# Worm.32.Autorun.awrx + Troajn-gamethief.Win32.Magania.Ath 500 times?



## gip213 (Aug 18, 2008)

Just received a ZoneAlarm scan alert and the results show almost 500 results of Trojan-Gamethief.Win32.Magania.ath and Worm.Win32.Autorun.awrx located in C:\Documents and Setting\All Users\Application Data\Microsoft Anitmalware\Local Copy\{"Random Strings"}.
When I try to tick "Delete" to them all, they slowly automatically change back to "Repair" and the Apply button is whited out. Any idea what I should do?


----------



## sjpritch25 (Sep 8, 2005)

Welcome to TSG 








Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that *everything is checked*, and click *Remove Selected*.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.


Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*


----------



## gip213 (Aug 18, 2008)

Thanks for the quick reply  Here's the log. I noticed when I turned my computer on again, the BIOS loading screen for Dell got stuck on the last bar. I rebooted it twice and the same thing happened. On the third try it worked.



Malwarebytes' Anti-Malware 1.41
Database version: 3132
Windows 5.1.2600 Service Pack 3

9/11/2009 9:50:54 PM
mbam-log-2009-11-09 (21-50-54).txt

Scan type: Quick Scan
Objects scanned: 165271
Time elapsed: 24 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9a82440-64e7-4177-86ae-b58dee731af3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54ebd53a-9bc1-480b-966a-843a333ca162} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-100011000004} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9a82440-64e7-4177-86ae-b58dee731af3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60e2746a-9c2e-45a2-85ce-7e1a8a890961} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b3addb7b-3df5-4672-82dd-775fff180134} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b3addb7b-3df5-4672-82dd-775fff180134} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3addb7b-3df5-4672-82dd-775fff180134} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Chris\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\kubzxlhh.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13a3eab5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13a3eab5.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.vbk (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


----------



## sjpritch25 (Sep 8, 2005)

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:
Download *DDS* by sUBs from one of the following links. Save it to your desktop.
*DDS.scr*
*DDS.pif*

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool. 
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
 Save both reports to your desktop.
 The instructions here ask you to attach the Attach.txt.









*Instead of attaching, please copy/past both logs into your next reply.*

Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection. 
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control *HERE*


----------



## gip213 (Aug 18, 2008)

Here are the two logs:

DDS (Ver_09-10-26.01) - NTFSx86 
Run by Chris at 18:10:20.39 on Wed 11/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3582.2042 [GMT 11:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Microsoft Antimalware *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
c:\program files\hide wizard\HideWizard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ShellLess\ShellLess.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\APV\autostart_and_process_viewer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\DAP\DAP.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\FLOCK\FLOCK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
D:\My Documents\My Completed Downloads\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\hide wizard\runhide.exe s,
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {08C525F4-2EBD-396D-B12A-005661A8CF95} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\rpbrowserrecordplugin.dll
{323ccfc5-5e54-09a7-0667-2900cacedf99}
BHO: {39DECA15-0DDE-5A2A-8E4F-2BC07757D6C7} - No File
BHO: {3BDB9C41-5A89-5E26-884F-2BC07756849A} - No File
BHO: {3D8F9713-5CD8-5A24-DF4F-2BC0775782CC} - No File
BHO: {48BB5873-256F-4BCA-84CD-34D4A7E802BF} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6A89CC10-0DD6-0B70-DD4F-2BC0775687C8} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: TamperIE: {7f09a208-7569-46db-94e5-1e385e68f77a} - c:\progra~1\tamperie\IETamper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AB69EC37-28F3-730E-F948-0BA290EA18C3} - No File
BHO: {AE40EBA0-2D49-48C9-BA8D-E9F046240F5F} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
{b3a4ad4f-3989-3521-da5a-4ae604870c93}
BHO: BywifiBHO Class: {c4743d3e-20d7-4b52-84f2-5e4e277b2d82} - c:\program files\bywifi\bywifiie.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [APV] c:\program files\apv\autostart_and_process_viewer.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\chris\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [LClock] c:\program files\lclock\lclock.exe
uRun: [Vista Rainbar] c:\program files\vista rainbar\launcher.exe
uRun: [ViOrb] c:\program files\viorb\ViOrb.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ShellLess] c:\program files\shellless\ShellLess.exe hide
mRun: [MSSE] c:\program files\microsoft security essentials\msseces.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DownloadAccelerator] "c:\program files\dap856\DAP.EXE" /STARTUP
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\styler.lnk - c:\docume~1\chris\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dap.lnk - c:\program files\dap\DAP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\windows\installer\{bdc88e5a-f47b-4314-ab38-994592e32c95}\NewShortcut1.exe
uPolicies-explorer: Hidden = 1 (0x1)
IE: &Clean Traces - c:\program files\dap856\privacy package\dapcleanerie.htm
IE: &Define - file://c:\program files\ietoys\Webster.htm
IE: &Delete Images - file://c:\program files\ietoys\CleanDom.htm
IE: &Download with &DAP - c:\program files\dap856\dapextie.htm
IE: &MSN - file://c:\program files\ietoys\MSN.htm
IE: Access&Keys - file://c:\program files\ietoys\AccessKeys.htm
IE: Add to QQ Customized Emoticons
IE: Add to QQ Customized Panel - c:\program files\tencent\qq\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\tencent\qq\AddEmotion.htm
IE: Copy Location - file://c:\program files\ietoys\CopyLocation.htm
IE: Download &all with DAP - c:\program files\dap856\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: En&queue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Encyclopedia &Lookup - file://c:\program files\ietoys\WebEncyc.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: HTML So&urce - file://c:\program files\ietoys\HTMLSrc.htm
IE: I&mage List - file://c:\program files\ietoys\ImageList.htm
IE: Linkif&y && Open - file://c:\program files\ietoys\Linkify.htm
IE: Open &link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210
IE: Send picture by MMS - c:\program files\tencent\qq\SendMMS.htm
IE: Send Picture with QQ MMS
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Upload to QQ Network Hard Disk - c:\program files\tencent\qq\AddToNetDisk.htm
IE: {846F69C6-AEFA-45F7-ADF8-3550D72373BA} - c:\program files\tamperie\TIECP.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "c:\program files\ietoys\ProxyPick.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FFFFFF9F-A66E-4D5D-996F-1A4450298FFF} - {1BC5121A-79C6-40B2-A0E5-03E3E2F78DD8} - c:\program files\ietoys\ClearTracks.dll
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: CRXShellExecuteHook Object: {1214fbe7-4464-4a7e-9958-b5851a7a30a3} - c:\program files\conceptworld\recentx\RXShell.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\geedb.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\wn9dw6qu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
FF - prefs.js: network.proxy.ftp - 210.21.93.141
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 210.21.93.141
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 210.21.93.141
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 210.21.93.141
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 210.21.93.141
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\wn9dw6qu.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\wn9dw6qu.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\wn9dw6qu.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\winnt_x86-msvc\components\winprocess.dll
FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\wn9dw6qu.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll
FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\wn9dw6qu.default\extensions\[email protected]\components\coolirisstub.dll
FF - component: c:\program files\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\dap856\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\firefox\profiles\wn9dw6qu.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\firefox\profiles\wn9dw6qu.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\chris\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac

============= SERVICES / DRIVERS ===============

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-22 12672]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-9-6 28672]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\nbservice.exe --> c:\program files\common files\nero\nero backitup 4\NBService.exe [?]
S3 bqusbser;WCDMA USB Device for Serial Communication;c:\windows\system32\drivers\Mousbser.sys [2009-3-2 103552]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\chris\locals~1\temp\VGG16B.tmp [2009-10-31 25360]
S3 gwiopm;gwiopm;\??\d:\program files\wom\gwiopm.sys --> d:\program files\wom\gwiopm.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064]

=============== Created Last 30 ================

2009-11-09 10:13:28 0 d-----w- c:\docume~1\chris\applic~1\Malwarebytes
2009-11-09 10:13:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 10:13:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-09 10:13:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 10:13:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 08:41:40 0 d-----w- c:\program files\Pivot Stickfigure Animator
2009-10-26 08:33:22 0 d-----w- c:\windows\lhsp
2009-10-26 08:32:54 0 d-----w- c:\windows\speech
2009-10-26 06:41:54 0 d-----w- c:\program files\iPhoneBrowser
2009-10-25 03:41:29 0 d-----w- c:\docume~1\chris\applic~1\Apowersoft
2009-10-25 03:40:52 0 d-----w- c:\program files\Apowersoft
2009-10-24 08:36:54 0 d-----w- c:\program files\Gmask 1.70 English
2009-10-24 04:47:58 0 d-----w- c:\docume~1\chris\applic~1\eBay
2009-10-24 04:47:58 0 d-----w- c:\docume~1\alluse~1\applic~1\eBay
2009-10-24 04:47:27 0 d-----w- c:\program files\eBay
2009-10-22 09:10:19 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-10-22 09:10:18 0 d-----w- c:\program files\CPUID
2009-10-22 05:42:34 0 d-----w- C:\My Music
2009-10-21 09:22:41 0 d-----w- c:\program files\DVDVideoSoft
2009-10-21 09:22:41 0 d-----w- c:\program files\common files\DVDVideoSoft
2009-10-21 09:06:26 0 d-----w- c:\documents and settings\chris\8M0120CX4294TL10U4U0UKE2MMT7AHWX
2009-10-20 08:40:56 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-20 08:36:06 0 d-----w- c:\program files\Microsoft
2009-10-20 07:42:10 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-14 07:04:24 1374 ----a-w- c:\windows\imsins.BAK

==================== Find3M ====================

2009-11-11 07:10:42 1639767840 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-10 07:49:31 21891692 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-02 21:27:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-02 09:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 05:26:10 127664 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-22 08:30:59 53248 ----a-w- c:\program files\rpau3260.dll
2009-09-22 08:29:46 222728 ----a-w- c:\program files\realplay.exe
2009-09-22 08:29:46 1166 ----a-w- c:\program files\realplay.exe.manifest
2009-09-22 08:29:45 716 ----a-w- c:\program files\CinemasterVideo.4.3.manifest
2009-09-22 08:29:45 572 ----a-w- c:\program files\CinemasterAudio.4.3.manifest
2009-09-22 08:29:45 23558 ----a-w- c:\program files\freeoffers.ico
2009-09-22 08:29:45 221 ----a-w- c:\program files\subscription.rnx
2009-09-22 08:29:45 17846 ----a-w- c:\program files\videotest.rm
2009-09-22 08:29:45 177 ----a-w- c:\program files\freeoffers.rnx
2009-09-22 08:29:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-22 08:29:40 685 ----a-w- c:\program files\RecordingManager.exe.manifest
2009-09-22 08:29:40 198208 ----a-w- c:\program files\RecordingManager.exe
2009-09-17 08:32:32 9069677 -c--a-w- c:\program files\War3Patch.mpq
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 07:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 07:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 07:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 07:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 07:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 07:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 07:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 07:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 23:42:32 362180 -c--a-w- c:\windows\War3Unin.dat
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 09:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 12:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 13:21:25 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-07-23 11:58:42 5120 -csha-w- c:\program files\Thumbs.db
2009-06-01 08:50:12 119770 -c--a-w- c:\program files\HyCam0002.avi
2009-03-14 07:18:36 1308872 -c--a-w- c:\program files\D2 SAVE.rar
2009-01-27 10:17:36 4481 -c--a-w- c:\program files\Thoosje Sidebar V2.bak
2009-01-27 08:47:05 4426 -c--a-w- c:\program files\Uconomix SnapLogger 1.bak
2008-05-30 12:09:46 731136 -c--a-w- c:\program files\avenger.exe
2008-03-26 06:45:25 1045 -csha-w- c:\windows\system32\bdeeg.ini2

============= FINISH: 18:12:11.84 ===============


----------



## gip213 (Aug 18, 2008)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 26/08/2008 8:27:05 PM
System Uptime: 11/11/2009 2:29:16 AM (16 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 1.602 GiB free.
D: is FIXED (NTFS) - 135 GiB total, 0.649 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 796.319 GiB free.
H: is CDROM ()
I: is FIXED (FAT32) - 931 GiB total, 784.072 GiB free.
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6288
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6288
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP436: 25/10/2009 2:47:54 PM - Removed eBay Toolbar
RP437: 25/10/2009 2:55:16 PM - Removed Nero 9 Trial 4.4.8.1
RP438: 25/10/2009 5:30:23 PM - Software Distribution Service 3.0
RP439: 26/10/2009 5:41:52 PM - Installed iPhoneBrowser
RP440: 28/10/2009 9:07:13 AM - System Checkpoint
RP441: 29/10/2009 1:16:52 PM - System Checkpoint
RP442: 31/10/2009 12:33:06 PM - System Checkpoint
RP443: 31/10/2009 8:14:46 PM - Software Distribution Service 3.0
RP444: 1/11/2009 4:14:01 PM - Removed League of Legends
RP445: 1/11/2009 5:14:01 PM - Software Distribution Service 3.0
RP446: 2/11/2009 9:14:09 AM - Software Distribution Service 3.0
RP447: 3/11/2009 9:54:50 AM - System Checkpoint
RP448: 4/11/2009 3:07:01 PM - System Checkpoint
RP449: 4/11/2009 5:02:36 PM - Software Distribution Service 3.0
RP450: 4/11/2009 5:37:13 PM - Microsoft Antimalware Checkpoint
RP451: 5/11/2009 3:00:31 AM - Software Distribution Service 3.0
RP452: 6/11/2009 9:09:26 AM - Microsoft Antimalware Checkpoint
RP453: 7/11/2009 4:19:47 PM - Microsoft Antimalware Checkpoint
RP454: 8/11/2009 4:13:33 PM - Software Distribution Service 3.0
RP455: 8/11/2009 11:08:39 PM - Microsoft Antimalware Checkpoint
RP456: 10/11/2009 3:38:11 PM - Microsoft Antimalware Checkpoint
RP457: 11/11/2009 3:11:10 AM - Software Distribution Service 3.0
RP458: 11/11/2009 3:56:58 PM - Microsoft Antimalware Checkpoint
RP459: 11/11/2009 5:32:14 PM - Software Distribution Service 3.0

==== Installed Programs ======================

???????
2007 Microsoft Office Suite Service Pack 2 (SP2)
802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Advertising Center
Alive Video Converter (version 3.1.6.6)
Ant Renamer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
µTorrent
Audacity 1.3.6
AutoHotkey 1.0.47.06
AutoSave 1.1.0.0 for Vegas 8.0 build 144
Autostart and Process Viewer
AutoUpdate
AviSynth 2.5
Bayden IEToys (remove only)
Bayden TamperIE (remove only)
Bonjour
Bulk Image Downloader v1.39.0.6
Bywifi 1.3.7
Cain & Abel v4.9.26
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MP970 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CD-LabelPrint
Cheat Engine 5.3
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Collab
Combined Community Codec Pack 2008-09-21 16:18
ConvertXtoDVD 2.2.3.258
ConvertXtoDVD 3.2.0.52
Corner-A ArtStudio
CPUID CPU-Z 1.52.2
Dell Driver Download Manager
Dell Resource CD
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
Doc Scrubber v1.1
DolbyFiles
Download Accelerator Plus (DAP)
DScaler 4.1.17
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Episode Downloader V2.3.2
Excalibur 6.0.6 for Vegas Pro 8.0a or newer and Vegas Pro 8.1 a
Extra Screen Capture Pro 6.49
ExtractNow
febooti fileTweak Hash and CRC
filehippo.com Update Checker
Finale NotePad 2008
Fireflies Screensaver (remove only)
Flash Saving Plugin
Flock (2.5.1)
Foxit PDF Editor
Foxit Reader
Foxonic Professional 3.2 (build 0019)
FoxyTunes for Firefox
Free Studio version 4.2
FrostWire 4.17.2
G-Force
Garena
Gmask 1.70 English
Google Chrome
Google Toolbar for Internet Explorer
H.264 Decoder
Hamachi 1.0.3.0
HashCalc 2.02
Heroes of Newerth
Hex Workshop v6
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HyperCam 2
ImageBadger Image Converter
ImageConverter Plus 7.1
ImagXpress
ImgBurn
Inpaint
Intel(R) PRO Network Connections Drivers
iPhone Configuration Utility
iPhoneBrowser
iPod for Windows 2006-01-10
iPod for Windows 2006-03-23
ISO Recorder
iTunes
IZArc 4.0 beta 1
Java DB 10.2.2.0
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 2
Junk Mail filter update
Last.fm 1.5.4.24567
Launchy 2.1.2
League of Legends
Left 4 Dead Standalone Patch
Lernout & Hauspie TruVoice American English TTS Engine
LibUSB-Win32-0.1.12.1
LimeWire PRO 5.2.13
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Magic Bullet Editors 2.0 Vegas
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Math Add-in for Word 2007
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
MKVtoolnix 2.9.0 [20090523-133]
Morgan M-JPEG codec V3
MotoConnect
Motorola Driver Installation 3.9.0
Motorola PST
Motorola Software Update
Mozilla Firefox (3.5.3)
MSN
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 9 Trial
Nero ControlCenter
Nero Installer
neroxml
NewBlue 3D Explosions for Vegas
NewBlue 3D Transformations for Vegas
NewBlue Art Blends 2.0 for Vegas
NewBlue Art Effects 2.0 for Vegas
NewBlue Film Effects for Vegas
NewBlue Motion Blends 2.0 for Vegas
NewBlue Motion Effects 2.0 for Vegas
Nmap 4.76
Nokia Connectivity Cable Driver
Nokia PC Suite
NokiaFREE Unlock Codes Calculator
Notepad++
Orban/Coding Technologies AAC/aacPlus Player Plugin?1.0
Paint.NET v3.5
PC Connectivity Solution
PFPortChecker 1.0.28
Piky Basket 2.0
Pivot Stickfigure Animator
PoiZone
PPS???? V2.6.86.8800 ???
Python 2.5.2
QuickFreedom 1.2.0
QuickTime
RealPlayer
Recuva (remove only)
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
ShellLess Explorer 1.24
Sibelius Scorch
Sibelius Scorch (Firefox, Opera, Netscape only)
SigmaTel Audio
Skins
SolveigMM WMP Trimmer Plugin
Sonic Update Manager
Sony DVD Architect Pro 4.5
Sony Media Manager 2.2
Sothink FLV Player
Sothink SWF Decompiler
Sothink Web Video Downloader
Speakonia
SpiceMASTER 2.5 PRO for Vegas
Spybot - Search & Destroy
Steam
Storm Codec
Styler
SWF Opener
Total Commander (Remove or Repair)
Toxic Biohazard
TuneUp Utilities 2009
Tweak UI
UltraISO Premium V8.51
Uninstall 1.0.0.1
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
uTorrent SpeedUp Pro
VASST Ultimate S3 3.1.7
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Vegas Movie Studio Platinum 9.0
Vegas Pro 9.0
Ventrilo Client
VideoGet
VistaMizer 3.1.0.0
Visual MP3 Splitter & Joiner 6.0
VLC media player 1.0.1
Vuze
WavePad Sound Editor
WC3Banlist
WD Diagnostics
WebFldrs XP
WhiteCap
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem (02/24/2009 4.0)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinHTTrack Website Copier 3.43
WinPcap 4.0.2
WinRAR archiver
WinSCP 4.1.9
Wireshark 1.0.6
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
ZoneAlarm Security Suite
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

9/11/2009 10:21:47 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0
9/11/2009 1:49:35 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0
9/11/2009 1:07:58 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0
8/11/2009 11:08:42 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0
7/11/2009 4:19:53 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.489.0, AS: 1.69.489.0 Engine Version: 1.1.5202.0
6/11/2009 9:09:36 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.489.0, AS: 1.69.489.0 Engine Version: 1.1.5202.0
5/11/2009 7:34:06 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.489.0, AS: 1.69.489.0 Engine Version: 1.1.5202.0
5/11/2009 7:22:30 AM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
5/11/2009 7:22:29 AM, error: Service Control Manager [7000] - The Apache2 service failed to start due to the following error: The system cannot find the path specified.
5/11/2009 4:41:47 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.489.0, AS: 1.69.489.0 Engine Version: 1.1.5202.0
5/11/2009 1:03:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.69.489.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
5/11/2009 1:03:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.69.489.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
4/11/2009 5:47:01 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.489.0, AS: 1.69.489.0 Engine Version: 1.1.5202.0
4/11/2009 12:55:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.69.423.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
4/11/2009 12:55:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.69.423.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
11/11/2009 3:57:05 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.756.0, AS: 1.69.756.0 Engine Version: 1.1.5202.0
11/11/2009 3:19:17 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0
11/11/2009 1:33:34 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0
10/11/2009 6:10:49 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0
10/11/2009 3:38:16 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0
10/11/2009 10:44:20 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Taterf.B&threatid=2147603086 User: Unknown\Unknown Name: Worm:Win32/Taterf.B ID: 2147603086 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.69.671.0, AS: 1.69.671.0 Engine Version: 1.1.5202.0

==== End Of File ===========================


----------



## gip213 (Aug 18, 2008)

Getting a lot of problems lately. System freezes on the last step of the BIOS Loading screen. I've tried turning it off and on alot of times but doesn't work. After an hour, I reboot and it works. Once I get to the logon screen, I select my user and type in the password and hit enter, but it takes a couple of minutes for the 'personal settings' screen to come up.
Once it's logged on, start up programs take a long time to start up, and I'm getting anti-virus alerts w/ Gamethief again. Any help?


----------



## sjpritch25 (Sep 8, 2005)

Sorry for the delay

Download *Combofix* from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

*1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.*

--------------------------------------------------------------------

Double click on *combofix.exe* & follow the prompts. 
When finished, it will produce a report for you.
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


----------



## gip213 (Aug 18, 2008)

Sorry for the late reply, was busy with yearlies.
Here's the log for combofix:

ComboFix 09-11-20.02 - Chris 21/11/2009 14:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3582.2650 [GMT 11:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: Microsoft Antimalware *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Chris\Application Data\inst.exe
c:\documents and settings\Chris\ResErrors.log
c:\documents and settings\eve\Favorites\Online Security Guide.lnk
c:\documents and settings\eve\ResErrors.log
C:\install.exe
c:\program files\Common Files\ystem~1
c:\program files\icroso~1.net
c:\windows\fnts~1
c:\windows\mcroso~1
c:\windows\system32\_003116_.tmp.dll
c:\windows\system32\_003117_.tmp.dll
c:\windows\system32\_003118_.tmp.dll
c:\windows\system32\_003119_.tmp.dll
c:\windows\system32\_003126_.tmp.dll
c:\windows\system32\_003127_.tmp.dll
c:\windows\system32\_003128_.tmp.dll
c:\windows\system32\_003129_.tmp.dll
c:\windows\system32\_003131_.tmp.dll
c:\windows\system32\_003132_.tmp.dll
c:\windows\system32\_003135_.tmp.dll
c:\windows\system32\_003136_.tmp.dll
c:\windows\system32\_003138_.tmp.dll
c:\windows\system32\_003139_.tmp.dll
c:\windows\system32\_003140_.tmp.dll
c:\windows\system32\_003142_.tmp.dll
c:\windows\system32\_003145_.tmp.dll
c:\windows\system32\_003146_.tmp.dll
c:\windows\system32\_003150_.tmp.dll
c:\windows\system32\_003151_.tmp.dll
c:\windows\system32\_003153_.tmp.dll
c:\windows\system32\_003156_.tmp.dll
c:\windows\system32\_003158_.tmp.dll
c:\windows\system32\_003159_.tmp.dll
c:\windows\system32\_003160_.tmp.dll
c:\windows\system32\_003161_.tmp.dll
c:\windows\system32\_003162_.tmp.dll
c:\windows\system32\_003165_.tmp.dll
c:\windows\system32\_003166_.tmp.dll
c:\windows\system32\_003167_.tmp.dll
c:\windows\system32\_003168_.tmp.dll
c:\windows\system32\_003169_.tmp.dll
c:\windows\system32\_003174_.tmp.dll
c:\windows\system32\_003176_.tmp.dll
c:\windows\system32\_003177_.tmp.dll
c:\windows\system32\bdeeg.ini
c:\windows\system32\bdeeg.ini2
c:\windows\system32\bisinreo.ini
c:\windows\system32\cmomaksk.ini
c:\windows\system32\cqntpgks.ini
c:\windows\system32\dbnuvmug.ini
c:\windows\system32\drivers\pciide.sys
c:\windows\system32\esydpqpw.ini
c:\windows\system32\ftqrtnla.ini
c:\windows\system32\fwsgdngh.ini
c:\windows\system32\iffsespv.ini
c:\windows\system32\iukkjrro.ini
c:\windows\system32\juvwpgan.ini
c:\windows\system32\kbqggehc.dll
c:\windows\system32\kernel1.exe
c:\windows\system32\lgoidksa.ini
c:\windows\system32\lstrbdie.ini
c:\windows\system32\mbols~1
c:\windows\system32\oiqsicuv.ini
c:\windows\system32\oxkagkcy.ini
c:\windows\system32\pexldgqx.ini
c:\windows\system32\rietumwt.ini
c:\windows\system32\rqdpcllj.ini
c:\windows\system32\rutbkqfb.ini
c:\windows\system32\SET5D7.tmp
c:\windows\system32\tvacgirn.ini
c:\windows\system32\ubcibjdt.ini
c:\windows\system32\vjwxbajp.ini
c:\windows\system32\vsgoogip.ini
c:\windows\system32\wmddeysm.ini
c:\windows\system32\wnsxs~1
c:\windows\system32\xiynrxny.ini
c:\windows\system32\xoodqvhu.ini
c:\windows\system32\ytqnsrql.ini
G:\Autorun.inf
I:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP
-------\Legacy_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 02:29 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-11-21 02:29 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-11-21 02:28 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-11-21 02:28 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-11-21 02:28 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-21 02:28 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-11-21 02:28 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-11-21 02:28 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-11-21 02:27 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-11-21 02:27 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-11-21 02:27 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-21 02:27 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-11-21 02:26 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-11-21 02:26 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-11-21 02:25 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-21 02:25 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-11-19 08:16 . 2009-11-19 08:16 -------- d-----w- c:\program files\Super Layer Trial
2009-11-19 08:14 . 2009-11-19 08:14 -------- d-----w- c:\program files\GIMP-2.0
2009-11-17 04:57 . 2009-11-17 04:57 -------- d-----w- c:\documents and settings\ZOMGWTFBBQ\Application Data\Malwarebytes
2009-11-15 10:05 . 2009-11-15 10:05 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-14 07:14 . 2009-11-14 07:14 -------- d-----w- c:\program files\Intelore
2009-11-14 04:54 . 2009-11-14 04:54 -------- d-----w- c:\program files\PlayFKiSS
2009-11-14 04:52 . 2009-11-14 04:52 -------- d-----w- c:\documents and settings\Chris\WINDOWS
2009-11-10 19:51 . 2009-11-02 22:51 421888 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-11-09 11:45 . 2009-11-09 11:45 -------- d-----w- c:\documents and settings\eve\Application Data\Malwarebytes
2009-11-09 10:13 . 2009-11-09 10:13 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-11-09 10:13 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 10:13 . 2009-11-09 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-09 10:13 . 2009-11-09 10:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 10:13 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 06:38 . 2009-11-03 06:38 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\GenrePercentage
2009-10-28 08:41 . 2009-10-28 08:41 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-10-28 06:47 . 2009-10-07 23:31 3204096 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-10-28 06:47 . 2009-10-07 07:06 106496 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-10-28 06:47 . 2009-09-23 10:29 28672 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-10-28 06:47 . 2009-03-19 12:57 40960 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-10-28 05:56 . 2009-10-28 05:56 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\Last.fm
2009-10-28 05:56 . 2009-10-28 05:57 -------- d-----w- c:\documents and settings\Hans\Application Data\Apple Computer
2009-10-28 05:55 . 2009-10-28 05:57 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\Apple Computer
2009-10-28 05:43 . 2009-10-28 05:43 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\Flock
2009-10-28 05:43 . 2009-10-28 05:43 -------- d-----w- c:\documents and settings\Hans\Application Data\Flock
2009-10-27 08:02 . 2009-10-27 08:02 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\WMTools Downloaded Files
2009-10-27 07:56 . 2009-10-27 07:56 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\Paint.NET
2009-10-27 07:33 . 2009-10-28 06:04 -------- d-----w- c:\documents and settings\Hans\Application Data\vlc
2009-10-27 07:26 . 2009-10-27 07:26 -------- d-----w- c:\documents and settings\Hans\Application Data\Publish Providers
2009-10-27 07:26 . 2009-10-28 05:28 -------- d-----w- c:\documents and settings\Hans\Tracing
2009-10-27 07:26 . 2009-10-27 07:26 -------- d-----w- c:\documents and settings\Hans\Application Data\DivX
2009-10-27 07:25 . 2009-10-27 07:26 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\Sony
2009-10-27 07:25 . 2009-10-27 07:26 -------- d-----w- c:\documents and settings\Hans\Application Data\Sony
2009-10-27 07:21 . 2009-10-27 07:21 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\Mozilla
2009-10-27 07:18 . 2009-10-27 07:18 -------- d-----w- c:\documents and settings\Hans\Application Data\Conceptworld
2009-10-27 07:18 . 2009-10-27 07:18 -------- d-----w- c:\documents and settings\Hans\Application Data\MailFrontier
2009-10-27 07:18 . 2009-10-28 05:28 -------- d-----w- c:\documents and settings\Hans\Application Data\Launchy
2009-10-27 07:18 . 2009-10-27 07:18 -------- d-----w- c:\documents and settings\Hans\Application Data\ATI
2009-10-27 07:18 . 2009-10-27 07:18 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\ATI
2009-10-26 08:33 . 2009-10-26 08:33 -------- d-----w- c:\windows\lhsp
2009-10-26 08:32 . 2009-10-26 08:33 -------- d-----w- c:\windows\speech
2009-10-26 06:42 . 2009-10-26 06:42 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Cranium_Consulting_and_Cu
2009-10-26 06:41 . 2009-10-26 06:41 25214 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe
2009-10-26 06:41 . 2009-10-26 06:41 10398 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe
2009-10-26 06:41 . 2009-10-26 06:41 -------- d-----w- c:\program files\iPhoneBrowser
2009-10-25 03:41 . 2009-10-25 03:41 -------- d-----w- c:\documents and settings\Chris\Application Data\Apowersoft
2009-10-25 03:40 . 2009-10-25 03:40 -------- d-----w- c:\program files\Apowersoft
2009-10-24 08:36 . 2009-10-24 08:36 -------- d-----w- c:\program files\Gmask 1.70 English
2009-10-24 04:47 . 2009-10-25 03:48 -------- d-----w- c:\documents and settings\Chris\Application Data\eBay
2009-10-24 04:47 . 2009-10-25 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\eBay
2009-10-24 04:47 . 2009-10-25 03:47 -------- d-----w- c:\program files\eBay
2009-10-22 09:10 . 2009-03-26 14:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-10-22 09:10 . 2009-10-22 09:10 -------- d-----w- c:\program files\CPUID
2009-10-22 05:42 . 2009-10-22 05:42 -------- d-----w- C:\My Music

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 03:28 . 2007-08-25 07:13 -------- d-----w- c:\documents and settings\Chris\Application Data\uTorrent
2009-11-21 03:28 . 2009-01-27 06:31 1715535392 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-21 03:20 . 2009-02-28 06:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-21 03:13 . 2009-01-27 06:31 22978148 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 03:06 . 2008-10-26 01:39 -------- d-----w- c:\documents and settings\Chris\Application Data\Canon
2009-11-21 02:49 . 2008-08-17 05:46 -------- d-----w- c:\program files\APV
2009-11-21 02:38 . 2008-06-19 09:11 -------- d-----w- c:\program files\Flock
2009-11-20 07:36 . 2009-05-09 06:52 -------- d-----w- c:\program files\Garena1
2009-11-20 04:42 . 2008-07-26 23:20 -------- d-----w- c:\program files\Warcraft III
2009-11-19 10:31 . 2007-09-06 08:41 -------- d-----r- c:\documents and settings\Chris\Application Data\LimeWire
2009-11-19 01:18 . 2009-09-03 09:39 -------- d-----w- c:\documents and settings\Chris\Application Data\vlc
2009-11-18 10:18 . 2009-11-18 11:28 20215296 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-11-18 10:18 . 2009-11-18 11:29 4763648 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-11-18 07:40 . 2009-02-24 09:04 -------- d-----w- c:\program files\Paint.NET
2009-11-17 12:33 . 2009-01-27 05:55 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-17 06:01 . 2009-08-23 08:31 -------- d-----w- c:\program files\Heroes of Newerth
2009-11-15 10:05 . 2009-09-21 08:06 184 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-11-15 01:43 . 2007-08-23 11:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-14 05:25 . 2009-11-14 05:25 194964 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_11_14_16_20_24_small.dmp.zip
2009-11-14 05:25 . 2009-11-14 05:25 180852 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_11_14_16_18_56_small.dmp.zip
2009-11-14 05:25 . 2009-11-14 05:25 178468 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_11_14_16_17_29_small.dmp.zip
2009-11-14 05:25 . 2009-11-14 05:25 183536 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_11_14_16_16_02_small.dmp.zip
2009-11-14 05:25 . 2009-11-14 05:25 181783 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_11_14_16_14_34_small.dmp.zip
2009-11-14 05:25 . 2009-11-14 05:25 179164 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_11_14_16_13_12_small.dmp.zip
2009-11-14 05:25 . 2009-11-14 05:25 193668 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_11_14_16_11_42_small.dmp.zip
2009-11-14 05:20 . 2009-11-14 05:20 4681216 ----a-w- c:\windows\Internet Logs\xDB1E8.tmp
2009-11-14 05:20 . 2009-11-14 05:20 24064 ----a-w- c:\windows\Internet Logs\xDB1E7.tmp
2009-11-14 05:16 . 2009-11-14 05:16 4680192 ----a-w- c:\windows\Internet Logs\xDB1E5.tmp
2009-11-14 05:16 . 2009-11-14 05:16 2908672 ----a-w- c:\windows\Internet Logs\xDB1E4.tmp
2009-11-13 07:54 . 2009-11-14 00:30 4667392 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-11-12 09:18 . 2007-09-13 08:10 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-11 06:42 . 2008-05-04 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-09 00:09 . 2009-05-13 03:57 -------- d-----w- c:\documents and settings\eve\Application Data\ppStream
2009-11-08 02:28 . 2007-09-23 04:44 -------- d-----w- c:\documents and settings\Chris\Application Data\dvdcss
2009-11-05 08:57 . 2009-04-04 03:28 20595066 -c--a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-11-04 20:19 . 2009-11-04 20:21 1097728 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-11-02 09:42 . 2009-09-23 07:15 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 06:25 . 2009-11-02 06:27 297984 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-10-31 10:05 . 2009-08-13 11:34 882816 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-30 11:34 . 2009-10-31 01:01 4327424 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-10-29 10:33 . 2007-09-16 07:37 -------- d-----w- c:\documents and settings\Chris\Application Data\Vso
2009-10-29 07:33 . 2007-10-26 12:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-28 05:47 . 2009-10-28 06:33 4562944 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-10-28 05:47 . 2009-10-28 06:33 2945536 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-10-27 10:30 . 2009-10-27 21:32 2860032 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-10-26 11:08 . 2009-08-04 12:26 -------- d-----w- c:\documents and settings\Chris\Application Data\U3
2009-10-26 09:55 . 2008-11-15 00:20 -------- d-----w- c:\documents and settings\Chris\Application Data\Audacity
2009-10-26 05:26 . 2008-12-30 00:58 127664 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-26 02:22 . 2009-02-04 04:56 -------- d-----w- c:\documents and settings\eve\Application Data\vlc
2009-10-25 22:19 . 2007-10-09 02:03 127664 ----a-w- c:\documents and settings\eve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-25 04:29 . 2009-07-24 11:28 -------- d-----w- c:\program files\Common Files\Nero
2009-10-25 04:23 . 2009-07-24 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-25 03:47 . 2007-08-22 14:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 08:49 . 2009-07-23 09:24 -------- d-----w- c:\program files\DScaler
2009-10-22 06:53 . 2009-10-22 07:20 4451328 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-10-22 06:53 . 2009-10-22 07:20 3020288 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-10-22 05:42 . 2009-09-22 08:30 -------- d-----w- c:\program files\library
2009-10-21 09:28 . 2009-10-21 09:22 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-21 09:22 . 2009-10-21 09:22 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-21 05:56 . 2008-06-21 09:18 -------- d-----w- c:\program files\PPStream
2009-10-20 10:40 . 2007-09-06 08:41 -------- d-----w- c:\program files\LimeWire
2009-10-20 08:40 . 2009-10-20 08:40 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-20 08:36 . 2009-10-20 08:36 -------- d-----w- c:\program files\Microsoft
2009-10-20 08:29 . 2009-10-20 07:35 360 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-10-14 01:56 . 2009-01-29 08:54 177024 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\FlashGot.exe
2009-10-13 19:54 . 2009-10-14 10:10 57856 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
2009-10-12 02:05 . 2007-10-08 09:56 -------- d-----w- c:\documents and settings\eve\Application Data\Apple Computer
2009-10-11 23:35 . 2009-10-11 23:40 4299776 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-10-06 02:40 . 2009-10-15 08:16 545280 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\[email protected]\libs\PicLensHelper.exe
2009-10-06 02:40 . 2009-10-15 08:16 103424 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\[email protected]\libs\pixomatic.dll
2009-10-06 02:40 . 2009-10-15 08:16 153600 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
2009-10-06 02:40 . 2009-10-15 08:16 344064 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\[email protected]\libs\LaunchCooliris.exe
2009-10-06 02:40 . 2009-10-15 08:16 4716544 ----a-w- c:\documents and settings\Chris\Application Data\Flock\Browser\Profiles\flnwqygm.default\extensions\[email protected]\components\cooliris.dll
2009-10-06 01:37 . 2009-10-06 01:37 -------- d-----w- c:\documents and settings\eve\Application Data\Notepad++
2009-10-01 08:28 . 2007-08-23 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\mcache
2009-10-01 08:28 . 2007-08-23 13:32 32 -c--a-w- c:\windows\system32\mylk.dat
2009-09-30 10:13 . 2009-09-30 09:41 -------- d-----w- c:\program files\Valve
2009-09-30 10:10 . 2009-09-30 10:10 -------- d-----w- c:\program files\Left 4 Dead
2009-09-29 23:43 . 2008-05-04 06:33 -------- d-----w- c:\program files\Microsoft Works
2009-09-27 11:51 . 2009-09-27 23:02 2934272 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-09-22 08:30 . 2009-09-22 08:30 53248 ----a-w- c:\program files\rpau3260.dll
2009-09-22 08:29 . 2009-09-22 08:29 1166 ----a-w- c:\program files\realplay.exe.manifest
2009-09-22 08:29 . 2009-09-22 08:29 222728 ----a-w- c:\program files\realplay.exe
2009-09-22 08:29 . 2009-09-22 08:29 716 ----a-w- c:\program files\CinemasterVideo.4.3.manifest
2009-09-22 08:29 . 2009-09-22 08:29 572 ----a-w- c:\program files\CinemasterAudio.4.3.manifest
2009-09-22 08:29 . 2009-09-22 08:29 23558 ----a-w- c:\program files\freeoffers.ico
2009-09-22 08:29 . 2009-09-22 08:29 221 ----a-w- c:\program files\subscription.rnx
2009-09-22 08:29 . 2009-09-22 08:29 17846 ----a-w- c:\program files\videotest.rm
2009-09-22 08:29 . 2009-09-22 08:29 177 ----a-w- c:\program files\freeoffers.rnx
2009-09-22 08:29 . 2003-03-18 09:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-22 08:29 . 2009-09-22 08:29 685 ----a-w- c:\program files\RecordingManager.exe.manifest
2009-09-22 08:29 . 2009-09-22 08:29 198208 ----a-w- c:\program files\RecordingManager.exe
2009-09-22 07:40 . 2008-09-01 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-21 08:06 . 2009-09-21 08:06 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-09-17 08:32 . 2009-06-22 09:05 9069677 -c--a-w- c:\program files\War3Patch.mpq
2009-09-14 08:07 . 2009-09-14 08:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 13:00 . 2009-09-08 22:32 3205632 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-09-05 07:27 . 2009-09-05 07:27 167376 ----a-w- c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\FlashGot.exe
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2008-09-10 03:49 . 2008-09-10 03:49 5817064 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-12-21 09:06 . 2007-12-21 09:06 781028 -csha-w- c:\windows\system32\ytqnsrql.tmp
.


----------



## gip213 (Aug 18, 2008)

------- Sigcheck -------

[-] 2009-08-05 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-08-05 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2004-08-04 . 55ACA85EB80E2155E20211AAADDD711A . 541696 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 8E520CF839F65BC9F5AFB440F27C7593 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\comctl32.dll
[-] 2008-04-14 . 8E520CF839F65BC9F5AFB440F27C7593 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-04 . 6067D9FC06B57A831F2A5E7062460847 . 718848 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\user32.dll
[-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . DC7C3534CF32C669705016AAE6D8A334 . 1423872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . F3C450A3B0E11A75E86B3E104C79C767 . 1551872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\explorer.exe
[-] 2008-04-14 . 6A8B0B64F8D7EBEF70B16FF689C3C76D . 1423872 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 . 99BC31DC8E8D5EE51724636AAE358DB8 . 1550336 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\Resources\Themes\YAFVC3 1.5\YAFVC 1.5 Modified Explorer Version\explorer.exe

[-] 2008-04-14 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\ctfmon.exe
[-] 2008-04-14 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[-] 2004-08-04 . 5F1724D0E11EB88C95A3B73A6DD72779 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 68856]
"APV"="c:\program files\APV\autostart_and_process_viewer.exe" [2008-06-27 192512]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"Vista Rainbar"="c:\program files\Vista Rainbar\launcher.exe" [2008-11-14 131778]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2008-11-13 69632]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-22 289584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"ShellLess"="c:\program files\ShellLess\ShellLess.exe" [2009-05-07 1968640]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-06-13 769232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 68856]

c:\documents and settings\eve\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Styler.lnk - c:\documents and settings\Chris\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2007-9-23 15086]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DAP.lnk - c:\program files\DAP\DAP.exe [2007-8-25 4376328]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-7-17 286720]
Wireless Configuration Utility HW.32.lnk - c:\windows\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2008-1-5 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Hidden"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "c:\program files\Conceptworld\RecentX\RXShell.dll" [2008-04-29 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_02\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIrc\\mIRC - English.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Warcraft III\\w3l.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_02\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\KWMUSIC\\KwMusic.exe"=
"c:\\Program Files\\KWMUSIC\\KwMV.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:*isabled:Torrent
"6881:UDP"= 6881:UDP:*isabled:Torrent
"6882:TCP"= 6882:TCP:*isabled:Torrent
"6882:UDP"= 6882:UDP:*isabled:Torrent
"6883:TCP"= 6883:TCP:*isabled:Torrent
"6883:UDP"= 6883:UDP:*isabled:Torrent
"6884:TCP"= 6884:TCP:*isabled:Torrent
"6884:UDP"= 6884:UDP:*isabled:Torrent
"6885:TCP"= 6885:TCP:*isabled:Torrent
"6885:UDP"= 6885:UDP:*isabled:Torrent
"6886:TCP"= 6886:TCP:*isabled:Torrent
"6886:UDP"= 6886:UDP:*isabled:Torrent
"6887:TCP"= 6887:TCP:*isabled:Torrent
"6887:UDP"= 6887:UDP:*isabled:Torrent
"6888:TCP"= 6888:TCP:*isabled:Torrent
"6888:UDP"= 6888:UDP:*isabled:Torrent
"6889:TCP"= 6889:TCP:*isabled:Torrent
"6889:UDP"= 6889:UDP:*isabled:Torrent
"45862:UDP"= 45862:UDP:192.168.1.136/255.255.255.255:Enabled:uTorrent
"45862:TCP"= 45862:TCP:192.168.1.136/255.255.255.255:Enabled:uTorrent
"4000:TCP"= 4000:TCPiablo II
"6112:TCP"= 6112:TCPiablo II
"6112:UDP"= 6112:UDPiablo II
"6113:UDP"= 6113:UDPiablo II
"6114:UDP"= 6114:UDPiablo II
"6115:UDP"= 6115:UDPiablo II
"6116:UDP"= 6116:UDPiablo II
"6117:UDP"= 6117:UDPiablo II
"6118:UDP"= 6118:UDPiablo II
"6119:UDP"= 6119:UDPiablo II
"6111:TCP"= 6111:TCP:Warcraft III
"6113:TCP"= 6113:TCP:192.168.1.136/255.255.255.255:Enabled:Warcraft III BNET
"6114:TCP"= 6114:TCP:192.168.1.136/255.255.255.255:Enabled:Warcraft III BNET
"6115:TCP"= 6115:TCP:Warcraft III BNET
"6116:TCP"= 6116:TCP:192.168.1.136/255.255.255.255:Enabled:Warcraft III BNET
"6117:TCP"= 6117:TCP:192.168.1.136/255.255.255.255:Enabled:Warcraft III BNET
"6118:TCP"= 6118:TCP:192.168.1.136/255.255.255.255:Enabled:Warcraft III BNET
"6119:TCP"= 6119:TCP:192.168.1.136/255.255.255.255:Enabled:Warcraft III BNET
"6111:UDP"= 6111:UDP:192.168.1.136/255.255.255.255:Enabled:Warcraft III BNET
"49862:TCP"= 49862:TCP:192.168.1.136/255.255.255.255:Enabled:uTorrent
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8399:TCP"= 8399:TCP:League of Legends Launcher
"8399:UDP"= 8399:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/09/2008 7:43 PM 717296]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [22/10/2009 8:10 PM 12672]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [6/09/2009 8:45 PM 28672]
S3 bqusbser;WCDMA USB Device for Serial Communication;c:\windows\system32\drivers\Mousbser.sys [2/03/2009 2:00 AM 103552]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Chris\LOCALS~1\Temp\FDW13D.tmp --> c:\docume~1\Chris\LOCALS~1\Temp\FDW13D.tmp [?]
S3 gwiopm;gwiopm;\??\d:\program files\Wom\gwiopm.sys --> d:\program files\Wom\gwiopm.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 7:22 AM 34064]
.
Contents of the 'Scheduled Tasks' folder

2009-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-220523388-682003330-1004Core.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 09:31]

2009-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-220523388-682003330-1004UA.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 09:31]

2009-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-220523388-682003330-1005Core.job
- c:\documents and settings\eve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-09 06:11]

2009-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-220523388-682003330-1005UA.job
- c:\documents and settings\eve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-09 06:11]

2009-11-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-03-24 00:11]

2009-07-29 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:12]

2009-07-28 c:\windows\Tasks\ShutDownTool.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:12]

2009-11-04 c:\windows\Tasks\µTorrent.job
- c:\progra~1\uTorrent\uTorrent.exe [2007-08-25 09:27]
.
.


----------



## gip213 (Aug 18, 2008)

------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &Clean Traces - c:\program files\DAP856\Privacy Package\dapcleanerie.htm
IE: &Define - file://c:\program files\IEToys\Webster.htm
IE: &Delete Images - file://c:\program files\IEToys\CleanDom.htm
IE: &Download with &DAP - c:\program files\DAP856\dapextie.htm
IE: &MSN - file://c:\program files\IEToys\MSN.htm
IE: Access&Keys - file://c:\program files\IEToys\AccessKeys.htm
IE: Add to QQ Customized Emoticons
IE: Add to QQ Customized Panel - c:\program files\Tencent\QQ\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\Tencent\QQ\AddEmotion.htm
IE: Copy Location - file://c:\program files\IEToys\CopyLocation.htm
IE: Download &all with DAP - c:\program files\DAP856\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: En&queue current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Encyclopedia &Lookup - file://c:\program files\IEToys\WebEncyc.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: HTML So&urce - file://c:\program files\IEToys\HTMLSrc.htm
IE: I&mage List - file://c:\program files\IEToys\ImageList.htm
IE: Linkif&y && Open - file://c:\program files\IEToys\Linkify.htm
IE: Open &link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Send picture by MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Send Picture with QQ MMS
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Upload to QQ Network Hard Disk - c:\program files\Tencent\QQ\AddToNetDisk.htm
IE: {{846F69C6-AEFA-45F7-ADF8-3550D72373BA} - c:\program files\TamperIE\TIECP.exe
IE: {{FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "c:\program files\IEToys\ProxyPick.exe"
IE: {{FFFFFF9F-A66E-4D5D-996F-1A4450298FFF} - {1BC5121A-79C6-40B2-A0E5-03E3E2F78DD8} - c:\program files\IEToys\ClearTracks.dll
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
FF - prefs.js: network.proxy.ftp - 210.21.93.141
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 210.21.93.141
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 210.21.93.141
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 210.21.93.141
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 210.21.93.141
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
FF - component: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll
FF - component: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\extensions\[email protected]\components\coolirisstub.dll
FF - component: c:\program files\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\DAP856\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\wn9dw6qu.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
.
- - - - ORPHANS REMOVED - - - -

BHO-{08C525F4-2EBD-396D-B12A-005661A8CF95} - (no file)
BHO-{323CCFC5-5E54-09A7-0667-2900CACEDF99} - (no file)
BHO-{39DECA15-0DDE-5A2A-8E4F-2BC07757D6C7} - (no file)
BHO-{3BDB9C41-5A89-5E26-884F-2BC07756849A} - (no file)
BHO-{3D8F9713-5CD8-5A24-DF4F-2BC0775782CC} - (no file)
BHO-{48BB5873-256F-4BCA-84CD-34D4A7E802BF} - (no file)
BHO-{6A89CC10-0DD6-0B70-DD4F-2BC0775687C8} - (no file)
BHO-{AB69EC37-28F3-730E-F948-0BA290EA18C3} - (no file)
BHO-{B3A4AD4F-3989-3521-DA5A-4AE604870C93} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 14:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Chris\LOCALS~1\Temp\FDW13D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-220523388-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D4666DD-6596-AA94-126B-9448D68614B1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahfphmddcgekafnbm"=hex:6a,61,64,64,6e,61,67,68,65,65,6c,6b,69,63,62,67,66,64,
66,6e,00,00
"habifahljechkedf"=hex:6a,61,6e,63,67,70,6c,64,6f,6d,6a,6f,6d,70,6d,61,70,64,
70,6b,00,00

[HKEY_USERS\S-1-5-21-515967899-220523388-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FC8AC27-BF18-3F47-D038-DA3BB2EAE285}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnklnckachopbgfkodbjbnipblfjgkpkf"=hex:65,62,6e,6b,6d,6c,6b,62,69,6c,66,65,
6d,69,66,62,62,6d,6f,67,6f,63,6d,6e,6c,6b,62,6b,6f,62,63,68,61,6e,63,6f,6a,\
"bbnklnckachopbgfkoebekicfpbabdkggioa"=hex:62,62,67,6b,70,67,63,6a,6c,62,6e,6d,
70,6a,65,61,68,62,6b,63,67,69,6d,62,65,65,67,68,63,70,65,66,68,6d,65,6d,00,\

[HKEY_USERS\S-1-5-21-515967899-220523388-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81DFF7DB-83FE-6E25-F6DC-AACC874964FF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagemicfilgophbgja"=hex:6b,61,68,67,62,63,67,68,68,70,66,69,6f,66,6a,69,70,6b,
6f,6e,65,62,00,00
"hammcphemgmjnhml"=hex:6a,61,6b,67,65,61,63,67,66,6a,67,68,6b,62,62,6a,6a,64,
6e,6a,00,f2

[HKEY_USERS\S-1-5-21-515967899-220523388-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7E8E627-A5F8-7BBE-8CF4-A1119474B976}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iacpjeaeadmdndbnie"=hex:6b,61,6e,62,68,6d,6d,68,67,70,70,62,61,63,61,6b,6f,64,
6b,6f,6e,63,00,00
"hainhhogdoeiimoa"=hex:6b,61,6e,62,68,6d,6d,68,67,70,70,62,61,63,61,6b,6f,64,
6b,6f,6e,63,00,00

[HKEY_USERS\S-1-5-21-515967899-220523388-682003330-1004\Software\º€ÿb È‰©O Gjº€
_O ØNÇdƒÊO' ïyñ]I{ È‰©O Gjº€
_O]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\7ŒLkOmÈ‰hV.*C*h*r*i*s*\Capabilities]
"ApplicationName"="?????.Chris"
"ApplicationIcon"="c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="?????"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\7ŒLkOmÈ‰hV.*C*h*r*i*s*\Capabilities\FileAssociations]
".xhtml"="ChromeHTML.Chris"
".xht"="ChromeHTML.Chris"
".shtml"="ChromeHTML.Chris"
".html"="ChromeHTML.Chris"
".htm"="ChromeHTML.Chris"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\7ŒLkOmÈ‰hV.*C*h*r*i*s*\Capabilities\StartMenu]
"StartMenuInternet"="?????.Chris"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\7ŒLkOmÈ‰hV.*C*h*r*i*s*\Capabilities\URLAssociations]
"https"="ChromeHTML.Chris"
"http"="ChromeHTML.Chris"
"ftp"="ChromeHTML.Chris"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\7ŒLkOmÈ‰hV.*C*h*r*i*s*\DefaultIcon]
@="c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe,0"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\7ŒLkOmÈ‰hV.*C*h*r*i*s*\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\7ŒLkOmÈ‰hV.*C*h*r*i*s*\shell\open\command]
@="\"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\NavLogon.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(4008)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\program files\Styler\StylerHelper.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\System32\cscui.dll
c:\program files\ViOrb\StartHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\TightVNC\WinVNC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe
c:\program files\Styler\Styler.exe
c:\program files\VideoLAN\VLC\vlc.exe

.
**************************************************************************
.
Completion time: 2009-11-21 14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 03:33

Pre-Run: 8,260,517,888 bytes free
Post-Run: 8,734,756,864 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (Original)" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E1B757E94863648484C06CAB277D4324


----------



## gip213 (Aug 18, 2008)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:11 PM, on 21/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ShellLess\ShellLess.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\APV\autostart_and_process_viewer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\APV\autostart_and_process_viewer.exe
C:\Documents and Settings\Chris\Desktop\chris\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: TamperIE - {7F09A208-7569-46DB-94E5-1E385E68F77A} - C:\PROGRA~1\TamperIE\IETamper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AE40EBA0-2D49-48C9-BA8D-E9F046240F5F} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ShellLess] C:\Program Files\ShellLess\ShellLess.exe hide
O4 - HKLM\..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [APV] C:\Program Files\APV\autostart_and_process_viewer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: DAP.lnk = C:\Program Files\DAP\DAP.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP856\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Define - file://C:\Program Files\IEToys\Webster.htm
O8 - Extra context menu item: &Delete Images - file://C:\Program Files\IEToys\CleanDom.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP856\dapextie.htm
O8 - Extra context menu item: &MSN - file://C:\Program Files\IEToys\MSN.htm
O8 - Extra context menu item: Access&Keys - file://C:\Program Files\IEToys\AccessKeys.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Copy Location - file://C:\Program Files\IEToys\CopyLocation.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP856\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Encyclopedia &Lookup - file://C:\Program Files\IEToys\WebEncyc.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: HTML So&urce - file://C:\Program Files\IEToys\HTMLSrc.htm
O8 - Extra context menu item: I&mage List - file://C:\Program Files\IEToys\ImageList.htm
O8 - Extra context menu item: Linkif&y && Open - file://C:\Program Files\IEToys\Linkify.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: TamperIE Control Panel - {846F69C6-AEFA-45F7-ADF8-3550D72373BA} - C:\Program Files\TamperIE\TIECP.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ProxyPick - {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program Files\IEToys\ProxyPick.exe" (file missing)
O9 - Extra 'Tools' menuitem: ProxyPick - {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program Files\IEToys\ProxyPick.exe" (file missing)
O9 - Extra button: Immediately wipe all browsing history - {FFFFFF9F-A66E-4D5D-996F-1A4450298FFF} - C:\Program Files\IEToys\ClearTracks.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - 
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - 
O17 - HKLM\System\CS2\Services\Tcpip\..\{08120475-99BD-45A0-8906-08262872971C}: NameServer = 203.121.190.35,203.12.160.36
O17 - HKLM\System\CS3\Services\Tcpip\..\{08120475-99BD-45A0-8906-08262872971C}: NameServer = 203.121.190.35,203.12.160.36
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Chris/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.gif

--
End of file - 17221 bytes


----------



## gip213 (Aug 18, 2008)

Hi sjpritch,
Recently i haven't been able to boot up my computer, i get a BSOD saying that "I should check for virus's or harddrive partition problems and CHKDSK my hardrive" or something along those lines.
I've tried to use the windows recovery tool and /p gives me "1 or more errors" and /r is still taking alot of time. Anything i can do? I desperately need a document on it for tomorrow.


----------



## sjpritch25 (Sep 8, 2005)

do you know how to create/burn an .iso image to a cd?

We should be able to mount your drive in linux and copy the document to a usb drive.


----------



## gip213 (Aug 18, 2008)

Yep I do, but would it take long? If it's too much of an inconvenience, I could get an extension. Otherwise, how should I fix the other problems?


----------



## gip213 (Aug 18, 2008)

Here's anupdate. The computer still won't boot up, I get the BSOD with 0x000007b (0xba4c3524 0x000034 0x00000 0x00000) still and I've done a tonne of research but to no avail. I've tried chkdsk /r /p but both finish successfully. I've tried both boot partitioning. I've got access to the Windows Recovery Console and I've been able to Copy the document i need so that's ok. I've tried fiddling around with my boot settings in F2 and F12, and I've tried Safe Mode F8 but it still Blue Screens on me. I"ve tried removing all peripherals and removing my extra ram but both don't work. I need the computer up and running ASAP as my school work is getting overdue. I really cannot afford to lose any data either,.
If anyone else can help, I would be deeply gratified. thanks.


----------



## sjpritch25 (Sep 8, 2005)

here you go

https://help.ubuntu.com/community/BurningIsoHowto

When you boot into ubuntu, you should have access to your windows partition.


----------



## gip213 (Aug 18, 2008)

Thanks for the help, trying that later because this laptop doesn't have a dvd drive and i'll goto a friend's tomorrow,.
Do you have any idea how I can fix this blue screen? Or shall I mark this solved? Or is there more after the combofix? One I get the computer up and running, what should I do? Thanks for all the help , btw, i appreciate it.


----------



## sjpritch25 (Sep 8, 2005)

i would use ubuntu just to recover any files you want off the computer. 

Its hard to say exactly the cause of the BSOD, but it was most likely malware related. 

Re-format and re-install is probably best bet now.


----------



## gip213 (Aug 18, 2008)

Hi again, if the cause if malware related can I just put the Windows Xp Disc in and run a repair? I'm trying now but the computer isn't reading the disc as a boot source.
Also, I can access the hardrive and all the files perfectly, I used Windows Recovery Console and used COPY to get all my files onto a Usb e:\ drive.
Does that mean anything? I cannot afford to lose or reformat my harddrive, my yearly back has not been made yet.
I hope there's a better way.


----------



## gip213 (Aug 18, 2008)

Ok I ran a repair finally and the BSOD is gone but when the Blue Repair Screen comes up (With the Step 1 etc and Ads on the right) i get lsass.exe Invalid Paremeters passed etc etc,? Any help on that please? I guess I won't need to reformat which i am reallllly glad about


----------



## etaf (Oct 2, 2003)

Is this the same problem posted in the XP forum here
http://forums.techguy.org/windows-xp/880526-can-xp-sp3-boot-sp2.html

You have many duplicated post - please do not do that

I have closed most of them now,

I would suggest you wait for you HJT log to be cleaned, if there is a probem in it... before posting any more .......


----------



## gip213 (Aug 18, 2008)

Nonono you misunderstand. I had a virus problem which is this one. I posted the Logs etc but then the BSOD came and the helpful mod here couldn't help so I started a new thread, oviousy not in the HJT Forum. Then i had a query about the SP2 discs which required a new thread because noone was helpful enough to help me with this bsod problem. Now i've got the disc working, I get the lsass.exe which again requires a new thread. Unless of course you can help me.
Am at the point where i get an lsass.exe paramater system error on boot at the Repair Screen of windows. This is because while i was trying to see if it was a registry error, I deleted all the \config\ \sam\ etc and replaced them with the ones in \repair\. Now I'm in the recovery console but it requires an admin password, which was in the new \sam\ and I don't have. I don't want to make a new thread but i have to if you can't help :\ Please, I need this up and running asap,.

-gip


----------



## etaf (Oct 2, 2003)

If you would keep ONE thread going for the all those problems with the PC as they may all be connected to just one problem, and if your not get any reply in a particular forum, just report the post (button on every post) and ask a MOD to move the thread to a different forum.
Creating new threads, mean people are helping and not getting the full picture of things being suggested and could make matters worse.


----------



## gip213 (Aug 18, 2008)

Ok sorry sure thing, will remember next time.
Do you think i should create a new thread? Or can you mark this as open again?
I've gotten the Admin password for the Console, fixed up my config folder but t still get the error with lsass.exe Parameter Invalid blah blah and stuck on that screen with STEP 1 STEP 2. When I press Shift F10 I get cmd if that helps.


----------



## etaf (Oct 2, 2003)

> Do you think i should create a new thread out? Or can you mark this as open again?


This is OPEN, and in the malware forum, 
sjpritch25, one of or Malware Gurus (indicated by gold shield) is supporting here - He has suggested using ubuntu to get all your information off and then to reformat.

Have you managed to boot up ubuntu and backup all the data you need?


----------



## gip213 (Aug 18, 2008)

I can't burn Ubuntu on a laptop withouth a DVD/CD Drive so I'm trying to make a USB one or get a friend to do it. As I said earlier, I really don't want to reformat unless it is confirmed to be Malware related and last option, which it doesn't seem to appear to be yet, as many people have the lsass.exe problem. I'll try to a lot more research into it and hope sjpritch25 knows the problem. Otherwise, I can only hope I can find another solution or someone else might. Thanks.


----------



## gip213 (Aug 18, 2008)

If i needed to ask the TSG community how I would get rid of the lsass.exe problem, would I be required to make a new thread seeing as this one no longer seems valid? Or can this be marked so other people that are authorised to help delete malware can read this thread? I've gone through almost every lsass.exe thread and none of them help that much :\


----------



## etaf (Oct 2, 2003)

> would I be required to make a new thread seeing as this one no longer seems valid?


Why do you think this is not a valid thread?


----------



## gip213 (Aug 18, 2008)

The old problem has finished and a new problem has arisen (lsass.exe) and the helpful mod here has finished and taken on another thread it seems.


----------



## sjpritch25 (Sep 8, 2005)

With doing a repair install, i can't guarantee we can fully clean the system. That's the main reason why i recommended a re-install of windows. I'll see if someone else wants to take this thread. I already gave you my suggestions.


----------



## gip213 (Aug 18, 2008)

Thanks for your help then, I appreciate it. I'll try to get windows up and running, make a backup and reformat. Just wondering, I f I selet CLEAN INSTALL, will i lose all my data?


----------



## gip213 (Aug 18, 2008)

Hi again, i know this sounds like a stupid question, but do I have to install the Linux Os to access my partition, or can i just use a Live boot cd?


----------



## sjpritch25 (Sep 8, 2005)

live boot cd


----------

