xu XiaoYan\dwhelper
2008-02-24 09:38 . 2008-02-24 09:38 <DIR> dr

C:\Documents and Settings\Xu XiaoYan\Application Data\Brother
2008-02-23 01:17 . 2008-02-23 01:17 <DIR> d

C:\Documents and Settings\Xu XiaoYan\Incomplete
2008-02-23 01:17 . 2008-03-06 14:08 <DIR> d

C:\Documents and Settings\Xu XiaoYan\Application Data\LimeWire
2008-02-16 11:57 . 2004-08-04 01:56 4,255 --a

C:\WINDOWS\system32\dllcache\adv01nt5.dll
2008-02-16 11:57 . 2004-08-04 01:56 3,967 --a

C:\WINDOWS\system32\dllcache\adv02nt5.dll
2008-02-16 11:57 . 2004-08-04 01:56 3,711 --a

C:\WINDOWS\system32\dllcache\adv09nt5.dll
2008-02-16 11:57 . 2004-08-04 01:56 3,647 --a

C:\WINDOWS\system32\dllcache\adv07nt5.dll
2008-02-16 11:57 . 2004-08-04 01:56 3,615 --a

C:\WINDOWS\system32\dllcache\adv05nt5.dll
2008-02-16 11:57 . 2004-08-04 01:56 3,135 --a

C:\WINDOWS\system32\dllcache\adv08nt5.dll
2008-02-06 21:23 . 2008-02-06 21:23 319 --a

C:\WINDOWS\game.ini
2008-02-03 22:31 . 2008-03-21 09:58 <DIR> d

C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 21:09

d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 10:56

d

w C:\Documents and Settings\Xu XiaoYan\Application Data\Azureus
2008-03-29 05:51

d

w C:\Program Files\Common Files\Real
2008-03-26 21:17

d

w C:\Program Files\Starcraft
2008-03-26 00:46 2,675,712 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-23 01:11

d

w C:\Program Files\FlashGet
2008-03-22 16:13 2,781,696 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-19 16:33 472,064 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-19 04:11 2,946,560 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-03-19 04:11 2,890,752 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-03-17 10:53

d

w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-16 01:48 228,864 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-03-16 01:48 2,864,128 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-03-16 01:28 2,852,352 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-03-16 01:25 2,955,776 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-03-16 01:25 2,878,464 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-03-15 01:20

d

w C:\Program Files\Common Files\Symantec Shared
2008-03-15 01:02 2,851,840 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-03-15 01:02 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-03-14 18:39 379,904 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-03-14 04:15 826,880 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-12 18:32 367,104 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-12 12:46 4,063,996 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-12 08:06 2,872,320 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-12 07:09

d

w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-10 05:54 3,511,296 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-06 13:33 2,640,384 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-06 13:33 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-06 13:28 3,430,912 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-06 13:28 2,639,872 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-02 12:00

d

w C:\Program Files\Common Files\Download Manager
2008-02-25 05:35 3,285,504 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-25 05:34 2,677,760 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-24 02:32

d

w C:\Program Files\Activision
2008-02-12 03:53 3,074,560 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-11 22:10

d

w C:\Program Files\Gran Paradiso
2008-02-02 05:07 587,264 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-02 05:07 2,293,760 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-01 04:05 2,577,920 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-30 04:11 498,176 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-30 04:11 2,271,232 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-29 04:05 2,273,792 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-29 04:05 1,362,944 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-28 04:44 3,151,360 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-28 04:44 2,377,728 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-22 03:13 2,819,072 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-18 04:17 2,157,056 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-18 04:17 1,881,088 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-17 04:41 2,715,648 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-22 16:13 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-17 00:24 3,040 ----a-w C:\Program Files\INSTALL.LOG
2007-04-30 15:05 14,501,852 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_29_20_37_13_full.dmp.zip
2007-04-30 15:03 84,037 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_48_27_small.dmp.zip
2007-04-30 15:03 58,817 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_50_55_small.dmp.zip
2007-04-30 15:03 58,813 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_51_06_small.dmp.zip
2007-04-30 15:03 58,788 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_51_30_small.dmp.zip
2007-04-30 15:03 13,692,115 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_52_06_full.dmp.zip
2007-04-30 15:03 103,101 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_47_42_small.dmp.zip
2007-04-30 15:03 102,496 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_45_44_small.dmp.zip
2007-04-30 15:03 10,048,992 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_29_20_36_46_full.dmp.zip
2007-04-27 21:17 48,000 ----a-w C:\WINDOWS\Internet Logs\GLB72_2nd_2007_04_27_17_16_51_small.dmp.zip
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-10 03:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-08-04 04:00 22,040 ---h--w C:\Documents and Settings\Xu XiaoYan\Application Data\aon.dat
2002-06-04 09:06 65,536

w C:\WINDOWS\inf\copyinf.exe
2007-01-21 17:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-01-07 04:30 56 --sh--r C:\WINDOWS\system32\5AB0B8CA9B.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-03-27 20:23 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 15:29 33936]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 18:34 245760]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 00:05 339968]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-13 10:24 100056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:00 455168]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 07:42 659456]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-29 21:15 282624]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 19:50 81920]
"GrooveMonitor"="C:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04 40960]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 18:30 864256]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 01:51 185896]

C:\Documents and Settings\Lu YouWu\Start Menu\Programs\Startup\
Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2007-08-17 19:14:00 110592]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2006-12-17 22:42:51 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\1zy1\\counter-strike\\hl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24834:TCP"= 24834:TCP:BitComet 24834 TCP
"24834:UDP"= 24834:UDP:BitComet 24834 UDP

R2 X4HSX32;X4HSX32;C:\Program Files\MANIA Jeux\X4HSX32.Sys [2006-12-13 10:34]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 14:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 14:12]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 23:44]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 18:39]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 04:17]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\DriftCity\GameGuard\dump_wmimmc.sys []
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4310cf7-993f-11db-ada7-0013d30a7c71}]
\Shell\AutoRun\command - G:\setupSNK.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A6CBBD4-E3C9-C738-E422-F9FE869A435E}]
C:\Program Files\drivers\msmsrs.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 23:17:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-27 00:00:00 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2007-12-26 23:59:59 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-03-24 18:50:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Lu YouWu.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-03-21 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-01 00:05:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 20:04:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-31 20:07:26
ComboFix-quarantined-files.txt 2008-04-01 00:07:24
ComboFix2.txt 2008-03-07 00:07:01
.
2008-03-12 07:09:03 --- E O F ---
________________________________

Thanks and I promise to be faster in the futur

Katana · April 2008

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u5
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The Java Runtime Environment (JRE) 6 update 5 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.

Then from your desktop double-click on the download to install the newest version.

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

Adobe Reader 7.0.9
J2SE Runtime Environment 5.0
Java(TM) SE Runtime Environment 6 Update 1
Ad-Aware SE Professional <<< A newer version is available
WildTangent Web Driver Unless you play a lot of web based games I would remove this

Now close the Control Panel.

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
C:\WINDOWS\Internet Logs\xDB25.tmp
C:\WINDOWS\Internet Logs\xDB24.tmp
C:\WINDOWS\Internet Logs\xDB23.tmp
C:\WINDOWS\Internet Logs\xDB21.tmp
C:\WINDOWS\Internet Logs\xDB22.tmp
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB20.tmp
C:\WINDOWS\Internet Logs\xDB1E.tmp
C:\WINDOWS\Internet Logs\xDB1C.tmp
C:\WINDOWS\Internet Logs\xDB1D.tmp
C:\WINDOWS\Internet Logs\xDB1B.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB17.tmp
C:\WINDOWS\Internet Logs\xDB16.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\xDB14.tmp
C:\WINDOWS\Internet Logs\xDB13.tmp
C:\WINDOWS\Internet Logs\xDB11.tmp
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDBF.tmp
C:\WINDOWS\Internet Logs\xDB10.tmp
C:\WINDOWS\Internet Logs\xDBE.tmp
C:\WINDOWS\Internet Logs\xDBC.tmp
C:\WINDOWS\Internet Logs\xDBD.tmp
C:\WINDOWS\Internet Logs\xDBB.tmp
C:\WINDOWS\Internet Logs\xDB9.tmp
C:\WINDOWS\Internet Logs\xDBA.tmp
C:\WINDOWS\Internet Logs\xDB8.tmp
C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\Internet Logs\xDB5.tmp
C:\WINDOWS\Internet Logs\xDB6.tmp
C:\WINDOWS\Internet Logs\xDB4.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\system32\5AB0B8CA9B.sys
C:\Program Files\drivers\msmsrs.exe

Driver::
dump_wmimmc
XDva037
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A6CBBD4-E3C9-C738-E422-F9FE869A435E}]

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK

Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.

Please post the fresh ComboFix log along with the Total Scan log in your reply

Strike_12 · April 2008

Hi Katana,

I am at doing the TotalScan right now, but I can't open the link.

Can you give me another one please?

Katana · April 2008

Panda have stopped using the Total Scan service now, the new link is

http://www.pandasecurity.com/activescan/index/

Strike_12 · April 2008

Thank you!

I did everything you said I should do in your post. But about the ComboFix scan and its log, when I dragged the log in the ComboFix scan, it were a loading bar but afterward nothing happened. Is that supposed to be like that?

And my Norton Anitivirus tell me I have a "Downloader" and it can't remove it, can you help me about that?
*EDIT: The infected file is located at C:\WINDOWS\SYSTEM32\MSDTCS.DLL*
I don't know if this is the problem, but each time I connect myself to the internet the computer just freeze, and if I unplug the EThernet cable, it becomes valid within a minute. Is it because of a virus?

Thank you

Katana · April 2008

This is why I asked you to respond faster, that is a new problem.

Delete the copy of ComboFix that you have and download a fresh copy
ComboFix.exe 1
ComboFix.exe 2
ComboFix.exe 3

Please post the New combofix log along with the Active Scan log.

Strike_12 · April 2008

here is the comboFix scan log, for the Active Scan, I have done it twice and my Fire Fox was always shouted down. Do I need IE to do an active Scan?

And what are the different ComboFix? Why is there 3? I just downloaded the one called "ComboFix.exe 1" and here is it's log:
ComboFix 08-04-14.2 - Xu XiaoYan 2008-04-15 20:16:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.345 [GMT -4:00]
Running from: C:\Documents and Settings\Xu XiaoYan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Lu YouWu\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-13 17:50 . 2008-04-13 17:50 <DIR> d

C:\Program Files\EA SPORTS
2008-04-13 09:05 . 2008-04-13 09:06 <DIR> d

C:\Program Files\Panda Security
2008-04-09 19:43 . 2008-04-09 19:43 <DIR> d

C:\Combo-Fix
2008-04-09 19:41 . 2008-04-09 19:41 <DIR> d

C:\Program Files\Sun
2008-04-09 19:40 . 2008-02-22 02:33 69,632 --a

C:\WINDOWS\system32\javacpl.cpl
2008-04-09 18:01 . 2008-04-09 18:08 1,355 --a

C:\WINDOWS\imsins.BAK
2008-04-03 20:29 . 2008-04-13 22:54 54,156 --ah

C:\WINDOWS\QTFont.qfn
2008-04-03 20:29 . 2008-04-03 20:29 1,409 --a

C:\WINDOWS\QTFont.for
2008-04-02 10:42 . 2008-04-02 11:13 <DIR> d

C:\travian
2008-03-31 17:04 . 2008-03-31 17:09 <DIR> d

C:\Program Files\Firefly Studios
2008-03-29 01:51 . 2008-03-29 01:51 <DIR> d

C:\Program Files\Common Files\xing shared
2008-03-23 22:36 . 2008-04-11 23:53 <DIR> d

C:\Program Files\Steam
2008-03-21 09:57 . 2008-03-21 09:57 <DIR> d

C:\Program Files\Microsoft Silverlight
2008-03-16 09:42 . 2008-03-16 09:42 <DIR> d

C:\Documents and Settings\Xu XiaoYan\Application Data\Malwarebytes
2008-03-16 09:41 . 2008-03-16 09:41 <DIR> d

C:\Program Files\Malwarebytes' Anti-Malware
2008-03-16 09:41 . 2008-03-16 09:41 <DIR> d

C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 00:15

d

w C:\Documents and Settings\Xu XiaoYan\Application Data\Azureus
2008-04-15 21:38

d

w C:\Program Files\Common Files\Symantec Shared
2008-04-13 18:36 3,063,296 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-04-12 03:30

d

w C:\Program Files\Warcraft III
2008-04-09 23:40

d

w C:\Program Files\Java
2008-04-09 23:28

d

w C:\Program Files\WildTangent
2008-04-09 22:10

d

w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 03:24 802,816 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-04-09 03:24 3,215,360 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-04-08 10:51 6,006,323 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-08 02:52 2,722,816 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-04-05 01:21

d

w C:\Program Files\Starcraft
2008-04-04 21:33 3,180,032 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-04-04 21:33 119,296 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-04-04 02:57 3,119,616 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-04-04 02:57

d

w C:\Program Files\FlashGet
2008-03-31 21:09

d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 05:51

d

w C:\Program Files\Common Files\Real
2008-03-26 00:46 2,675,712 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-22 16:13 2,781,696 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-19 16:33 472,064 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 04:11 2,946,560 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-03-19 04:11 2,890,752 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-03-17 10:53

d

w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-16 01:48 228,864 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-03-16 01:48 2,864,128 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-03-16 01:28 2,852,352 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-03-16 01:25 2,955,776 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-03-16 01:25 2,878,464 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-03-16 01:12 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-16 01:12 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-15 01:02 2,851,840 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-03-15 01:02 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-03-14 18:39 379,904 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-03-14 04:15 826,880 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-12 18:32 367,104 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-12 08:06 2,872,320 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-10 23:23

d

w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-10 16:39

d

w C:\Program Files\OGPlanet
2008-03-10 05:54 3,511,296 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-06 18:08

d

w C:\Documents and Settings\Xu XiaoYan\Application Data\LimeWire
2008-03-06 16:11

d

w C:\Program Files\Microsoft Money 2006
2008-03-06 13:33 2,640,384 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-06 13:33 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-06 13:28 3,430,912 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-06 13:28 2,639,872 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-02 12:36

d

w C:\Documents and Settings\All Users\Application Data\TNT-HF
2008-03-02 12:23

d

w C:\Documents and Settings\All Users\Application Data\Gecko Software
2008-03-02 12:00

d

w C:\Program Files\Common Files\Download Manager
2008-03-02 02:46

d

w C:\Program Files\Trend Micro
2008-02-25 05:35 3,285,504 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-25 05:34 2,677,760 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-24 17:39

d

w C:\Program Files\Xilisoft
2008-02-24 13:38

d

r C:\Documents and Settings\Xu XiaoYan\Application Data\Brother
2008-02-24 02:32

d

w C:\Program Files\Activision
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-12 03:53 3,074,560 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-02 05:07 587,264 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-02 05:07 2,293,760 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-01 04:05 2,577,920 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-30 04:11 498,176 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-30 04:11 2,271,232 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-29 04:05 2,273,792 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-29 04:05 1,362,944 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-28 04:44 3,151,360 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-28 04:44 2,377,728 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-22 03:13 2,819,072 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-18 04:17 2,157,056 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-18 04:17 1,881,088 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-17 04:41 2,715,648 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-17 00:24 3,040 ----a-w C:\Program Files\INSTALL.LOG
2007-04-30 15:05 14,501,852 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_29_20_37_13_full.dmp.zip
2007-04-30 15:03 84,037 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_48_27_small.dmp.zip
2007-04-30 15:03 58,817 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_50_55_small.dmp.zip
2007-04-30 15:03 58,813 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_51_06_small.dmp.zip
2007-04-30 15:03 58,788 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_51_30_small.dmp.zip
2007-04-30 15:03 13,692,115 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_52_06_full.dmp.zip
2007-04-30 15:03 103,101 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_47_42_small.dmp.zip
2007-04-30 15:03 102,496 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_20_45_44_small.dmp.zip
2007-04-30 15:03 10,048,992 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_29_20_36_46_full.dmp.zip
2007-04-27 21:17 48,000 ----a-w C:\WINDOWS\Internet Logs\GLB72_2nd_2007_04_27_17_16_51_small.dmp.zip
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-10 03:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-08-04 04:00 22,040 ---h--w C:\Documents and Settings\Xu XiaoYan\Application Data\aon.dat
2002-06-04 09:06 65,536

w C:\WINDOWS\inf\copyinf.exe
2007-01-21 17:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-01-07 04:30 56 --sh--r C:\WINDOWS\system32\5AB0B8CA9B.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 15:29 33936]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 18:34 245760]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 00:05 339968]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-13 10:24 100056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:00 455168]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 07:42 659456]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-29 21:15 282624]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 19:50 81920]
"GrooveMonitor"="C:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04 40960]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 18:30 864256]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 01:51 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\Lu YouWu\Start Menu\Programs\Startup\
Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2007-08-17 19:14:00 110592]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2006-12-17 22:42:51 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\1zy1\\counter-strike\\hl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24834:TCP"= 24834:TCP:BitComet 24834 TCP
"24834:UDP"= 24834:UDP:BitComet 24834 UDP

R2 X4HSX32;X4HSX32;C:\Program Files\MANIA Jeux\X4HSX32.Sys [2006-12-13 10:34]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 14:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 14:12]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 23:44]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 18:39]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 04:17]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\DriftCity\GameGuard\dump_wmimmc.sys []
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4310cf7-993f-11db-ada7-0013d30a7c71}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A6CBBD4-E3C9-C738-E422-F9FE869A435E}]
C:\Program Files\drivers\msmsrs.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 00:17:09 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-27 00:00:00 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2007-12-26 23:59:59 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-03-24 18:50:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Lu YouWu.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-03-21 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-16 00:30:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 20:24:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 216

**************************************************************************
.
Completion time: 2008-04-15 20:33:41
ComboFix-quarantined-files.txt 2008-04-16 00:33:26
ComboFix2.txt 2008-04-01 00:07:27
ComboFix3.txt 2008-03-07 00:07:01

Pre-Run: 8,179,691,520 bytes free
Post-Run: 8,243,679,232 bytes free
.
2008-04-12 07:11:30 --- E O F ---

______________________________

Thank you!

Strike_12 · April 2008

Hi here is the active scan log.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-16 07:03:15
PROTECTIONS: 1
MALWARE: 54
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security 2005 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00036156 adware/winres Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38A51A-23C9-48a1-A33C-48675AA2B494}
00064486 adware/baidubar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Cookies\lu_youwu@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.atdmt.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.spylog.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.clickbank.net/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.clickbank.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revenue[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.myaffiliateprogram[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.yadro.ru/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@landing.domainsponsor[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Cookies\lu_youwu@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.xiti.com/]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.hotlog.ru/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Cookies\lu_youwu@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\st7q32ou.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.888.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.888.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[www.burstbeacon.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[server.iad.liveperson.net/hc/75190831]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@server.iad.liveperson[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[server.iad.liveperson.net/hc/50738952]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bluestreak[2].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Cookies\xu_xiaoyan@phg.hitbox[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Xu XiaoYan\Application Data\Mozilla\Firefox\Profiles\4342gkqn.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.adultfriendfinder.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Cookies\lu_youwu@searchportal.information[1].txt
00251146 Adware/SearchAid Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\FranklinClubhouseSetup-dm.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\rFactorSetup-dm.exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda6b9.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldaafb.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldab8e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldabf2.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldac6a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldad29.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldad39.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb047.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb09c.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb0a5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb1b2.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb268.tmp
00264418 adware/spywarequake Adware No 0 Yes No

~~~~
the rest are as follow

Strike_12 · April 2008

The rest

c:\windows\system32\1024\ldb347.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb442.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb59a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb666.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb669.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb6a3.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldb8e4.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldbaed.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldbb55.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldbbfa.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldbc07.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldbc73.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldbc90.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldbe0a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldbea5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc00c.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc1f2.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc3ac.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc418.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc5bd.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc6f0.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc736.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc7cf.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc7dc.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc8e0.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldc9bb.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldcdce.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldce67.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldcfa9.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldcffc.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd03b.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd2dc.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd38e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda4e9.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd43e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd476.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd54a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd782.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd87d.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd93c.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd949.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd957.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldda8e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lddd3d.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda64b.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldddef.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lddebb.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lddece.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lddf34.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lddfb1.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lde0fd.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lde14a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lde1d6.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lde487.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lde4b4.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lde67f.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lde6cc.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lde92c.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldea19.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldea29.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldeaa2.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldeb65.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldec64.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldec9e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lded4e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf0c0.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf28c.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf457.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf5be.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf681.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf68a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf6fb.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf7ae.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldf947.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldfb12.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldfb7a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldfc2f.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldfc3b.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldfc88.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldfec9.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda453.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda40e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda27c.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda126.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda0c9.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9f10.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9d48.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9aca.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9a6a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld99bc.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9942.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9924.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9918.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9858.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9526.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9451.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld93e1.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9372.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld92a7.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld9017.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8fd7.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldddbb.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8f85.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8ecf.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8ebf.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8da9.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8d84.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8d54.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8c97.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8a17.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8997.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld886c.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8834.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld879b.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld86cc.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8378.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld82ec.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8226.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8209.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld8170.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld812b.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld804a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7e80.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7de6.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7c5e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7c1d.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7b40.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7854.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld76ca.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld768e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7635.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7632.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7575.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7341.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7233.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld717e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7071.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6fc5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6d05.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6ca7.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6c36.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6bae.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6b7f.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6b69.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6ae0.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6ac7.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6a81.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6918.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6763.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6695.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld64b8.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld64a5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld6403.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld63d9.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld60a4.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5ffa.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5f72.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5f36.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5eeb.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5e38.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5c5e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5a67.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5a55.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5988.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld591e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld57db.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld541d.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld53d7.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld53ad.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld534e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld5283.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4fb3.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4f60.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4e9b.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4d6f.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4d30.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4c72.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4a02.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\lda4ec.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4986.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4972.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4929.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4819.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld478f.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4767.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld464a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld45f6.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4480.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld42c8.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld41f1.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld41e5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4154.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4074.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld4016.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld3efb.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld3dc1.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld3c60.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld3c53.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld3bf9.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld3b36.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld393c.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld3820.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld36b7.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld36a5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld35fc.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld348b.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld314a.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld30e5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld304d.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld2fa0.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld2c92.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld2b89.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld2b35.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld2aac.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld2a4d.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld28f3.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld274e.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld26a3.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld2670.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld24df.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld24d8.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld24ac.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld2493.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld23a5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld21ea.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld215f.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1fc5.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1f02.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1ee0.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1e4d.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1e14.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1c68.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1a33.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld197d.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1970.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1964.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld18b1.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld17b6.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld156f.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld13b3.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1339.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld106b.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ldd3f6.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld1050.tmp
01073279 Adware/WebSearch Adware No 0 Yes No C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Xu XiaoYan\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1\A0000006.EXE
01313177 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP30\A0032350.dll
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Lu YouWu\Application Data\Mozilla\Firefox\Profiles\74tdb7j6.default\cookies.txt[.adserver.easyad.info/]
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@h.starware[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location _
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description _
;===================================================================================================================================================================================
182048 HIGH MS07-069 _
176382 HIGH MS07-057 _
170911 HIGH MS07-050 _
170906 HIGH MS07-045 _
164913 HIGH MS07-033 _
160623 HIGH MS07-027 _
150253 HIGH MS07-016 _
145501 HIGH MS07-004 _
;===================================================================================================================================================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you

Windows XP freeze after the loading screen

Comments