Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cid Popups!help.


  • This topic is locked This topic is locked
7 replies to this topic

#1 vskiezv

vskiezv

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 08 October 2007 - 08:16 AM

I kept getting these popups called CiD popups,they r irritating and sometimes it pops out and brings me back to the desktop whenever im running a program.
Plz help me destroy these Cid Popups.Tyty :thumbsup:

Here is my HiJackThis Log :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:02 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\DOCUME~1\OWNER\MYDOCU~1\flashget\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MPS] C:\ACER\PSM.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\Owner\My Documents\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Flashget] C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Owner\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Documents and Settings\Owner\My Documents\Daemon Tool\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jc_link.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?c072435e443e4372bf505c301541ee20
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?c072435e443e4372bf505c301541ee20
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.kr/gogsweb/gogsweb.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} (AcuViewer Control) - http://presentur.ntu.edu.sg/aculearn-idm/dlls/acuviewer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C7DEB01E-4556-4768-A78D-CA0CABD5C8E8} (PanActiveX Control) - http://www.pangaeaworld.net/OCX/PanActiveX.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14008 bytes

Edited by vskiezv, 08 October 2007 - 08:29 AM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 08 October 2007 - 08:29 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum vskiezv :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player



Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.


Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the entire contents of that logfile into your next reply,along with a new Hijack This log.
Posted Image
Posted Image

#3 vskiezv

vskiezv
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 08 October 2007 - 09:50 AM

Ty for ur reply :thumbsup:
Well,I have a problem running the ComboFix everytime i tries to run it,a send or don't send error would pop up saying that it had encountered a problem and needs to close but here are my DelJob and HiJackThis logs


DelJob log :

--------------------------------------------------------
File(s) moved to C:\deljob

B1D28A7093E5099C.job
ADD3EB8F918865A7.job
A4B72DEF9110DFB3.job
ABCB5F11918CD79D.job
--------------------------------------------------------
Files remaining after cleaning

Check Updates for Windows Live Toolbar.job
--------------------------------------------------------
App data folders

Volume in drive C is ACER
Volume Serial Number is 320D-180E

Directory of C:\Documents and Settings\Owner\Application Data

03/11/2005 02:06 PM <DIR> .
03/11/2005 02:06 PM <DIR> ..
03/11/2005 01:57 PM <DIR> MICROS~1 Microsoft
03/11/2005 02:08 PM <DIR> IDENTI~1 Identities
03/11/2005 02:12 PM <DIR> SYMANTEC Symantec
05/30/2005 07:56 PM <DIR> SUN Sun
06/09/2005 11:58 AM <DIR> MACROM~1 Macromedia
06/09/2005 12:04 PM <DIR> CREATIVE Creative
06/17/2005 05:47 PM <DIR> ADOBE Adobe
06/17/2005 05:47 PM <DIR> ADOBEUM AdobeUM
07/13/2005 11:49 AM <DIR> LAVASOFT Lavasoft
07/30/2005 05:36 PM <DIR> REAL Real
09/20/2005 05:52 PM <DIR> XFIRE Xfire
11/25/2005 06:35 PM <DIR> BITTOR~1 .BitTornado
12/04/2005 12:12 AM <DIR> WILDFIRE Wildfire
12/14/2005 03:16 PM <DIR> GOOGLE Google
01/13/2006 07:38 PM <DIR> HELP Help
03/05/2006 06:53 PM <DIR> APPLEC~1 Apple Computer
04/09/2006 11:46 AM <DIR> CHASIN~1 Chasing Dogs Studios
04/27/2006 04:32 PM <DIR> MICROS~2 Microsoft Games
06/06/2006 11:49 AM <DIR> ATARI Atari
06/15/2006 10:20 AM <DIR> HOTKEY~1 Hot Keyboard
07/08/2006 08:11 PM <DIR> OZINTE~1 OZ Intermedia
07/25/2006 07:37 PM <DIR> MOZILLA Mozilla
07/25/2006 07:38 PM <DIR> TALKBACK Talkback
07/28/2006 09:03 PM <DIR> BITTOR~2 BitTorrent
07/30/2006 09:41 PM <DIR> UTORRENT uTorrent
08/01/2006 02:49 PM <DIR> PCTOOL~1 PC Tools
08/02/2006 06:42 PM <DIR> MCAFEE McAfee
08/08/2006 04:04 PM <DIR> AZUREUS Azureus
08/08/2006 04:19 PM <DIR> ABC~1 .ABC
09/15/2006 03:05 PM <DIR> MSNINS~1 MSNInstaller
11/29/2006 03:28 PM <DIR> GRETECH
12/16/2006 02:05 PM <DIR> PLAYFI~1 PlayFirst
01/26/2007 02:58 PM <DIR> HAMACHI Hamachi
02/04/2007 11:04 AM <DIR> CHICKE~1 Chicken Chase
03/16/2007 10:50 AM <DIR> ELSEPL~1 Else plus
03/16/2007 10:50 AM <DIR> SCREEN~1 Screenshot Sender
04/14/2007 11:57 AM <DIR> bang
04/29/2007 01:16 AM <DIR> GAMELAB Gamelab
05/08/2007 11:48 AM <DIR> YAHOO! Yahoo!
07/05/2007 08:36 PM <DIR> GAMEHO~1 GameHouse
07/05/2007 08:36 PM <DIR> MYGAME~1 My Games
07/06/2007 06:33 PM <DIR> WINRAR WinRAR
07/12/2007 09:09 PM <DIR> SECUROM SecuROM
07/23/2007 03:49 PM <DIR> DIVX DivX
07/23/2007 04:13 PM <DIR> vlc
07/30/2007 07:10 PM <DIR> DMCACHE DMCache
07/31/2007 06:56 PM <DIR> ATI
09/08/2007 09:46 PM <DIR> IDM
0 File(s) 0 bytes
50 Dir(s) 13,821,083,648 bytes free
Volume in drive C is ACER
Volume Serial Number is 320D-180E

Directory of C:\Documents and Settings\All Users\Application Data

03/11/2005 01:57 PM <DIR> .
03/11/2005 01:57 PM <DIR> ..
03/11/2005 01:57 PM <DIR> MICROS~1 Microsoft
03/11/2005 02:10 PM <DIR> ADOBE Adobe
03/11/2005 02:11 PM <DIR> CYBERL~1 CyberLink
03/11/2005 02:12 PM <DIR> SYMANTEC Symantec
07/20/2005 08:14 PM <DIR> TRYMEDIA Trymedia
08/09/2005 12:47 PM <DIR> MCAFEE.COM McAfee.com
09/09/2005 11:12 PM <DIR> HEWLET~1 Hewlett-Packard
11/12/2005 10:39 PM <DIR> MESSEN~1 Messenger Plus!
11/12/2005 10:53 PM <DIR> WINDOW~1 Windows Genuine Advantage
12/04/2005 02:53 PM <DIR> MUMBOJ~1 MumboJumbo
03/05/2006 06:48 PM <DIR> APPLEC~1 Apple Computer
04/01/2006 05:05 PM <DIR> SANDLO~1 Sandlot Games
04/09/2006 11:46 AM <DIR> CHASIN~1 Chasing Dogs Studios
04/25/2006 09:55 AM <DIR> MICROS~2 Microsoft Games
05/21/2006 10:31 AM <DIR> YAHOO!~1 Yahoo! Companion
05/29/2006 01:00 PM <DIR> IWIN iWin
07/09/2006 12:39 AM <DIR> PLAYFI~1 PlayFirst
08/02/2006 06:27 PM <DIR> MCAFEE McAfee
08/18/2006 05:27 PM <DIR> INSTAL~1 InstallShield
08/21/2006 05:50 PM <DIR> GOOGLE Google
09/01/2006 09:40 AM <DIR> YAHOO! Yahoo!
09/02/2006 07:01 PM <DIR> WINDOW~2 Windows Live Toolbar
09/08/2006 10:58 PM <DIR> INSIGH~1 Insight Software Solutions
01/30/2007 10:03 PM <DIR> TEMP
02/11/2007 08:19 PM <DIR> ADOBES~1 Adobe Systems
03/16/2007 10:50 AM <DIR> SEEKPO~1 Seek Pop 1 Live
05/20/2007 02:44 PM <DIR> N7-89-~1 n7-89-o9-3r-4t-r9
05/27/2007 12:43 PM <DIR> BIGFIS~1 BigFishGamesCache
05/27/2007 02:29 PM <DIR> LEGACY~1 Legacy Interactive
06/10/2007 02:54 PM <DIR> MYGAME~1 My Games
06/21/2007 09:46 AM <DIR> OUTSPARK Outspark
07/29/2007 03:08 PM <DIR> OBERON~1 Oberon Games
07/31/2007 07:36 PM <DIR> NEXON Nexon
08/03/2007 02:05 PM <DIR> README~1 Readme Live Axis Tons
08/03/2007 02:05 PM <DIR> FACELO~1 Face Loud Mp3 Readme
08/08/2007 09:29 PM <DIR> EPSON
08/08/2007 09:37 PM <DIR> UDL
10/05/2007 10:30 PM <DIR> LAVASOFT Lavasoft
10/07/2007 10:00 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
0 File(s) 0 bytes
41 Dir(s) 13,821,083,648 bytes free
--------------------------------------------------------








HiJackThis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:41 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\My Documents\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\My Documents\Daemon Tool\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\DOCUME~1\OWNER\MYDOCU~1\flashget\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MPS] C:\ACER\PSM.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\Owner\My Documents\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Flashget] C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Owner\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Documents and Settings\Owner\My Documents\Daemon Tool\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jc_link.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?c072435e443e4372bf505c301541ee20
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?c072435e443e4372bf505c301541ee20
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.kr/gogsweb/gogsweb.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} (AcuViewer Control) - http://presentur.ntu.edu.sg/aculearn-idm/dlls/acuviewer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C7DEB01E-4556-4768-A78D-CA0CABD5C8E8} (PanActiveX Control) - http://www.pangaeaworld.net/OCX/PanActiveX.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 14225 bytes

Edited by vskiezv, 08 October 2007 - 09:52 AM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 08 October 2007 - 10:29 AM

First enable the viewing of hidden files and folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html


Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Click on Start>Run and type Services.msc then press Ok.
Scroll down and find the service called:
Viewpoint Manager Service
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Owner\APPLIC~1\ELSEPL~1\AXISNEW.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

Exit Hijackthis.

Find and delete these folders:
C:\Documents and Settings\Owner\Application Data\Else plus
C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons
C:\Documents and Settings\All Users\Application Data\Face Loud Mp3 Readme

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 vskiezv

vskiezv
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 08 October 2007 - 11:46 PM

Both the SUPERAntiSpyware and HiJackThis logs r below


Here is the SUPERAntiSpyware log :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/09/2007 at 12:24 PM

Application Version : 3.9.1008

Core Rules Database Version : 3321
Trace Rules Database Version: 1322

Scan type : Complete Scan
Total Scan Time : 01:01:07

Memory items scanned : 530
Memory threats detected : 0
Registry items scanned : 6612
Registry threats detected : 0
File items scanned : 57125
File threats detected : 414

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@uk.sitestat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partypoker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clickz[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[3].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickz[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.mediacorpradio[1].txt
C:\Documents and Settings\Owner\Cookies\owner@incisivemedia.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@uk.sitestat[2].txt
C:\WINDOWS\Temp\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server2.bkvtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@sixapart.adbureau[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@ads.monster[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@indexstats[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@clicktoconvert[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@webstats4u[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfmiundjaco.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnyemdzgeo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@005.free-counter.co[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@streamit.hardwarezone[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@forums.hardwarezone[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@hardwarezone.us.intellitxt[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@advertising[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@www.blogcounter[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@2o7[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@fastclick[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnygpazsfq.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@azjmp[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ad.zanox[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@ads.asia1.com[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@3.adbrite[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@www.stats.casio[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ch8.mediacorptv[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ad.utusan.com[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@specificclick[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wgmield5oaq.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@www.ezytrack[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@www.mediamax[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@www.mxcounters[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@stats.ilsemedia[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnyqhcjehq.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjloomdpwfp.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@ads.habbogroup[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@ads.habbohotel.com[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjny-1pdpke.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wflosjczsgp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjlikkajkbp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wflisndzgdp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjkyopajoao.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjny-1jc5cg.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfmiqpdpmao.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whkiwhcpklo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjkyeid5akp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjkochcziho.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfmykoazifo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjliqld5mco.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfkouoazako.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wflocmdzwcp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnyoldjico.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjliqoajofp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjliokd5eap.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wglycocjkco.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfk4coajalo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjlocicpkkq.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wglocpazogp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfkywmd5odo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@bizrate.co[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjliqidzogo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wakielazigp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whmyooajgko.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wgkoclcpico.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjk4ugd5alo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfk4andjkap.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfkowhcpkcp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjk4knd5kgq.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnyolc5gfq.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjlywkdpgcp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whkieodjcap.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wgkokicpkap.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjlikjdzieo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjmyamcpobq.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnycmc5mdp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wflyundzsgp.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjkoekdzihp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whmycldzcbq.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjlyahcjgcp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjlykld5alp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjlookczwep.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjliapdjwdp.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnygkczgdp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@canteen.org[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whlyooc5mko.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whl4qpc5kep.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjkyemajmho.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjlouncjcao.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjmiepdzggp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wflokod5whp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjmyegcjmbo.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfmiwic5icp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@www.etracker[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfkospdzeeo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@hitcounter.tarsus.co[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@banners.tarsus-group[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wgkiogajweo.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whmieicjklp.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@ad101com.adbureau[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@partypoker[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@adserver[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@server.cpmstar[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wak4aodjwfp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnywpcpggq.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfkiuidzaap.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@jamster.com[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@anad.tacoda[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wflooidjidp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@www.mediacorpradio[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@xiti[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wflosgczabp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6walyeoazcgo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@hardwarezone[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@mediagrab[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@apmebf[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whkikmdzigp.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjmyggczwho.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnyaoazceo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@amlocalhost.trymedia[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@counter.hitslink[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@statse.webtrendslive[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@www.tns-counter[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@clicksor[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wgkisncpckq.stats.esomniture[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6whl4agd5cfo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjnyaoazahq.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@toplist[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wfk4oicpsbp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wjk4uncpshq.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@adopt.euroclick[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@banners.casino[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@adinterax[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ads.adbrite[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun chen@e-2dj6wakycldzsao.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@www.burstnet[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@eas.apm.emediate[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@e-2dj6wjkycpcpmkq.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@e-2dj6wflokodpofp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@imrworldwide[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@e-2dj6wfkiqmdjckp.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@clickaider[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@partygaming.122.2o7[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@doubleclick[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@adtech[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@mediaplex[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@mediacorp.com[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ad.media-servers[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@allcracks.on1ine[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@e-2dj6wgkismazwao.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@e-2dj6wjkyakcjglo.stats.esomniture[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@track.webtrekk[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@track.webtrekk[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@indextools[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@roiservice[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ehg-lgusa.hitbox[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@stats4.clicktracks[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@server.iad.liveperson[3].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@zedo[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@clicksor[3].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@burstnet[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@ad.yieldmanager[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@screensavers[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@try.screensavers[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@i.screensavers[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@statcounter[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@adinterax[2].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@mycounter.tinycounter[1].txt
C:\Documents and Settings\Chun Chen\Cookies\chun_chen@media.adrevolver[1].txt

Adware.Lop-Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEK POP 1 LIVE\NURB VIEW.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221474.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223084.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223651.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP571\A0201508.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP571\A0201509.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP571\A0201510.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP612\A0214073.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP613\A0215108.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0220988.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221001.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP623\A0221408.EXE

Adware.Lop-Variant
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\STA3.EXE
C:\DOCUMENTS AND SETTINGS\CHUN CHEN\LOCAL SETTINGS\TEMP\STA19.EXE
C:\DOCUMENTS AND SETTINGS\CHUN CHEN\LOCAL SETTINGS\TEMP\STAC9.EXE
C:\DOCUMENTS AND SETTINGS\CHUN CHEN\LOCAL SETTINGS\TEMP\STA893.EXE
C:\DOCUMENTS AND SETTINGS\CHUN CHEN\APPLICATION DATA\ELSE PLUS\JOYPOKEFORKBLUE.EXE
C:\DOCUMENTS AND SETTINGS\CHUN CHEN\APPLICATION DATA\ELSE PLUS\IIHZEEKJ.EXE
C:\DOCUMENTS AND SETTINGS\CHUN CHEN\APPLICATION DATA\ELSE PLUS\THUNKDEAFGREAT.EXE
C:\DOCUMENTS AND SETTINGS\CHUN CHEN\APPLICATION DATA\ELSE PLUS\SZBYPRIC.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP624\A0221427.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP624\A0221434.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221463.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221473.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221475.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221476.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221477.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221507.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221700.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221720.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP625\A0221745.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0221789.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223009.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223038.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223053.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223056.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223079.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223083.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223085.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223086.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP626\A0223087.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP627\A0223101.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP627\A0223103.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP627\A0223104.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP627\A0223105.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP631\A0223437.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP631\A0223446.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP631\A0223570.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP631\A0223632.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223638.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223648.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223649.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223650.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223652.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223653.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223654.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223655.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223656.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP632\A0223657.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP571\A0201522.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP571\A0202520.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP572\A0203616.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP572\A0203625.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP572\A0205889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP572\A0205897.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP572\A0205910.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP574\A0206044.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP574\A0206069.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP574\A0206073.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP574\A0206095.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP574\A0206120.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP574\A0206121.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP575\A0206215.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP575\A0206261.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP575\A0206293.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP575\A0206298.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP575\A0207294.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP575\A0207341.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP575\A0207342.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP576\A0207359.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP583\A0207377.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP595\A0209499.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP595\A0209511.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP595\A0209535.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP595\A0209548.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP595\A0210534.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0210655.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0210671.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0210691.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0210697.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211691.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211709.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211711.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211743.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211780.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211795.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211803.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211822.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP597\A0211836.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP598\A0211855.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP598\A0211870.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP599\A0211888.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP599\A0211911.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP599\A0212907.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP600\A0212948.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP600\A0212959.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP600\A0212974.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP600\A0213013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP601\A0213099.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP601\A0213146.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP601\A0213163.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP601\A0213186.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP602\A0213212.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP602\A0213226.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP602\A0213272.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP602\A0213314.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP602\A0213329.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP603\A0213347.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP604\A0213386.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP605\A0213413.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP605\A0213441.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP605\A0213452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP606\A0213484.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP606\A0213503.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP606\A0213515.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP606\A0213549.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP607\A0213581.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP608\A0213599.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP608\A0213718.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP608\A0213772.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP608\A0213816.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP608\A0213881.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP608\A0213897.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP609\A0213960.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP609\A0213976.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP610\A0214002.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP610\A0214019.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP612\A0214042.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP612\A0214062.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP613\A0214080.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP613\A0214092.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP613\A0215090.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP613\A0215113.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP613\A0215134.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP613\A0215158.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP614\A0215177.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP614\A0215196.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP614\A0216195.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP614\A0216213.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP615\A0216245.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP615\A0216253.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP615\A0217253.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP616\A0217311.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP616\A0217320.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP616\A0217343.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP616\A0217355.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP617\A0218353.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP618\A0218367.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP618\A0218376.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP618\A0218435.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP618\A0218487.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP618\A0218524.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP618\A0218551.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP618\A0218586.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0218625.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0218655.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0218697.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0218724.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0218737.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0219735.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0219754.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0219767.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP619\A0220766.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP620\A0220894.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP620\A0220905.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP620\A0220916.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0220957.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0220968.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0220987.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0220989.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0220998.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221000.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221002.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221003.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221004.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221018.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221056.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221067.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP621\A0221085.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP622\A0221141.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP622\A0221179.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP622\A0221285.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP622\A0221344.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP622\A0221365.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP623\A0221382.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP623\A0221391.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP623\A0221406.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP623\A0221407.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP623\A0221409.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP623\A0221410.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP591\A0207427.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP591\A0207446.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP591\A0207456.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP591\A0207480.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP591\A0207493.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP591\A0207514.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP591\A0207515.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP592\A0207539.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP592\A0207565.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP592\A0207571.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP592\A0208563.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP592\A0208588.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP592\A0208589.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP593\A0208610.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP593\A0208626.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP593\A0209115.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP593\A0209128.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP594\A0209163.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP594\A0209164.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP594\A0209425.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7444174A-1CD8-47F9-AAFE-AC9AC025B3AB}\RP594\A0209485.EXE

Adware.Lop
C:\DOCUMENTS AND SETTINGS\CHUN CHEN\APPLICATION DATA\ELSE PLUS\AXISNEW.EXE









HiJackThis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:17 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\My Documents\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\My Documents\Daemon Tool\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\DOCUME~1\OWNER\MYDOCU~1\flashget\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MPS] C:\ACER\PSM.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\Owner\My Documents\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Flashget] C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Documents and Settings\Owner\My Documents\Daemon Tool\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Owner\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?c072435e443e4372bf505c301541ee20
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?c072435e443e4372bf505c301541ee20
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\Owner\My Documents\flashget\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.kr/gogsweb/gogsweb.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} (AcuViewer Control) - http://presentur.ntu.edu.sg/aculearn-idm/dlls/acuviewer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C7DEB01E-4556-4768-A78D-CA0CABD5C8E8} (PanActiveX Control) - http://www.pangaeaworld.net/OCX/PanActiveX.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 13462 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 09 October 2007 - 10:35 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Owner\APPLIC~1\ELSEPL~1\AXISNEW.exe

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Enable Spybot S&Dís protection.

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Your log is clean :thumbsup:
If all's ok,please do the following.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found in the link below,to help you prevent any possible future infections:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Posted Image
Posted Image

#7 vskiezv

vskiezv
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 09 October 2007 - 08:21 PM

wow!thx for ur help! :thumbsup:

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 10 October 2007 - 07:11 AM

You're welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users