Pop-ups just keep coming

Nycine · August 2009

Hello everyone. I keep getting pop-unders from many various sites like Evony, adyieldmanager, Game Harbour and even Facebook to name a few. I have tried programs such as Spyware Doctor, Ad Aware and Avast! Antivirus (I'm having problems installing AVG even when I uninstall the rest of programs). I'm at my wit's end because I can't even use the internet in peace. Here is the log from HijackThis. Thank you very much in advance and looking forward to a response soon.

Nycine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:43:09 PM, on 14/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Germaine\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c96dcddff49f26) (gupdate1c96dcddff49f26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12613 bytes

chiaz · August 2009

Hey there, welcome.

Please download Malwarebytes' Anti-Malware by clicking the link below:
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Nycine · August 2009

Thank you very much for your reply. Here is the information from ComboFix and HijackThis.

ComboFix 09-08-10.06 - Jameela 15/08/2009 10:20.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.550 [GMT -4:00]
Running from: c:\documents and settings\Jameela\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090814-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jameela\Local Settings\Temporary Internet Files\_tm41D.tmp
c:\documents and settings\Jameela\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\driver
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.

2009-08-15 13:23 . 2009-08-15 13:23

d

w- c:\documents and settings\Jameela\Application Data\Malwarebytes
2009-08-15 13:23 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 13:23 . 2009-08-15 13:23

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-15 13:23 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 13:23 . 2009-08-15 13:23

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 00:31 . 2009-08-15 00:31

d

w- c:\program files\Trend Micro
2009-08-14 10:49 . 2009-08-14 10:49

d

w- c:\program files\Eusing Free Registry Cleaner
2009-08-14 02:51 . 2009-08-14 02:51

d-sh--w- c:\documents and settings\Jameela\IECompatCache
2009-08-11 02:16 . 2009-08-11 02:16

d

w- c:\documents and settings\All Users\Application Data\PopCap
2009-08-10 13:41 . 2009-08-10 13:43 17494456 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-08-10 05:17 . 2009-08-10 05:17 99344 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-07 14:49 . 2009-08-07 14:49

d

w- c:\documents and settings\Germaine\Local Settings\Application Data\DNA
2009-08-07 14:49 . 2009-08-09 14:52

d

w- c:\documents and settings\Germaine\Application Data\DNA
2009-08-06 17:05 . 2009-08-06 17:05 92192 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\IMVUupdater.exe
2009-08-06 17:05 . 2009-08-06 17:05 92192 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\IMVUupdater.exe
2009-08-06 17:05 . 2009-08-06 17:05 18688 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\imvuqualityagent.exe
2009-08-06 17:05 . 2009-08-06 17:05 18688 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\imvuqualityagent.exe
2009-08-06 17:05 . 2009-08-06 17:05 52992 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\IMVUClient.exe
2009-08-06 17:05 . 2009-08-06 17:05 52992 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\IMVUClient.exe
2009-08-06 16:59 . 2009-08-06 16:59 1252864 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\SceneWindow.dll
2009-08-06 16:59 . 2009-08-06 16:59 1252864 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\SceneWindow.dll
2009-08-06 16:59 . 2009-08-06 16:59 15872 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\MemoryHook.dll
2009-08-06 16:59 . 2009-08-06 16:59 15872 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\MemoryHook.dll
2009-08-06 16:57 . 2009-08-06 16:57 296960 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\cal3d.dll
2009-08-06 16:57 . 2009-08-06 16:57 296960 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\cal3d.dll
2009-08-06 16:57 . 2009-08-06 16:57 190976 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\boost_python.dll
2009-08-06 16:57 . 2009-08-06 16:57 190976 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\boost_python.dll
2009-08-06 16:57 . 2009-08-06 16:57 30720 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\CallStack.dll
2009-08-06 16:57 . 2009-08-06 16:57 30720 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\CallStack.dll
2009-08-06 16:57 . 2009-08-06 16:57 257536 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\audiere.dll
2009-08-06 16:57 . 2009-08-06 16:57 257536 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\audiere.dll
2009-08-04 21:38 . 2009-08-04 21:38 152576 ----a-w- c:\documents and settings\Jameela\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 18:03 . 2009-08-04 18:03 49664 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\w9xpopen.exe
2009-08-04 18:03 . 2009-08-04 18:03 49664 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\w9xpopen.exe
2009-08-04 18:03 . 2009-08-04 18:03 110080 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\pywintypes26.dll
2009-08-04 18:03 . 2009-08-04 18:03 110080 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\pywintypes26.dll
2009-08-04 18:03 . 2009-08-04 18:03 353280 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\pythoncom26.dll
2009-08-04 18:03 . 2009-08-04 18:03 353280 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\pythoncom26.dll
2009-08-04 18:03 . 2009-08-04 18:03 2251264 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\python26.dll
2009-08-04 18:03 . 2009-08-04 18:03 2251264 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\python26.dll
2009-07-30 17:26 . 2009-07-30 20:08 34 ----a-w- c:\documents and settings\Germaine\jagex_runescape_preferences.dat
2009-07-30 14:02 . 2009-08-13 16:00

d

w- c:\documents and settings\Germaine\Application Data\IMVU
2009-07-30 14:02 . 2009-08-10 13:44 82041 ----a-w- c:\documents and settings\Germaine\Application Data\IMVUClient\Uninstall.exe
2009-07-30 14:01 . 2009-08-10 13:43

d

w- c:\documents and settings\Germaine\Application Data\IMVUClient
2009-07-30 04:17 . 2009-07-30 04:17

d

w- c:\documents and settings\All Users\Application Data\WinZipSE
2009-07-30 04:17 . 2009-07-30 04:17

d

w- c:\program files\WinZip Self-Extractor
2009-07-27 22:53 . 2009-08-07 01:48 17494456 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-07-25 12:47 . 2009-07-25 12:47

d

w- c:\documents and settings\Germaine\Local Settings\Application Data\AVG Security Toolbar
2009-07-24 12:03 . 2009-06-14 20:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-22 02:09 . 2009-07-22 02:09

d

w- C:\CrashReport
2009-07-21 11:50 . 2009-07-21 11:50

d

w- c:\program files\Common Files\DirectX
2009-07-21 11:50 . 2009-07-21 16:31 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-07-21 04:54 . 2009-07-21 16:32

d

w- c:\program files\Gravity
2009-07-19 14:00 . 2009-07-19 14:00

d

w- c:\documents and settings\Jameela\Local Settings\Application Data\AVG Security Toolbar
2009-07-19 13:55 . 2009-07-19 14:13

d

w- c:\documents and settings\All Users\Application Data\avg8
2009-07-19 13:24 . 2009-07-24 12:03

d

w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-19 06:46 . 2009-07-19 06:46

d

w- c:\program files\AVG
2009-07-16 23:26 . 2009-08-02 21:45

d

w- c:\documents and settings\Jameela\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 14:07 . 2009-01-03 17:34

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-15 11:58 . 2009-01-03 17:34

d

w- c:\program files\Common Files\PC Tools
2009-08-14 22:56 . 2009-06-29 23:52

d

w- c:\documents and settings\Jameela\Application Data\IMVU
2009-08-14 13:26 . 2009-01-03 17:48

d

w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-14 10:54 . 2009-01-03 18:24

d

w- c:\program files\Spyware Doctor
2009-08-14 10:25 . 2009-05-04 00:41

d

w- c:\documents and settings\Jameela\Application Data\Xfire
2009-08-14 01:21 . 2009-01-05 16:37

d

w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-10 00:57 . 2009-01-03 18:46 34 ----a-w- c:\documents and settings\Jameela\jagex_runescape_preferences.dat
2009-08-09 03:44 . 2009-01-03 17:59

d

w- c:\program files\Picasa2
2009-08-07 01:49 . 2009-06-29 23:51 82041 ----a-w- c:\documents and settings\Jameela\Application Data\IMVUClient\Uninstall.exe
2009-08-07 01:49 . 2009-06-29 23:50

d

w- c:\documents and settings\Jameela\Application Data\IMVUClient
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 21:39 . 2009-01-03 18:02

d

w- c:\program files\Java
2009-08-03 11:42 . 2009-01-03 19:11 1 ----a-w- c:\documents and settings\Jameela\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-01 11:51 . 2009-01-13 23:49

d

w- c:\program files\Microsoft Silverlight
2009-07-30 17:48 . 2009-01-08 19:23

d

w- c:\documents and settings\Germaine\Application Data\Winamp
2009-07-25 12:46 . 2009-01-15 11:37 39768 ----a-w- c:\documents and settings\Germaine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 09:23 . 2009-01-03 18:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 17:38 . 2009-01-13 14:08 39768 ----a-w- c:\documents and settings\Jameela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 16:32 . 2009-01-03 17:26

d--h--w- c:\program files\InstallShield Installation Information
2009-07-19 13:19 . 2009-01-03 17:33

d

w- c:\program files\PC Tools AntiVirus
2009-07-19 13:19 . 2009-01-03 17:34

d

w- c:\documents and settings\Jameela\Application Data\PC Tools
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 17:03 . 2009-05-04 00:40

d

w- c:\program files\Xfire
2009-07-15 17:02 . 2009-07-01 14:29

d

w- c:\documents and settings\Guest\Application Data\IMVU
2009-07-14 03:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 15:19 . 2009-01-09 20:23 34 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-07-12 01:07 . 2009-07-12 01:04

d

w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-12 01:04 . 2009-07-12 01:04

dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-12 01:04 . 2009-07-12 01:04

d

w- c:\program files\Lavasoft
2009-07-11 13:57 . 2009-01-03 17:25

d

w- c:\program files\Common Files\InstallShield
2009-07-08 17:28 . 2009-07-12 01:04 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-07 22:30 . 2009-07-04 20:29

d

w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-07-07 01:38 . 2009-07-07 01:38

d

w- c:\program files\Alwil Software
2009-07-06 16:03 . 2009-07-06 16:03

d

w- c:\program files\Common Files\PCSuite
2009-07-06 16:03 . 2009-06-24 10:32

d

w- c:\program files\Common Files\Nokia
2009-07-06 15:59 . 2009-07-06 15:59 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-06 15:59 . 2009-07-06 15:59 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-06 15:59 . 2009-07-06 15:59 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-06 15:59 . 2009-07-06 15:59 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-06 15:58 . 2009-01-03 18:31

d

w- c:\documents and settings\All Users\Application Data\Installations
2009-07-06 15:58 . 2009-07-06 15:59 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
2009-07-06 13:36 . 2009-02-12 18:33 39768 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 11:05 . 2009-07-05 11:05

d

w- c:\documents and settings\Germaine\Application Data\Recordpad
2009-07-05 11:05 . 2009-07-05 11:05

d

w- c:\documents and settings\Germaine\Application Data\NCH Swift Sound
2009-07-04 23:10 . 2009-01-03 18:43

d

w- c:\documents and settings\Jameela\Application Data\Nokia
2009-07-04 23:03 . 2009-01-03 18:42

d

w- c:\program files\Nokia
2009-07-04 23:03 . 2009-07-04 23:03

d

w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-07-04 23:00 . 2009-07-04 23:00

d

w- c:\program files\MSBuild
2009-07-04 23:00 . 2009-07-04 23:00

d

w- c:\program files\Reference Assemblies
2009-07-04 20:26 . 2009-07-04 20:26

d

w- c:\program files\IVT Corporation
2009-07-03 23:13 . 2009-07-03 23:13

d

w- c:\documents and settings\Jameela\Application Data\Digsby
2009-07-03 17:09 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 14:49 . 2009-07-12 01:07 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-07-12 15:48 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-03 12:00 . 2009-07-03 12:00

d

w- c:\documents and settings\Guest\Application Data\Recordpad
2009-07-03 12:00 . 2009-07-03 12:00

d

w- c:\documents and settings\Guest\Application Data\NCH Swift Sound
2009-07-03 06:05 . 2009-07-03 06:03

d

w- c:\documents and settings\Jameela\Application Data\SecondLife
2009-07-03 00:43 . 2009-07-03 00:43

d

w- c:\program files\Common Files\xing shared
2009-07-03 00:43 . 2009-01-03 17:50

d

w- c:\program files\Common Files\Real
2009-07-03 00:42 . 2009-01-03 17:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-03 00:27 . 2009-07-03 00:27

d

w- c:\documents and settings\Jameela\Application Data\Recordpad
2009-07-03 00:21 . 2009-07-03 00:21

d

w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-03 00:21 . 2009-07-03 00:21

d

w- c:\documents and settings\Jameela\Application Data\NCH Swift Sound
2009-07-03 00:21 . 2009-07-03 00:19

d

w- c:\program files\NCH Swift Sound
2009-07-03 00:20 . 2009-07-03 00:20

d

w- c:\program files\NCH Software
2009-07-01 14:28 . 2009-07-01 14:28 80967 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\Uninstall.exe
2009-07-01 14:28 . 2009-07-01 14:26

d

w- c:\documents and settings\Guest\Application Data\IMVUClient
2009-06-30 14:52 . 2009-04-14 21:07

d

w- c:\documents and settings\Guest\Application Data\Winamp
2009-06-30 03:03 . 2009-05-30 22:06

d

w- c:\program files\Easy Paint Tool SAI
2009-06-29 13:30 . 2009-06-29 13:30

d

w- c:\documents and settings\Guest\Application Data\Canneverbe_Limited
2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\IMVUupdater.exe
2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\IMVUClient.exe
2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\imvuqualityagent.exe
2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\SceneWindow.dll
2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\MemoryHook.dll
2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\cal3d.dll
2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\CallStack.dll
2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\boost_python.dll
2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\audiere.dll
2009-06-25 22:14 . 2009-05-10 04:11

d

w- c:\documents and settings\Guest\Application Data\Nokia
2009-06-25 10:48 . 2009-06-25 10:48

d

w- c:\documents and settings\All Users\Application Data\Nokia
2009-06-25 10:46 . 2009-06-25 10:46 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-25 10:46 . 2009-06-25 10:46 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-25 10:46 . 2009-06-25 10:46 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-25 10:45 . 2009-06-25 10:46 24376008 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_en(2).exe
2009-06-25 04:14 . 2009-06-25 04:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-25 04:14 . 2009-06-25 04:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\xpcshell.exe
2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\crashreporter.exe
2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\xulrunner.exe
2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\mangle.exe
2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\shlibsign.exe
2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\xpidl.exe
2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\updater.exe
2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\xpt_dump.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\xpt_link.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\ssltunnel.exe
2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\documents and settings\Guest\Application Data\IMVUClient\GeckoBin\regxpcom.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 528384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-03 198160]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-04-25 176128]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
IMVU.lnk - c:\documents and settings\Jameela\Application Data\IMVUClient\IMVUClient.exe [2009-8-6 52992]

c:\documents and settings\Jameela\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-6-11 3182928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\AeriaGames\\Latale\\LaTaleLauncher.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/07/2009 09:07 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13/06/2009 03:29 PM 130936]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [26/03/2007 03:26 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [26/03/2007 03:26 PM 53248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/07/2009 09:40 PM 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [03/01/2009 01:25 PM 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/07/2009 09:40 PM 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/01/2009 10:31 AM 210216]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [03/03/2009 12:40 PM 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [03/03/2009 12:40 PM 56960]
S2 gupdate1c96dcddff49f26;Google Update Service (gupdate1c96dcddff49f26);c:\program files\Google\Update\GoogleUpdate.exe [03/01/2009 02:05 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1029456]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [23/01/2009 05:10 PM 33752]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24/06/2009 06:29 AM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24/06/2009 06:29 AM 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [03/01/2009 02:24 PM 348752]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-03 13:02]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-03 12:56]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-03 12:56]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
URLSearchHooks-*CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

.

Supplementary Scan

.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7PCTA_en
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Germaine\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Jameela\Application Data\Mozilla\Firefox\Profiles\wd8t3pkf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.tt/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59925&p=
FF - component: c:\documents and settings\Jameela\Application Data\Mozilla\Firefox\Profiles\wd8t3pkf.default\extensions\{88c4479d-3515-4ca3-a805-27b920c3bf6d}\components\Engine.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Jameela\Application Data\Mozilla\Firefox\Profiles\wd8t3pkf.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 10:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2009-08-15 10:44
ComboFix-quarantined-files.txt 2009-08-15 14:42

Pre-Run: 119,327,760,384 bytes free
Post-Run: 120,932,802,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /usepmtimer /NoExecute=OptIn

344 --- E O F --- 2009-08-13 10:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:41 AM, on 15/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Germaine\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c96dcddff49f26) (gupdate1c96dcddff49f26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11055 bytes

chiaz · August 2009

Please go HERE to run Panda ActiveScan 2.0

Click the big green Scan now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
Once the scan is completed, please hit the notepad icon next to the text Export to:
Save it to a convenient location such as your Desktop
Post the contents of the ActiveScan.txt in your next reply, as well as let me know how your PC is running now.

Nycine · August 2009

Thank you for your help. Well I've had no popups or anything since. The ActiveScan took forever to finish, It was stuck on 30% for almost a day. Here are the results.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-16 22:15:01
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090815-0] 4.8.1335 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jameela\Cookies\jameela@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jameela\Cookies\jameela@atdmt[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jameela\Cookies\jameela@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Germaine\Cookies\germaine@com[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Jameela\Cookies\jameela@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Germaine\Cookies\germaine@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Guest\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32
02258696 Trj/Autorun.CC Virus/Trojan No 0 Yes No F:\Recycler\S-1-5-21-5738711533-442085266-2716820556-500\~WRL3403.TMP
;===================================================================================================================================================================================
SUSPECTS
Sent Location 1
;===================================================================================================================================================================================
No C:\System Volume Information\_restore{9B8D4731-87A5-40BA-B7D2-89863672DA45}\RP258\A0085399.rbf 1
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 1
;===================================================================================================================================================================================
;===================================================================================================================================================================================

chiaz · August 2009

I think our work is done here - your PC should be clean now.

Clear your Recycle Bin.

And it's time to remove ComboFix.

Go to to Start > Run
Type in box

combofix /u

Note: the space between the X and the /u

Press Enter.

This command will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Even if you have no more queries, I would appreciate if you can reply once more to this thread so that I will be able to have this archived. Thanks.

Nycine · August 2009

Thank you very much for all your help.

chiaz · August 2009

Glad we could be of assistance! This topic is now closed.

If I have helped you, please consider making a personal donation (Paypal) to me at parasite[AT]parasitedb.com.
To support Icrontic, click here:
http://icrontic.com/support
Donations are entirely voluntary in nature and will have no bearing on the future help that you may receive.

If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

Pop-ups just keep coming

Comments