Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Bho.cvx And Packed Morphine


  • Please log in to reply
28 replies to this topic

#1 susansoxs

susansoxs

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:06 PM

Posted 18 December 2007 - 07:41 PM

Hi,
According to AVG Free I have a Trojan Horse BHO.CVX in my system32floder. Need help removing this. I ran the Hijack log.
Please Help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24, on 2007-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5028FE55-17DA-4B73-92BF-1F61F2A2057D} - c:\windows\system32\cewmdmi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {835B68BC-8D6C-4ACC-A95C-7E734C804BFC} - C:\WINDOWS\system32\dxtransl.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm265LDUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.2.32/aces/aces-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.com/applet-8.0.5.30/alls...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.com/applet-8.0.3.20/allin/allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.3.36/back...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-8.0.2.32/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.3.20/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.2.40/bowl...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/cana...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/chec...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/crib...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.4.41/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.1.23/chec...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.9.3.29/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-8.0.3.20/euch...uchre-en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.9.3.39/bingo/bingoe-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.32/firs...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/gree...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-8.0.2.40/hang...ngman-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.4.41/hear...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.2.40/draw...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.4.41/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.5.30/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-8.0.5.30/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.9.3.49/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.5.30/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.2.32/mahj...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.1.32/free...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/free...cell2-en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-8.0.0.20/pebb...ebble-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.30/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.22/wate...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.9.4.34/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/pino...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.2.32/popp...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.36/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squa...uares-en_US.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-8.0.5.30/sawg...grass-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.9.3.39/slot...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.3.20/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-8.0.5.30/spad...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.2.40/spid...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.2.40/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-8.0.0.30/swee...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-8.0.2.40/swee...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://ea02.pogo.com/applet-8.0.2.32/tank/tank-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.4.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.3.20/tumb...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turb...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.1.32/mlsl...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.5.30/memo...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babb...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/word...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-8.0.5.30/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.1.32/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-8.0.5.30/word...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/worl...class-en_US.cab
O16 - DPF: Yahoo! Dots - http://download2.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175911946796
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...tle/Coupons.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/as...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...188/mcfscan.cab
O20 - Winlogon Notify: aeacaqgw - C:\WINDOWS\SYSTEM32\cewmdmi.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 17269 bytes

BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:06 AM

Posted 30 December 2007 - 08:37 AM

Hello susansoxs and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#3 susansoxs

susansoxs
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:06 PM

Posted 30 December 2007 - 06:36 PM

Hi thank you for taking the time with my problems. Here is my new log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31, on 2007-12-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5028FE55-17DA-4B73-92BF-1F61F2A2057D} - c:\windows\system32\cewmdmi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {835B68BC-8D6C-4ACC-A95C-7E734C804BFC} - C:\WINDOWS\system32\dxtransl.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm265LDUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.2.32/aces/aces-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.com/applet-8.0.5.30/alls...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.com/applet-8.0.3.20/allin/allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.3.36/back...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-8.0.2.32/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.3.20/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.2.40/bowl...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/cana...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/chec...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/crib...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.4.41/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.1.23/chec...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.9.3.29/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-8.0.3.20/euch...uchre-en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.9.3.39/bingo/bingoe-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.32/firs...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/gree...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-8.0.2.40/hang...ngman-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.4.41/hear...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.2.40/draw...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.4.41/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.5.30/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-8.0.5.30/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.9.3.49/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.5.30/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.2.32/mahj...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.1.32/free...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/free...cell2-en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-8.0.0.20/pebb...ebble-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.30/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.22/wate...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.9.4.34/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/pino...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.2.32/popp...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.36/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squa...uares-en_US.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-8.0.5.30/sawg...grass-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.9.3.39/slot...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.3.20/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-8.0.5.30/spad...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.2.40/spid...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.2.40/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-8.0.0.30/swee...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-8.0.2.40/swee...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://ea02.pogo.com/applet-8.0.2.32/tank/tank-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.4.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.3.20/tumb...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turb...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.1.32/mlsl...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.5.30/memo...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babb...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/word...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-8.0.5.30/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.1.32/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-8.0.5.30/word...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/worl...class-en_US.cab
O16 - DPF: Yahoo! Dots - http://download2.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175911946796
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...tle/Coupons.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/as...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...195/mcfscan.cab
O20 - Winlogon Notify: aeacaqgw - C:\WINDOWS\SYSTEM32\cewmdmi.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 17236 bytes

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:06 AM

Posted 31 December 2007 - 06:57 AM

Hey susansoxs,

Step #1

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Step #2

Run HijackThis, press Scan, and put a check mark next to all these entries:

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...tle/Coupons.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/as...aploader_v6.cab


Close all other windows and browsers, and press the Fix Checked button.

Step #3

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #4

Please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close ALL applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
The logs can be quite lengthy..use two post if you need to get them all in.


Step #5

Please post back with the vundofix.txt and the main.txt and the extra.txt from the DSS scan. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 susansoxs

susansoxs
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:06 PM

Posted 31 December 2007 - 05:11 PM

acDeckard's System Scanner v20071014.68
Run by susans on 2007-12-31 16:59:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-12-31 21:59:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as susans.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03, on 2007-12-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\susans\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\susans.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5028FE55-17DA-4B73-92BF-1F61F2A2057D} - c:\windows\system32\cewmdmi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {835B68BC-8D6C-4ACC-A95C-7E734C804BFC} - C:\WINDOWS\system32\dxtransl.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm265LDUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.2.32/aces/aces-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.com/applet-8.0.5.30/alls...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.com/applet-8.0.3.20/allin/allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.3.36/back...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-8.0.2.32/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.3.20/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.2.40/bowl...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/cana...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/chec...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/crib...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.4.41/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.1.23/chec...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.9.3.29/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-8.0.3.20/euch...uchre-en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.9.3.39/bingo/bingoe-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.32/firs...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/gree...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-8.0.2.40/hang...ngman-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.4.41/hear...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.2.40/draw...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.4.41/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.5.30/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-8.0.5.30/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.9.3.49/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.5.30/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.2.32/mahj...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.1.32/free...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/free...cell2-en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-8.0.0.20/pebb...ebble-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.30/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.22/wate...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.9.4.34/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/pino...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.2.32/popp...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.36/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squa...uares-en_US.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-8.0.5.30/sawg...grass-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.9.3.39/slot...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.3.20/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-8.0.5.30/spad...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.2.40/spid...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.2.40/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-8.0.0.30/swee...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-8.0.2.40/swee...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://ea02.pogo.com/applet-8.0.2.32/tank/tank-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.4.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.3.20/tumb...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turb...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.1.32/mlsl...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.5.30/memo...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babb...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/word...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-8.0.5.30/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.1.32/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-8.0.5.30/word...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/worl...class-en_US.cab
O16 - DPF: Yahoo! Dots - http://download2.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175911946796
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_04) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...195/mcfscan.cab
O20 - Winlogon Notify: aeacaqgw - C:\WINDOWS\SYSTEM32\cewmdmi.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 17003 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071231-162350-944 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...tle/Coupons.cab
backup-20071231-162351-801 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/as...aploader_v6.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 nupvygdv - c:\windows\system32\drivers\rqopsltw.dat
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\docume~1\susans\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-28 11:16:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-28 10:03:37 434 --a------ C:\WINDOWS\Tasks\At1.job


-- Files created between 2007-11-30 and 2007-12-31 -----------------------------

2007-12-31 16:28:51 0 d-------- C:\VundoFix Backups
2007-12-31 16:19:38 0 d-------- C:\Program Files\Common Files\Java
2007-12-18 19:19:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data\yahoo!
2007-12-18 19:13:30 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-12-18 19:13:30 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-12-18 19:13:26 0 d-------- C:\Program Files\Sygate
2007-12-18 18:47:47 0 d-------- C:\WINDOWS\McAfee.com
2007-12-18 16:41:40 0 d-------- C:\Documents and Settings\susans\Application Data\HouseCall 6.6
2007-12-18 16:03:07 0 d-------- C:\Documents and Settings\susans\.housecall6.6
2007-12-17 21:03:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 16:45:41 0 d-------- C:\Program Files\Trend Micro
2007-12-14 20:09:30 0 d-------- C:\Documents and Settings\susans\Application Data\Lavasoft
2007-12-14 20:09:19 0 d-------- C:\Program Files\Lavasoft
2007-12-14 20:08:40 0 d-------- C:\Program Files\CCleaner
2007-12-14 19:07:31 0 d-------- C:\Spyware from Carl
2007-12-12 22:19:11 741632 --a------ C:\WINDOWS\system32\zrbdgxpx.dat
2007-12-12 22:19:11 36096 --a------ C:\WINDOWS\system32\qekzonrv.dat
2007-12-12 22:19:11 42240 --a------ C:\WINDOWS\system32\prknqkes.dat
2007-12-12 22:19:11 246545 --a------ C:\WINDOWS\system32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2007-12-12 22:19:11 1188375 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2007-12-12 22:19:11 35072 --a------ C:\WINDOWS\system32\egrpgvzc.dat
2007-12-12 20:59:44 0 d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2007-12-12 20:59:40 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-11 22:16:06 119552 --a------ C:\WINDOWS\system32\dxpfytsh.dat
2007-12-11 22:10:14 82944 --a------ C:\WINDOWS\system32\cewmdmi.dll
2007-12-11 22:10:02 19456 --a------ C:\WINDOWS\system32\drivers\rqopsltw.dat
2007-12-11 22:09:15 84992 --a------ C:\WINDOWS\system32\dxtransl.dll


-- Find3M Report ---------------------------------------------------------------

2007-12-31 16:19:57 0 d-------- C:\Program Files\Java
2007-12-31 16:19:38 0 d-------- C:\Program Files\Common Files
2007-12-31 16:18:08 0 d-------- C:\Program Files\Chameleon Clock
2007-12-31 10:06:54 0 d-------- C:\Documents and Settings\susans\Application Data\AVG7
2007-12-30 19:23:24 0 d-------- C:\Program Files\Mystery Case Files Ravenhearst
2007-12-13 22:18:53 0 d-------- C:\Program Files\LemonWire
2007-12-13 22:18:11 0 d-------- C:\Program Files\BearShare Applications
2007-12-13 00:59:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-12 20:59:46 0 d-------- C:\Program Files\Yahoo!
2007-11-05 20:56:48 0 d-------- C:\Program Files\Oberon Media


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5028FE55-17DA-4B73-92BF-1F61F2A2057D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{835B68BC-8D6C-4ACC-A95C-7E734C804BFC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 22:11]
"nwiz"="nwiz.exe" [2004-09-20 22:11 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-20 22:11]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 00:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 17:58 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 00:05 C:\WINDOWS\ALCWZRD.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50]
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2004-03-11 12:55]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-25 08:42]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" [2001-01-08 15:07]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-01-19 10:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\susans\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 12:57:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-01-19 17:23:46]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-01-19 17:05:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\DVD5R\SchSvr.exe [2004-10-01 21:08:34]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-10-01 21:08:47]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 13:20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aeacaqgw]
cewmdmi.dll 2007-12-17 16:36 82944 C:\WINDOWS\system32\cewmdmi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zeicqybe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7694 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-31 17:03:36 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1021.73 MiB / 555.8 MiB
Pagefile Memory (total/avail): 2464.36 MiB / 2057.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 219.57 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500KS-00MJB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:AT&T Yahoo! Music Jukebox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\susans\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SUSAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\susans
LOGONSERVER=\\SUSAN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\susans\LOCALS~1\Temp
TMP=C:\DOCUME~1\susans\LOCALS~1\Temp
USERDOMAIN=SUSAN
USERNAME=susans
USERPROFILE=C:\Documents and Settings\susans
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

susans (admin)
jimmy (admin)
dillon (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
ArcSoft PhotoImpression 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}\Setup.exe" -l0x9
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe
AT&T Yahoo! Music Jukebox --> MsiExec.exe /X{54AA707B-68DA-49A4-9916-68DD670241BD}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chameleon Clock 2.51 --> "C:\Program Files\Chameleon Clock\unins000.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Digimax Viewer 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}\Setup.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\susans\Application Data\HouseCall 6.6\uninstaller.exe"
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo DVDCopy --> "C:\Program Files\InstallShield Installation Information\{DD28F8FE-CC0B-47BD-A833-CBBC19D6A8E2}\setup.exe" --u:{DD28F8FE-CC0B-47BD-A833-CBBC19D6A8E2}
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Recorder 5 --> "C:\Program Files\InstallShield Installation Information\{0B168FED-B9EC-4DA8-AC17-9A41F284640B}\setup.exe" REMOVEALL
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
Java Web Start --> "C:\Program Files\Java\jre1.6.0_01\bin\uninst-javaws.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Mystery Case Files Ravenhearst --> "C:\Program Files\Mystery Case Files Ravenhearst\ReflexiveArcade\unins000.exe"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Unix Utilities for Yahoo! Widgets --> C:\Program Files\Yahoo!\Yahoo! Widget Engine\UnixUtils\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\YAHOO!~1\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3693 / Error
Event Submitted/Written: 12/13/2007 09:03:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iTunes.exe, version 7.3.2.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3676 / Error
Event Submitted/Written: 12/13/2007 04:13:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ybrowser.exe, version 2006.8.11.1, faulting module mshtml.dll, version 7.0.6000.16587, fault address 0x0017d672.
Processing media-specific event for [ybrowser.exe!ws!]

Event Record #/Type3642 / Error
Event Submitted/Written: 12/12/2007 10:07:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ybrowser.exe, version 2006.8.11.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [ybrowser.exe!ws!]

Event Record #/Type3623 / Error
Event Submitted/Written: 12/11/2007 10:07:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ybrowser.exe, version 2006.8.11.1, faulting module mshtml.dll, version 7.0.6000.16544, fault address 0x00127bd1.
Processing media-specific event for [ybrowser.exe!ws!]

Event Record #/Type3610 / Error
Event Submitted/Written: 12/10/2007 10:17:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application yahoom~1.exe, version 8.1.0.200, faulting module unknown, version 0.0.0.0, fault address 0x01d4fdca.
Processing media-specific event for [yahoom~1.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type133427 / Error
Event Submitted/Written: 12/31/2007 04:17:59 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access NDIS WAN Monitor service terminated with the following error:
%%5

Event Record #/Type133382 / Error
Event Submitted/Written: 12/31/2007 04:07:21 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access NDIS WAN Monitor service terminated with the following error:
%%5

Event Record #/Type133381 / Error
Event Submitted/Written: 12/31/2007 04:06:51 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.64 for the Network Card with network address 001111400FF7 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type133369 / Error
Event Submitted/Written: 12/31/2007 10:07:15 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type133368 / Error
Event Submitted/Written: 12/31/2007 10:07:15 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.64 for the Network Card with network address 001111400FF7 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2007-12-31 17:03:36 ------------


When doing the Remove in the Vundo fix: I clicked the remove button but it did not prompt me asking me if I want to remove files. It just said no file found. And will no close. ????

#6 susansoxs

susansoxs
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:06 PM

Posted 31 December 2007 - 05:18 PM

VundoFix V6.7.7

Checking Java version...

Scan started at 16:28:51 2007-12-31

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

Beginning removal...

#7 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:06 AM

Posted 01 January 2008 - 11:55 PM

Hey Susansoxs,

I see you have the Windows Internal Firewall enabled. Since you have installed Sygate as software firewall, it is advisable to disable the Windows Internal Firewall to avoid conflicts within the two firewalls.

Additionally, can you tell me if you know this folder: "C:\Spyware from Carl" or if you know the contents of it?

Step #1

While Spybot's TeaTimer is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure "Advanced Mode" is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Step #2

Please copy and paste the following text into Notepad:

sc stop nupvygdv
sc delete nupvygdv
del services.bat

Save this as "services.bat" Choose to save as *all files and place it on your Desktop.
Double-click services.bat. Soon it should disappear from your Desktop; this is fine.

Step #3

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case LemonWire and BearShare). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (ie the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Step #4

Run HijackThis, press Scan, and put a check mark next to all these entries:

O2 - BHO: (no name) - {5028FE55-17DA-4B73-92BF-1F61F2A2057D} - c:\windows\system32\cewmdmi.dll
O2 - BHO: (no name) - {835B68BC-8D6C-4ACC-A95C-7E734C804BFC} - C:\WINDOWS\system32\dxtransl.dll
O8 - Extra context menu item: &Search - ?p=ZUxdm265LDUS
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_04) -
O20 - Winlogon Notify: aeacaqgw - C:\WINDOWS\SYSTEM32\cewmdmi.dll


Close all other windows and browsers, and press the Fix Checked button.

Step #5

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\system32\drivers\rqopsltw.dat
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\system32\zrbdgxpx.dat
    C:\WINDOWS\system32\qekzonrv.dat
    C:\WINDOWS\system32\prknqkes.dat
    C:\WINDOWS\system32\egrpgvzc.dat
    C:\WINDOWS\system32\dxpfytsh.dat
    C:\WINDOWS\system32\cewmdmi.dll
    C:\WINDOWS\system32\dxtransl.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #6

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Java Web Start

Step #7

Please post back with the log from OTMoveIt and a fresh log from DSS (Deckard's System Scanner). Thanks.

Edited by Yourhighness, 01 January 2008 - 11:58 PM.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#8 susansoxs

susansoxs
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:06 PM

Posted 02 January 2008 - 12:20 PM

File move failed. c:\windows\system32\drivers\rqopsltw.dat scheduled to be moved on reboot.
File/Folder C:\WINDOWS\Tasks\At1.job not found.
File/Folder C:\WINDOWS\system32\zrbdgxpx.dat not found.
File/Folder C:\WINDOWS\system32\qekzonrv.dat not found.
File/Folder C:\WINDOWS\system32\prknqkes.dat not found.
File/Folder C:\WINDOWS\system32\egrpgvzc.dat not found.
File/Folder C:\WINDOWS\system32\dxpfytsh.dat not found.
LoadLibrary failed for C:\WINDOWS\system32\cewmdmi.dll
C:\WINDOWS\system32\cewmdmi.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cewmdmi.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\dxtransl.dll
C:\WINDOWS\system32\dxtransl.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dxtransl.dll scheduled to be moved on reboot.

Created on 01-02-2008 12:08:29

Hi Yourhighness,

After I rebooted I ran again.
Also yes I know the folder spyware from Carl. He also gave me some of the programs you had me install. Spybots S&D and so on.
As for the lemon wire program I do dont know how to remove it. I thought I did when my stepson moved out. But I cannot find anything more on it to remove.

Deckard's System Scanner v20071014.68
Run by susans on 2008-01-02 12:19:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as susans.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19, on 2008-01-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\susans\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\susans.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5028FE55-17DA-4B73-92BF-1F61F2A2057D} - c:\windows\system32\cewmdmi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {835B68BC-8D6C-4ACC-A95C-7E734C804BFC} - C:\WINDOWS\system32\dxtransl.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.2.32/aces/aces-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.com/applet-8.0.5.30/alls...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.com/applet-8.0.3.20/allin/allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.3.36/back...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-8.0.2.32/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.3.20/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.2.40/bowl...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/cana...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/chec...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/crib...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.4.41/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.1.23/chec...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.9.3.29/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-8.0.3.20/euch...uchre-en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.9.3.39/bingo/bingoe-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.32/firs...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/gree...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-8.0.2.40/hang...ngman-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.4.41/hear...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.2.40/draw...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.4.41/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.5.30/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-8.0.5.30/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.9.3.49/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.5.30/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.2.32/mahj...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.1.32/free...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/free...cell2-en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-8.0.0.20/pebb...ebble-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.30/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.22/wate...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.9.4.34/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/pino...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.2.32/popp...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.36/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squa...uares-en_US.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-8.0.5.30/sawg...grass-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.9.3.39/slot...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.3.20/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-8.0.5.30/spad...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.2.40/spid...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.2.40/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-8.0.0.30/swee...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-8.0.2.40/swee...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://ea02.pogo.com/applet-8.0.2.32/tank/tank-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.4.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.3.20/tumb...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turb...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.1.32/mlsl...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.5.30/memo...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babb...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/word...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-8.0.5.30/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.1.32/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-8.0.5.30/word...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/worl...class-en_US.cab
O16 - DPF: Yahoo! Dots - http://download2.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175911946796
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...195/mcfscan.cab
O20 - Winlogon Notify: aeacaqgw - C:\WINDOWS\SYSTEM32\cewmdmi.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 16844 bytes

-- Files created between 2007-12-02 and 2008-01-02 -----------------------------

2007-12-31 16:28:51 0 d-------- C:\VundoFix Backups
2007-12-31 16:19:38 0 d-------- C:\Program Files\Common Files\Java
2007-12-18 19:19:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data\yahoo!
2007-12-18 19:13:30 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-12-18 19:13:30 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-12-18 19:13:26 0 d-------- C:\Program Files\Sygate
2007-12-18 18:47:47 0 d-------- C:\WINDOWS\McAfee.com
2007-12-18 16:41:40 0 d-------- C:\Documents and Settings\susans\Application Data\HouseCall 6.6
2007-12-18 16:03:07 0 d-------- C:\Documents and Settings\susans\.housecall6.6
2007-12-17 21:03:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 16:45:41 0 d-------- C:\Program Files\Trend Micro
2007-12-14 20:09:30 0 d-------- C:\Documents and Settings\susans\Application Data\Lavasoft
2007-12-14 20:09:19 0 d-------- C:\Program Files\Lavasoft
2007-12-14 20:08:40 0 d-------- C:\Program Files\CCleaner
2007-12-14 19:07:31 0 d-------- C:\Spyware from Carl
2007-12-12 22:19:11 246545 --a------ C:\WINDOWS\system32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2007-12-12 22:19:11 1188375 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2007-12-12 20:59:44 0 d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2007-12-12 20:59:40 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-11 22:10:14 82944 --a------ C:\WINDOWS\system32\cewmdmi.dll
2007-12-11 22:10:02 19456 --a------ C:\WINDOWS\system32\drivers\rqopsltw.dat
2007-12-11 22:09:15 84992 --a------ C:\WINDOWS\system32\dxtransl.dll


-- Find3M Report ---------------------------------------------------------------

2008-01-02 12:05:44 0 d-------- C:\Program Files\Chameleon Clock
2008-01-02 09:58:09 0 d-------- C:\Documents and Settings\susans\Application Data\AVG7
2008-01-01 20:36:40 0 d-------- C:\Program Files\Mystery Case Files Ravenhearst
2007-12-31 16:19:57 0 d-------- C:\Program Files\Java
2007-12-31 16:19:38 0 d-------- C:\Program Files\Common Files
2007-12-13 22:18:53 0 d-------- C:\Program Files\LemonWire
2007-12-13 22:18:11 0 d-------- C:\Program Files\BearShare Applications
2007-12-13 00:59:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-12 20:59:46 0 d-------- C:\Program Files\Yahoo!
2007-11-05 20:56:48 0 d-------- C:\Program Files\Oberon Media


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5028FE55-17DA-4B73-92BF-1F61F2A2057D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{835B68BC-8D6C-4ACC-A95C-7E734C804BFC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 22:11]
"nwiz"="nwiz.exe" [2004-09-20 22:11 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-20 22:11]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 00:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 17:58 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 00:05 C:\WINDOWS\ALCWZRD.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50]
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2004-03-11 12:55]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-25 08:42]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" [2001-01-08 15:07]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-01-19 10:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\susans\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 12:57:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-01-19 17:23:46]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-01-19 17:05:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\DVD5R\SchSvr.exe [2004-10-01 21:08:34]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-10-01 21:08:47]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 13:20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aeacaqgw]
cewmdmi.dll 2007-12-17 16:36 82944 C:\WINDOWS\system32\cewmdmi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zeicqybe




-- End of Deckard's System Scanner: finished at 2008-01-02 12:19:35 ------------

Happy New Year!
Susan

#9 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:06 AM

Posted 02 January 2008 - 03:25 PM

Hey Susansoxs,

Also yes I know the folder spyware from Carl. He also gave me some of the programs you had me install. Spybots S&D and so on.

Good to know. The tools we are using are anti-spyware tools, so the name of the folder suggested it to be one we would want to get rid of.

Step #1

As for the lemon wire program I do dont know how to remove it. I thought I did when my stepson moved out. But I cannot find anything more on it to remove

Lets try this:

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: LemonWire, Bearshare

If you cannot find it, just let me know in your next reply. Thanks.

Step #2

While Spybot's TeaTimer is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure "Advanced Mode" is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Step #3

Run HijackThis, press Scan, and put a check mark next to all these entries:

O2 - BHO: (no name) - {5028FE55-17DA-4B73-92BF-1F61F2A2057D} - c:\windows\system32\cewmdmi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {835B68BC-8D6C-4ACC-A95C-7E734C804BFC} - C:\WINDOWS\system32\dxtransl.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O20 - Winlogon Notify: aeacaqgw - C:\WINDOWS\SYSTEM32\cewmdmi.dll


Close all other windows and browsers, and press the Fix Checked button.

Step #4

Please download ComboFix from here and save it to your Desktop. Do not run it yet!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.)
Step #5
  • Open notepad and copy/paste the text in the codebox below into it:

    File::
    C:\WINDOWS\SYSTEM32\cewmdmi.dll
    C:\WINDOWS\system32\dxtransl.dll
    C:\WINDOWS\system32\drivers\rqopsltw.dat
    
    NetSvc::
    zeicqybe
    
    Folder::
    c:\Deckard\System Scanner
    C:\VundoFix Backups
    C:\Program Files\LemonWire
    C:\Program Files\BearShare Applications
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5028FE55-17DA-4B73-92BF-1F61F2A2057D}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{835B68BC-8D6C-4ACC-A95C-7E734C804BFC}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aeacaqgw]
  • Save this as CFScript.txt

    Posted Image
  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall
Step #6

Please post back with the ComboFix log and a fresh HijackThis log. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#10 susansoxs

susansoxs
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:06 PM

Posted 02 January 2008 - 06:24 PM

Yourhighness,

I got to step 4 and now I'm lost. I dont know to much about computers. (as you can tell) But now i have all these things on my desktop and not sure what they are. I disabled the AVG and then i went to the ad ware but not sure on how to do it. I read the list but I dont have the signs at the bottem right hand corner. Also I thought we downloaded a mcafee but i dont see it. Just souned fimilar.

Spybot S&D came up with no files infected again. Resident tea timer unchecked, But resident SD helper is checked.

Hijack this after I press fix do I then run scan?

#11 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:06 AM

Posted 04 January 2008 - 04:43 PM

Hey Susansoxs,

Resident tea timer unchecked, But resident SD helper is checked.

Yes, please untick that option as well.

If you are not sure what these icons are, you can do the following: "How to take and share a screen shot in Windows" - Once you followed those instructions, just post the image of your desktop here.

Next, please do step 3 and tick all entries mentioned above. Click Fix checked. Close HijackThis.

Then you download ComboFix, as described in step 4. Once that is done, leave it on your desktop and create the text file as described by copying the text I provided in the code box. You then call it "CFScript.txt" and save it also to your desktop.

The next step is to drag the text file into the combofix.exe file (red circle with white cross icon) and the programme will start running by itself.

All you now need to do is post the log Combofix provided you, along with a fresh HijackThis log (run HijackThis again and just save a log which you then copy / paste as well in your next reply). Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#12 susansoxs

susansoxs
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:06 PM

Posted 04 January 2008 - 10:01 PM

Attached File  screen_shot.GIF   156.09KB   20 downloads

The one I'm having a hard time disableing is the ad-ware. And do you see any others I need to be concerned with?

Thank you
Susan

#13 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:06 AM

Posted 05 January 2008 - 07:35 AM

Hey Susansoxs,

Have a look at these instructions, but instead of ticking the startup option, UNcheck it.

Once that is done, please follow my instructions in post #9.

Oh and as for stuff on your desktop, there are a few things you do not need anymore after the cleaning process, but we will take care of that in our next steps :thumbsup:

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#14 susansoxs

susansoxs
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:06 PM

Posted 05 January 2008 - 09:31 AM

ComboFix 08-01-03.3 - susans 2008-01-05 9:03:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT -5:00]
Running from: C:\Documents and Settings\susans\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\susans\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\cewmdmi.dll
C:\WINDOWS\system32\drivers\rqopsltw.dat
C:\WINDOWS\system32\dxtransl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\susans\Application Data\addon.dat
C:\Program Files\BearShare Applications
C:\Program Files\BearShare Applications\BearShare\ERROR.DMP
C:\Program Files\BearShare Applications\BearShare\ERROR.LOG
C:\Program Files\BearShare Applications\BearShare\WMHelper.log
C:\Program Files\LemonWire
C:\Program Files\LemonWire\clink.jar
C:\Program Files\LemonWire\hs_err_pid1052.log
C:\Program Files\LemonWire\hs_err_pid4556.log
C:\Program Files\LemonWire\Incomplete\CORRUPT-0-Boyz N Da Hood Feat P. Diddy - Dem Boys.mp3
C:\Program Files\LemonWire\Incomplete\downloads.bak
C:\Program Files\LemonWire\Incomplete\downloads.dat
C:\Program Files\LemonWire\Incomplete\Preview-T-11234829-Jim Morrison & The Doors - The End.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-2580106-blink 182 - m&m's.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-2785325-Young Jeezy - jezzy like to drink.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-3363709-Pit Bull ft Lil Jon - CULO.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-3477851-Lil Wayne - Da Drought 3 - Weezy's Ambitions As A Ridah.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-3581212-Lil Wayne unreleased studio freestyles Track06(1).mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-3854386-Young Jeezy - 11 - Thug Motivation 101 - My Hood.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4036176-Blink 182 - All The Small Things.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4118569-MC Hammer - U Can't Touch This.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4221850-Trick Daddy - In Da Wind.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4272586-greenday - green day - american idiot.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4362489-Lil Wayne - I Feel im Like Dying.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4528128-T.I., Lil Jon, Three 6 Mafia, Young Jeezy - Clip up.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4735691-Yung Joc - (New Joc City) - 08 - I Know You See It.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4820180-Sir Mix Alot - Jump On It.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-4981867-Young Bleed - The Day They Make Me Boss.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-5112903-Bone Thugs n Harmoney ft Phil Collins - Home.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-5118711-Pit Bull ft. Lil John - Toma.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-5148550-Young Bleed - We Don't Stop.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-5409986-Blink 182 - I'm Sorry.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-5587439-Birdman ft. Lil Wayne- Championship Pop Bottles.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-5629655-Missy Elliott ft. Ludacris - Gossip Folks (2).mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-5739264-Missy Elliott - The Cook book - 08 - We Run This.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-6110463-Bone Thugs N Harmony - Strength and Loyalty - 06 - C-Town (Feat. Twista) (Produced By Neo Da Matrix).mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-6260864-Greenday - Boulevard Of Broken Dreams.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-6506361-Glamorous - Fergie ft. Ludacris.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-6828160-003-bone_thugs-n-harmony-wind_blow.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-7280045-Bone Thugs-N-Harmony - Wind Blow.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-7280045-Bone Thugs N Harmony - Strength & Loyalty - 03 - Wind Blow.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-7957162-Greenday - Holiday.mp3
C:\Program Files\LemonWire\Incomplete\Preview-T-9652224-Blink182 - I'm Lost Without You.mp3
C:\Program Files\LemonWire\Incomplete\T-1161690-Dj Drama and Lil' Wayne - Dedication Gangsta Grillz - 03 - Motivation.mp3
C:\Program Files\LemonWire\Incomplete\T-1743584-Lil Wayne - Dedication Gangsta Grillz 2 - Ridin With That K.mp3
C:\Program Files\LemonWire\Incomplete\T-2405927-Lil Wayne - No bleep (Go getta remix).mp3
C:\Program Files\LemonWire\Incomplete\T-3320312-Fabalous - Holla Back Youngin.mp3
C:\Program Files\LemonWire\Incomplete\T-3602985-Fabalous - Keepin it gangster.mp3
C:\Program Files\LemonWire\Incomplete\T-3867691-Lil Wayne - Pussy Monster.mp3
C:\Program Files\LemonWire\Incomplete\T-4190721-Bone Thugs N Harmony - East 1999.mp3
C:\Program Files\LemonWire\Incomplete\T-4410851-Fabalous - This is my Party.mp3
C:\Program Files\LemonWire\Incomplete\T-4508943-Bone Thugs N Harmony - Thuggish Ruggish Bone.mp3
C:\Program Files\LemonWire\Incomplete\T-52279860-TUPAC & BIGGIE TRIBUTE (Unreleased) FEAT. Eminem - City Clay - Stagga Lee - 50 Cent - Jay-Z - Linkin Park - Murphy Lee - Nelly - P. Diddy - Sarai - Fabolous - Ashanti - 24's - .wav
C:\Program Files\LemonWire\Incomplete\T-5240459-Rick Ross, Brisco and Flo-Rida - Duffle Bag Boy Freestyle.mp3
C:\Program Files\LemonWire\Incomplete\T-5704366-mase - my harlem lullaby.mp3
C:\Program Files\LemonWire\Incomplete\T-5900720-Fabulous ft. neyo - You Make Me Better.mp3
C:\Program Files\LemonWire\Incomplete\T-5937122-Fabalous - Keepin It Gangsta.mp3
C:\Program Files\LemonWire\Incomplete\T-6137499-Fabolous ft. Neyo-You Make Me Better.mp3
C:\Program Files\LemonWire\Incomplete\T-6327733-Bone Thugs-N-Harmony - Candy Paint (Album Version (Explicit)).mp3
C:\Program Files\LemonWire\Incomplete\T-6828160-003-bone_thugs-n-harmony-wind_blow.mp3
C:\Program Files\LemonWire\Incomplete\T-7063630-Lil Wayne - Tha Carter 2 - 19 - Im a Dboy (feat Birdman).mp3
C:\Program Files\LemonWire\Incomplete\T-7280045-Bone Thugs N Harmony - Strength & Loyalty - 03 - Wind Blow.mp3
C:\Program Files\LemonWire\Incomplete\T-7321821-006-bone_thugs-n-harmony-c-town_(feat._twista).mp3
C:\Program Files\LemonWire\Incomplete\T-7657600-Lil Wayne - Da Drought Is Over Pt 4 - Burn This City.mp3
C:\Program Files\LemonWire\Incomplete\T-8623639-06. Bone Thugs-N-Harmony Ft. Twista - C-Town.mp3
C:\Program Files\LemonWire\LemonWire.dll
C:\Program Files\LemonWire\LemonWire.exe
C:\Program Files\LemonWire\new music.m3u
C:\Program Files\LemonWire\Shared\01 Rich Boy feat. Rick Ross & Game - Throw Some D'z (remix).mp3
C:\Program Files\LemonWire\Shared\02-Rick Ross Feat. Trina & Plies - Push It (Remix)-RGF.mp3
C:\Program Files\LemonWire\Shared\10-shawnna_feat._lil_wayne_rick_ross_pimp_c_too_short_pharrell_busta_rhymes_and_ludacris-getting_some_head_(remix)-c4.mp3
C:\Program Files\LemonWire\Shared\2 Pac Tupac - Changes.mp3
C:\Program Files\LemonWire\Shared\3 6 -Three Six Mafia and Twista - Smoked Out.mp3
C:\Program Files\LemonWire\Shared\36 Mafia feat. Project Pat & Gansta Boo - 2-Way Freak.mp3
C:\Program Files\LemonWire\Shared\50 cent- G Unit - Stunt 101.mp3
C:\Program Files\LemonWire\Shared\50 Cent - Amusement Park (Dirty).mp3
C:\Program Files\LemonWire\Shared\50 Cent feat. Tony Yayo, Murda Mase, Mobb Deep, M.O.P., Young Buck, Lloyd Banks - 300 Shots (Dissin The Game).mp3
C:\Program Files\LemonWire\Shared\50 Cent ft Olivia - Bestfriend Remix.mp3
C:\Program Files\LemonWire\Shared\504 Boyz - Tight Whips ft. Master P, Magic, Lil Romeo.mp3
C:\Program Files\LemonWire\Shared\ACDC - TNT.mp3
C:\Program Files\LemonWire\Shared\aerosmith - jamies got a gun.mp3
C:\Program Files\LemonWire\Shared\Akon- Sorry, Blame It On Me.mp3
C:\Program Files\LemonWire\Shared\Akon - Dont Matter.mp3
C:\Program Files\LemonWire\Shared\Akon - Konvicted - 05 - The Rain.mp3
C:\Program Files\LemonWire\Shared\Akon - Konvicted - 06 - Never Took The Time 1.mp3
C:\Program Files\LemonWire\Shared\Akon - Mr.Lonely.mp3
C:\Program Files\LemonWire\Shared\Akon ft bone thugs n harmoney - I Tried.mp3
C:\Program Files\LemonWire\Shared\Akon Ft. G-unit- Ghetto (Remix).mp3
C:\Program Files\LemonWire\Shared\Baby Bash ft. T-Pain - Cyclone (Dirty).mp3
C:\Program Files\LemonWire\Shared\Baby Boy - This Is The Way I Live.mp3
C:\Program Files\LemonWire\Shared\Baby Boy Da Prince - Nawmeen.mp3
C:\Program Files\LemonWire\Shared\Baby Don't Go ;; Fabalous Ft. T-Pain.mp3
C:\Program Files\LemonWire\Shared\Big Tymers - Big Ballin'.mp3
C:\Program Files\LemonWire\Shared\Biggie Smalls - N.o.t.o.r.i.o.u.s..mp3
C:\Program Files\LemonWire\Shared\Biggie Smalls - Juicy.mp3
C:\Program Files\LemonWire\Shared\Birdman & Lil Wayne - Leather So Soft.mp3
C:\Program Files\LemonWire\Shared\Birdman ft. Lil Wayne- Championship Pop Bottles.mp3
C:\Program Files\LemonWire\Shared\Birdman ft. Lil Wayne - Neck Of The Woods .mp3
C:\Program Files\LemonWire\Shared\Blink 182 - Adam's Song.mp3
C:\Program Files\LemonWire\Shared\Blink 182 - Aliens Exist.mp3
C:\Program Files\LemonWire\Shared\Blink 182 - All The Small Things.mp3
C:\Program Files\LemonWire\Shared\Blink 182 - Dammit.mp3
C:\Program Files\LemonWire\Shared\Blink 182 - Down.mp3
C:\Program Files\LemonWire\Shared\Blink 182 - First Date.mp3
C:\Program Files\LemonWire\Shared\Blink 182 - I'm Sorry.mp3
C:\Program Files\LemonWire\Shared\Blink 182 - The Rock Show.mp3
C:\Program Files\LemonWire\Shared\Blink182 - I'm Lost Without You.mp3
C:\Program Files\LemonWire\Shared\Blink182 - The party song.mp3
C:\Program Files\LemonWire\Shared\Bone-Thugs-N-Harmony feat Swizz Beats--Bumps In The Trunk (Produced by The Individuals) [FBB].mp3
C:\Program Files\LemonWire\Shared\Bone Thugs-N-Harmony - Candy Paint (Album Version (Explicit)).mp3
C:\Program Files\LemonWire\Shared\Bone Thugs-n-harmony - Wasteland Warriors (Featuring Souljah Boy).mp3
C:\Program Files\LemonWire\Shared\Bone Thugs-N-Harmony - Wind Blow.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs-N-Harmony feat. Akon - Forget Me.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs And Harmony - These Are The Days Of Our Lives.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs ft Mariah Carey, Bow Wow - Lil Love.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony- Running With The AK47.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony-Crossroads - Cross Roads.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony - Down Foe My Thang.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony - Exstacy.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs n Harmony - Ghetto Cowboy.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony - Mr. Ouija 2.mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony - Strength and Loyalty - 06 - C-Town (Feat. Twista) (Produced By Neo Da Matrix).mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony - Strength and Loyalty - 14 - Never Forget Me (Feat. Akon) (Produced By Akon & Georgio Tuinfort).mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony and Phil Collins - Home .mp3
C:\Program Files\LemonWire\Shared\Bone Thugs N Harmony ft. Wisin & Yandel - Take The Lead (Wanna Ride).mp3
C:\Program Files\LemonWire\Shared\Bone Thugz 'n Harmony - Thug Mentality .MP3
C:\Program Files\LemonWire\Shared\Bow Wow - Fresh Azimiz .mp3
C:\Program Files\LemonWire\Shared\Bow Wow feat. Chris Brown - Shorty Like Mine.mp3
C:\Program Files\LemonWire\Shared\Boy Goerges - Do You Really Want To Hurt Me.mp3
C:\Program Files\LemonWire\Shared\Boyz N Da Hood - Gangsta Boyz (Feat. Lil' Wayne & T.I.).mp3
C:\Program Files\LemonWire\Shared\Boyz N Da Hood - Back Up In The Chevy - We Ready F. Yung Joc.mp3
C:\Program Files\LemonWire\Shared\Boyz N Da Hood - Back Up N Da Chevy-06-boyz_n_da_hood-choppas_(feat._ice_cube).mp3
C:\Program Files\LemonWire\Shared\Bubba Sparxxx - Deliverance.mp3
C:\Program Files\LemonWire\Shared\C-Murder ft. B Gizzle - Yall Heard Of Me .mp3
C:\Program Files\LemonWire\Shared\Camron ft. Lil Wayne - Suck It Or Not (Remix).mp3
C:\Program Files\LemonWire\Shared\cash money - Eminem vs Lil Wayne and Manny Fresh (freestyle remix by DJ Scratch and Sniff).mp3
C:\Program Files\LemonWire\Shared\CASSIDY - B BOY STANDS.mp3
C:\Program Files\LemonWire\Shared\Cassidy - Drank And My 2 Step ft Swizz Beats.mp3
C:\Program Files\LemonWire\Shared\Chamillionaire - Mixtape Messiah 3 - Nothin But Lies.mp3
C:\Program Files\LemonWire\Shared\Choppa & Master P- Choppa Style(Dirty).mp3
C:\Program Files\LemonWire\Shared\Chris Brown Ft. T Pain - Kiss Kiss.mp3
C:\Program Files\LemonWire\Shared\Clipse ft. Pharell - Grinding.mp3
C:\Program Files\LemonWire\Shared\Copy of Sean Kingston - Beautiful Girls.mp3
C:\Program Files\LemonWire\Shared\CrimeMob - Knuck if you Buck.mp3
C:\Program Files\LemonWire\Shared\Crimemob - Rock Ya Hips.mp3
C:\Program Files\LemonWire\Shared\D4L, 50 Cent, Snoop Dogg, The Game, Trap Squad, Soulja Boy, Youngbloodz, Dem Franchize Boyz, Lil Wayne, Eminem, Young Jeezy, Gucci Mane, Jay-Z, Master P, Booty Meat, Yo Gotti, Three Six Mafia, Crime Mob, Webbie,.mp3
C:\Program Files\LemonWire\Shared\David Banner - Like A Pimp.mp3
C:\Program Files\LemonWire\Shared\David Banner ft Akon, Lil Wayne & Snoop - 9mm (Dirty).mp3
C:\Program Files\LemonWire\Shared\Disco 80s - George Clinton- Play That Funky Music White Boy.mp3
C:\Program Files\LemonWire\Shared\DJ 31 Degreez Presents. Jeezy & Weezy - Snow Patrol - 07 - You Dont Want It With The King ft. T.I..mp3
C:\Program Files\LemonWire\Shared\DJ Drama & Lil Boosie - Streetz Iz Mine - 03 - Too Much.mp3
C:\Program Files\LemonWire\Shared\DJ Drama & Lil Wayne - Dedication Pt.2 - 19 - Walk It Off.mp3
C:\Program Files\LemonWire\Shared\DJ Drama & Yung Joc - Welcome To My Block - 04 - Ride Wit Them Thangs - ft.Boyz N Da Hood & Lil Wayne.mp3
C:\Program Files\LemonWire\Shared\DJ Drama and Lil' Wayne - Dedication Gangsta Grillz - 16 - D Boyz.mp3
C:\Program Files\LemonWire\Shared\DJ Drama feat Young Jeezy & Willie The Kid & Jim Jones & Rick Ross & Young Buck & T.I.--Feds Taking Pictures [FBB].mp3
C:\Program Files\LemonWire\Shared\Dj Green Lantern, Dj Muggs ft. Eminem, 50 Cent Lloyd Banks, Tony Yayo, Obie Trice - We All Die 1 Day.mp3
C:\Program Files\LemonWire\Shared\DJ Khaled - ft T-Pain Plies Trick Daddy _ Im Soo Hood.mp3
C:\Program Files\LemonWire\Shared\DJ Khaled f. Young Jeezy, Juelz Santana, Lil Wayne, Fat Joe, Rick Ross & Dre - Brown Paper Bag.mp3
C:\Program Files\LemonWire\Shared\DJ Khaled ft. Paul Wall, Lil' Wayne, Rick Ross, Fat Joe & Pitbull - Holla At Me Baby.mp3
C:\Program Files\LemonWire\Shared\DJ Smallz - Southern Smoke 13 - 23 - Lil' Wayne - Crack Ya Bottle (Not On Album).mp3
C:\Program Files\LemonWire\Shared\Dj Unk-Two step.mp3
C:\Program Files\LemonWire\Shared\DJ Unk - Walk It Out .mp3
C:\Program Files\LemonWire\Shared\Dr. Dre - The chronic - 02 - bleep Wit Dre Day.mp3
C:\Program Files\LemonWire\Shared\Elliot Ness - My Hood.mp3
C:\Program Files\LemonWire\Shared\Eminem - 8 Mile Freestyle Battles.mp3
C:\Program Files\LemonWire\Shared\Eminem - 8 Mile Soundtrack - Run Rabbit Run.mp3
C:\Program Files\LemonWire\Shared\Eminem - Like Toy Soldiers.mp3
C:\Program Files\LemonWire\Shared\Eminem - When I'm Gone.mp3
C:\Program Files\LemonWire\Shared\Eminem Presents The Re-Up - 07 - Eminem feat. 50 Cent, Cashis & Lloyd Banks - You Don't Know.mp3
C:\Program Files\LemonWire\Shared\Eminem Vs. KRS One (Freestyle).mp3
C:\Program Files\LemonWire\Shared\Eminem, D12, DJ Green Lantern - Keep Talkin.mp3
C:\Program Files\LemonWire\Shared\Fabolous - Losos Way 300 Bars Freestyle(DISSIN' MASE).mp3
C:\Program Files\LemonWire\Shared\Fabolous ft 50 Cent & Mase - Breathe (remix).mp3
C:\Program Files\LemonWire\Shared\Fabolous ft. Ne-Yo -You Make Me Better.mp3
C:\Program Files\LemonWire\Shared\Fight Klub Nems vs. Serius Jones Round 2.mp3
C:\Program Files\LemonWire\Shared\Fight Klub Serious Jones vs. Jin.mp3
C:\Program Files\LemonWire\Shared\Freestyles - Jin - Eminem - Ludacris & Lil Wayne Diss.mp3
C:\Program Files\LemonWire\Shared\George Clinton & Parliament Funkadelics - Atomic Dog.mp3
C:\Program Files\LemonWire\Shared\Glamorous - Fergie ft. Ludacris.mp3
C:\Program Files\LemonWire\Shared\Gorilla Zoe Feat. Young Jeezy- Hood bleep (Remix)(1).mp3
C:\Program Files\LemonWire\Shared\Green Day - Good Riddance (Time Of Your Life).mp3
C:\Program Files\LemonWire\Shared\green day - greenday - when i come around.mp3
C:\Program Files\LemonWire\Shared\Green Day - Time of Your Life.mp3
C:\Program Files\LemonWire\Shared\Green Day - Wake Me Up When September Ends.mp3
C:\Program Files\LemonWire\Shared\Green Day - Working Class Hero.mp3
C:\Program Files\LemonWire\Shared\GreenDay - Basket Case.mp3
C:\Program Files\LemonWire\Shared\Greenday - Boulevard Of Broken Dreams.mp3
C:\Program Files\LemonWire\Shared\greenday - green day - american idiot.mp3
C:\Program Files\LemonWire\Shared\Greenday - Holiday.mp3
C:\Program Files\LemonWire\Shared\Greenday - When I Come Around.mp3
C:\Program Files\LemonWire\Shared\Gucci Mane - bleep I Might Be(1).mp3
C:\Program Files\LemonWire\Shared\Gucci Mane Ft Ludacris - Freaky Girl Remix..mp3
C:\Program Files\LemonWire\Shared\Gucci Mane ft Young Jeezy- Icy .mp3
C:\Program Files\LemonWire\Shared\Heizmen Boys - Do Da Hiezman.mp3
C:\Program Files\LemonWire\Shared\Huey - Pop Lock & Drop It Remix feat[1]. Bow Wow and T-Pain NO MASTERED .mp3
C:\Program Files\LemonWire\Shared\Hurricane Chris feat. The Game, Jadakiss, Lil Boosie, Birdman, & E-40 - Aye Bay Bay (Remix).mp3
C:\Program Files\LemonWire\Shared\Hustle & Flow Soundtrack - DJay - Hard Out Here For A Pimp.mp3
C:\Program Files\LemonWire\Shared\Hustle and Flow Soundtrack-Whoop That Trick.mp3
C:\Program Files\LemonWire\Shared\Ice Cube - Today was A Good Day.mp3
C:\Program Files\LemonWire\Shared\Jadakiss - Checkmate (Dissin' 50 Cent).mp3
C:\Program Files\LemonWire\Shared\Jadakiss fet. Eminem - Welcome To DBlock.mp3
C:\Program Files\LemonWire\Shared\Jae Mills Vs. Elliot Ness - Street Battles (Fight Klub).mp3
C:\Program Files\LemonWire\Shared\Jay-Z - American Gangster - 04 - Hello Brooklyn 2.0 (Feat. Lil Wayne)(1).mp3
C:\Program Files\LemonWire\Shared\Jhonny Cash - I Shot a Man in Reno.mp3
C:\Program Files\LemonWire\Shared\Jhonny Cash - I Walk The Line.mp3
C:\Program Files\LemonWire\Shared\Jibbs Feat.Chamillionare - King Kong.mp3
C:\Program Files\LemonWire\Shared\Jibbs ft. Chamillionaire - King Kong (Full Song).mp3
C:\Program Files\LemonWire\Shared\Jim Jones - We Fly High (Ballin).mp3
C:\Program Files\LemonWire\Shared\Joan Jett - I love Rock & Roll.mp3
C:\Program Files\LemonWire\Shared\Johnny Cash - Ring Of Fire.mp3
C:\Program Files\LemonWire\Shared\Juelz Santana - There It Go (The Whistle Song).mp3
C:\Program Files\LemonWire\Shared\Juvinile - Back That Ass Up.mp3
C:\Program Files\LemonWire\Shared\Kanye West - Thru The Wire.mp3
C:\Program Files\LemonWire\Shared\Kayne West - Stronger.mp3
C:\Program Files\LemonWire\Shared\Kayne West ft. T-Pain - The Good Life.mp3
C:\Program Files\LemonWire\Shared\Kid Rock - Bawitaba.mp3
C:\Program Files\LemonWire\Shared\Kinfolk Kia Shine - So Crispy.mp3
C:\Program Files\LemonWire\Shared\kinfolk_kia_shine-wow.mp3
C:\Program Files\LemonWire\Shared\Led Zepplin - Stairway to Heaven.mp3
C:\Program Files\LemonWire\Shared\LemonWire.m3u
C:\Program Files\LemonWire\Shared\Lil' Wanye - Young Money Mixtapes - New York.mp3
C:\Program Files\LemonWire\Shared\Lil' Wanye - Young Money Mixtapes - Two Words.mp3
C:\Program Files\LemonWire\Shared\Lil' Wanye - Young Money Mixtapes - You're Gonna Love Me(1).mp3
C:\Program Files\LemonWire\Shared\Lil' Wayne - Work It (Weezy Remix).mp3
C:\Program Files\LemonWire\Shared\Lil Boosie and Lil Webbie - Wipe Me Down (Remix).mp3
C:\Program Files\LemonWire\Shared\Lil Boosie feat. Yung Joc - Zoom.mp3
C:\Program Files\LemonWire\Shared\Lil Bow Wow Ft. Omarion - Let me Hold You.mp3
C:\Program Files\LemonWire\Shared\Lil Jon & The Eastside Boyz - Roll Call ft. Ice Cube.mp3
C:\Program Files\LemonWire\Shared\Lil Jon and Too Short - Shake that monkey.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - Crank Dat Weezy Wee.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - Da Drought 3 - Duffle Bag Boy.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - Da Drought 3 - Weezy's Ambitions As A Ridah.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - Da Drought Is Over Pt. 4 - Ryder.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - Dedication Gangsta Grillz 2 - Workin Em.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - I Feel im Like Dying.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - Tha Carter 3 - 08 - My Name Is Wizzle.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - The Drought Is Over - 16 - Weezy Gone Crazy.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - The Drought Is Over 4 - 16 - Get Too Comfortable.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - The Drought Is Over 4 - How We Roll Ft. Young Chris.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - Weezyaveli - I'm A Beast.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne - You Dont Know (50 Cent & Nas Diss).mp3
C:\Program Files\LemonWire\Shared\Lil Wayne -Da Drought is over part 4- I Took Her.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne & Juelz Santana - I Can't Feel My Face.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne Ft Akon Wycleff Rihanna-The Sweetest Girl.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne ft Mack Maine - bleep Get Off Me.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne ft. Mack Maine - Navigator Man.mp3
C:\Program Files\LemonWire\Shared\Lil Wayne unreleased studio freestyles Track06(1).mp3
C:\Program Files\LemonWire\Shared\Lil Webbie & Lil Boosie ft.BunB - Girl Gimmie Dat.mp3
C:\Program Files\LemonWire\Shared\lil_wayne-mr.post man.mp3
C:\Program Files\LemonWire\Shared\Lil_wayne - Dedication Gangsta Grillz - 13 - so much_more-freestyle.mp3
C:\Program Files\LemonWire\Shared\Ludacris ft. Field Mob & Jamie Foxx - Georgia.mp3
C:\Program Files\LemonWire\Shared\Luniz, Bizzy Bone, 2pac & Nas - I Got Five On It (Remix).mp3
C:\Program Files\LemonWire\Shared\Making The Band 2 - Da Band - Bad Boy This & Bad Boy That - 330.mp3
C:\Program Files\LemonWire\Shared\Making The Band 2 - Da Band - Chopper - Fred - Babs - E Ness Hot97 Freestyle - 330.mp3
C:\Program Files\LemonWire\Shared\Making the band 2 Da band - Tonight.mp3
C:\Program Files\LemonWire\Shared\Mannie Fresh - Real Big.mp3
C:\Program Files\LemonWire\Shared\Mase - Welcome Back.mp3
C:\Program Files\LemonWire\Shared\Master P - Make Crack Like This.mp3
C:\Program Files\LemonWire\Shared\Master P - Them Jeans.mp3
C:\Program Files\LemonWire\Shared\matchbox twenty - match box 20_missing you.mp3
C:\Program Files\LemonWire\Shared\MC Hammer - U Can't Touch This.mp3
C:\Program Files\LemonWire\Shared\Mike Jones feat Paul Wall Juvenile & Lil' Wayne - Whoop That Trick (Remix).mp3
C:\Program Files\LemonWire\Shared\Mike Jones ft. Snoop Dogg & Bun B - My 64.mp3
C:\Program Files\LemonWire\Shared\MIMS - This Is Why Im Hot.mp3
C:\Program Files\LemonWire\Shared\Missy Elliott - The Cook book - 08 - We Run This.mp3
C:\Program Files\LemonWire\Shared\Moby - Bittersweet Symphony (Techno Remix).mp3
C:\Program Files\LemonWire\Shared\Moby - The Matrix - Lobby Scene.MP3
C:\Program Files\LemonWire\Shared\Moby & Gwen Steffani - South Side.mp3
C:\Program Files\LemonWire\Shared\Murda Mase ft. Lloyd Banks & Anwer - Freestyle.mp3
C:\Program Files\LemonWire\Shared\N.O.R.E. - Nothin'.mp3
C:\Program Files\LemonWire\Shared\Nas with Lauryn Hill (of the Fugees) - If I Ruled The World.mp3
C:\Program Files\LemonWire\Shared\Nelly - NaNanaNa Feat Jazze Pha.mp3
C:\Program Files\LemonWire\Shared\Nickleback2 - Rockstar.mp3
C:\Program Files\LemonWire\Shared\Notorious B.I.G - Biggie Duets The Final Chapter - 7 - Hustlers Story with Scarface, Akon & Big Gee(5).mp3
C:\Program Files\LemonWire\Shared\Notorious B.I.G. (Biggie) - Hypnotized.mp3
C:\Program Files\LemonWire\Shared\Outkast - Ghetto Musick.mp3
C:\Program Files\LemonWire\Shared\Paul Wall - Oh Girl.mp3
C:\Program Files\LemonWire\Shared\Pit Bull ft Lil Jon - CULO.mp3
C:\Program Files\LemonWire\Shared\Project Pat-Don't Save Her.mp3
C:\Program Files\LemonWire\Shared\Project Pat - Ass Clap.mp3
C:\Program Files\LemonWire\Shared\Project Pat - Raised in the Projects.mp3
C:\Program Files\LemonWire\Shared\Project Pat - Smoke and get high.mp3
C:\Program Files\LemonWire\Shared\Puff Daddy & Notorious Big & Mase - Been Around The World.mp3
C:\Program Files\LemonWire\Shared\Purple Ribbon All-Stars - Kryptonite (Remix) feat[1]. Killa Mike, Lil Wayne, Bubba Sparxxx & Remy Martin.mp3
C:\Program Files\LemonWire\Shared\Ray Cash ft. Scarface - Bumpin My Music (dirty).mp3
C:\Program Files\LemonWire\Shared\Rich Boy feat Mannie Fresh - D-Boyz.MP3
C:\Program Files\LemonWire\Shared\Rick Ross ft. Akon - Cross That Line.mp3
C:\Program Files\LemonWire\Shared\Rick Ross ft. Lil Wayne & Brisco - Pill Poppin (Remix).mp3
C:\Program Files\LemonWire\Shared\sept 25.m3u
C:\Program Files\LemonWire\Shared\Shop Boyz--They Like Me (Produced by David Banner).mp3
C:\Program Files\LemonWire\Shared\SHOP BOYZ FT LIL WAYNE, JIM JONES & CHAMILIONAIRE -PARTY LIKE A ROCKSTAR REMIX.mp3
C:\Program Files\LemonWire\Shared\Sir Mix-A-lot - Baby Got Back (I Like Big Butts).mp3
C:\Program Files\LemonWire\Shared\Sir Mix Alot - Jump On It.mp3
C:\Program Files\LemonWire\Shared\Slick Rick - Indian Girl (An Adult Story).mp3
C:\Program Files\LemonWire\Shared\Slick Rick & Doug E Fresh - Lodi Dodi.mp3
C:\Program Files\LemonWire\Shared\SOULJA BOY-CRANK DAT SOULJA BOY.mp3
C:\Program Files\LemonWire\Shared\Southern Smoke 21 - 3 - Lil Wayne feat. Camron, Jr Writer - Bird Call (Remix).mp3
C:\Program Files\LemonWire\Shared\Southern smoke 27-10-Young Jeezy Feat. Lil Weezy- Ya Dig (Remix).mp3
C:\Program Files\LemonWire\Shared\Southern Smoke 27 - lil wayne - i got 'em.mp3
C:\Program Files\LemonWire\Shared\Swisha House - Guess Who's Back - 02 - Freestyle Ft Mike Jones Slim Thug.mp3
C:\Program Files\LemonWire\Shared\T-Pain - I'm in Love With A Stripper (rmx) ft Akon, R Kelly, Twista, Pimp C, Twista, Paul Wall, MJG & Too Short.mp3
C:\Program Files\LemonWire\Shared\T-Pain ft. Akon - Bartender.mp3
C:\Program Files\LemonWire\Shared\T-Pain ft. Piles - Shawty.mp3
C:\Program Files\LemonWire\Shared\T Pain - I'm Sprung.mp3
C:\Program Files\LemonWire\Shared\T.I. - Big Things Poppin (dirty).mp3
C:\Program Files\LemonWire\Shared\T.I. vs TIP ft. Eminem - Touchdown.mp3
C:\Program Files\LemonWire\Shared\T.I. what you know remix ft. lil wayne -dirty.mp3
C:\Program Files\LemonWire\Shared\T.I., Lil Jon, Three 6 Mafia, Young Jeezy - Clip up.mp3
C:\Program Files\LemonWire\Shared\T.I.,Lil Scrappy & PSC I'm A King.mp3
C:\Program Files\LemonWire\Shared\Tech Nine - Einstein.mp3
C:\Program Files\LemonWire\Shared\Tech Nine - Imma' Playa'.mp3
C:\Program Files\LemonWire\Shared\The Alliance Ft. Lil Boosie, Webbie, Foxx, Juvenile, & Gucci mane-Tatted Up Remix (Dirty).mp3
C:\Program Files\LemonWire\Shared\The Doors-Ghost Song.mp3
C:\Program Files\LemonWire\Shared\The Doors - Alabama Song (Whiskey Bar).mp3
C:\Program Files\LemonWire\Shared\The Doors - Backdoor Man.mp3
C:\Program Files\LemonWire\Shared\The Doors - Break On Through.mp3
C:\Program Files\LemonWire\Shared\The Doors - Gloria.mp3
C:\Program Files\LemonWire\Shared\The Doors - Hello, I Love You.mp3
C:\Program Files\LemonWire\Shared\The Doors - LA Woman.mp3
C:\Program Files\LemonWire\Shared\The Doors - Light My Fire.mp3
C:\Program Files\LemonWire\Shared\The Doors - Love Her Madly.mp3
C:\Program Files\LemonWire\Shared\The Doors - Moonlight Drive.mp3
C:\Program Files\LemonWire\Shared\The Doors - Riders On The Storm.mp3
C:\Program Files\LemonWire\Shared\The Doors - When the Music's Over.mp3
C:\Program Files\LemonWire\Shared\The Doors Jim Morrison.jpg
C:\Program Files\LemonWire\Shared\The Game - 300 Bars (Full)(Dissin G. Unit, 50 Cent, Lloyd Banks, Young Buck, Tony Yayo, Olivia, Jay-.mp3
C:\Program Files\LemonWire\Shared\Three 6 Mafia Ft Project Pat - Poppin My Collar (Remix).mp3
C:\Program Files\LemonWire\Shared\Three Six Mafia - Doe Boy Fresh.mp3
C:\Program Files\LemonWire\Shared\Three Six Mafia - Mafia bleeps.mp3
C:\Program Files\LemonWire\Shared\Three Six Mafia & Project Pat - Chicken Heads.mp3
C:\Program Files\LemonWire\Shared\Too Short - Blow_the_Whistle___Dirty.mp3
C:\Program Files\LemonWire\Shared\Too Short - Gangsters & Strippers.mp3
C:\Program Files\LemonWire\Shared\Too Short - Get in Where You Fit In.mp3
C:\Program Files\LemonWire\Shared\Too Short - Life is Too Short.mp3
C:\Program Files\LemonWire\Shared\Trick Daddy - In Da Wind.mp3
C:\Program Files\LemonWire\Shared\Tupac - Bone Thugs N Harmony f. Tupac - Thug Love.mp3
C:\Program Files\LemonWire\Shared\Tupac & Biggie ft. Eminem - Running (Dying To Live).mp3
C:\Program Files\LemonWire\Shared\UGK - Choppin Blades.mp3
C:\Program Files\LemonWire\Shared\UGK feat. Outkast - International Playas Anthem.mp3
C:\Program Files\LemonWire\Shared\Young Bleed - The Day They Make Me Boss.mp3
C:\Program Files\LemonWire\Shared\Young Bleed - We Don't Stop.mp3
C:\Program Files\LemonWire\Shared\Young Bleed Feat. Mystikal & Master P - Bring The Noise.mp3
C:\Program Files\LemonWire\Shared\Young Buck ft. 50 Cent - Let Me In (dirty).mp3
C:\Program Files\LemonWire\Shared\Young Dro Feat[1]. T.I.- Shoulder Lean (Dirty).mp3
C:\Program Files\LemonWire\Shared\Young Jeezy - 11 - Thug Motivation 101 - My Hood.mp3
C:\Program Files\LemonWire\Shared\Young Jeezy - jezzy like to drink.mp3
C:\Program Files\LemonWire\Shared\Young Jeezy ft Fabolous & LiL Wayne - Diamonds On My Damn Chain.mp3
C:\Program Files\LemonWire\Shared\Young Jeezy ft kayne west - You Can't Tell Me Nothing (remix).mp3
C:\Program Files\LemonWire\Shared\Young Jeezy Ft USDA - White Girl.mp3
C:\Program Files\LemonWire\Shared\Young Jibbs - Chain Hang Low.mp3
C:\Program Files\LemonWire\Shared\Yung Joc- It's Going Down.mp3
C:\Program Files\LemonWire\Shared\Yung Joc - (New Joc City) - 08 - I Know You See It.mp3
C:\Program Files\LemonWire\Shared\Yung Joc - Coffee Shop.mp3
C:\Program Files\LemonWire\Shared\Yung Joc - Dope Boy Magic.mp3
C:\Program Files\LemonWire\Shared\Yung Joc - Hustlenomics - 08 - I'm A G (Feat. Bun B & Young Dro).mp3
C:\VundoFix Backups
C:\WINDOWS\system32\cewmdmi.dll
C:\WINDOWS\system32\drivers\rqopsltw.dat
C:\WINDOWS\system32\dxtransl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NUPVYGDV
-------\LEGACY_ZEICQYBE
-------\nupvygdv
-------\zeicqybe


((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 09:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 18:18 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-03 18:17 . 2008-01-03 18:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-02 18:05 . 2008-01-02 18:05 741,632 --a------ C:\WINDOWS\system32\zrbdgxpx.dat
2008-01-02 18:05 . 2008-01-02 18:05 120,576 --a------ C:\WINDOWS\system32\dxpfytsh.dat
2008-01-02 18:05 . 2008-01-02 18:05 42,240 --a------ C:\WINDOWS\system32\prknqkes.dat
2008-01-02 18:05 . 2008-01-02 18:05 36,096 --a------ C:\WINDOWS\system32\qekzonrv.dat
2008-01-02 18:05 . 2008-01-02 18:05 35,072 --a------ C:\WINDOWS\system32\egrpgvzc.dat
2007-12-31 16:59 . 2008-01-05 09:14 <DIR> d-------- C:\Deckard
2007-12-18 19:19 . 2007-12-18 19:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\yahoo!
2007-12-18 19:13 . 2007-12-18 19:13 <DIR> d-------- C:\Program Files\Sygate
2007-12-18 19:13 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-12-18 19:13 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-12-18 19:13 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-12-18 19:13 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-12-18 19:13 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-12-18 19:13 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-12-18 19:13 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-12-18 18:47 . 2007-12-18 18:47 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-18 16:41 . 2007-12-18 18:31 <DIR> d-------- C:\Documents and Settings\susans\Application Data\HouseCall 6.6
2007-12-18 16:03 . 2007-12-30 17:26 <DIR> d-------- C:\Documents and Settings\susans\.housecall6.6
2007-12-17 22:00 . 2007-12-17 22:00 114 --a------ C:\WINDOWS\wininit.ini
2007-12-17 21:03 . 2008-01-02 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 16:45 . 2007-12-17 16:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-14 20:09 . 2007-12-14 20:09 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-14 20:09 . 2007-12-14 20:09 <DIR> d-------- C:\Documents and Settings\susans\Application Data\Lavasoft
2007-12-14 20:08 . 2007-12-14 20:08 <DIR> d-------- C:\Program Files\CCleaner
2007-12-14 19:07 . 2007-12-14 19:08 <DIR> d-------- C:\Spyware from Carl
2007-12-12 22:19 . 2007-12-12 22:19 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-12 22:19 . 2007-12-12 22:19 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-12 20:59 . 2007-12-12 20:59 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-12 20:59 . 2007-12-12 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 14:24 --------- d-----w C:\Program Files\Chameleon Clock
2008-01-05 13:00 --------- d-----w C:\Documents and Settings\susans\Application Data\AVG7
2008-01-05 03:05 --------- d-----w C:\Program Files\Mystery Case Files Ravenhearst
2008-01-03 23:18 --------- d-----w C:\Program Files\Java
2007-12-23 04:28 --------- d-----w C:\Documents and Settings\jimmy\Application Data\AVG7
2007-12-13 05:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-13 01:59 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 13:22 --------- d-----w C:\Documents and Settings\dillon\Application Data\AVG7
2007-11-20 04:15 6,736 ----a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 01:56 --------- d-----w C:\Program Files\Oberon Media
2007-01-19 15:55 0 --sha-w C:\WINDOWS\system32\steam\klog.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" [2001-01-08 15:07 421376]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-01-19 10:56 499712]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04 5562368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 22:11 4554752]
"nwiz"="nwiz.exe" [2004-09-20 22:11 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-20 22:11 86016]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 00:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 17:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 00:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50 155648]
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2004-03-11 12:55 245760]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-25 08:42 579072]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44 271672]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 07:44 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04 5562368]

C:\Documents and Settings\susans\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 12:57:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-01-19 17:23:46]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-01-19 17:05:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\DVD5R\SchSvr.exe [2004-10-01 21:08:34]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-10-01 21:08:47]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 13:20:06]


.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 16:16:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 09:24:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 9:26:47 - machine was rebooted [susans]
ComboFix-quarantined-files.txt 2008-01-05 14:26:45
.
2007-12-12 03:21:31 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:21 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.2.32/aces/aces-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.com/applet-8.0.5.30/alls...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.com/applet-8.0.3.20/allin/allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.3.36/back...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-8.0.2.32/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.3.20/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.2.40/bowl...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/cana...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/chec...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/crib...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.4.41/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.1.23/chec...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.9.3.29/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-8.0.3.20/euch...uchre-en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.9.3.39/bingo/bingoe-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.32/firs...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/gree...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-8.0.2.40/hang...ngman-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.4.41/hear...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.2.40/draw...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.4.41/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.5.30/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-8.0.5.30/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.9.3.49/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.5.30/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.2.32/mahj...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.1.32/free...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/free...cell2-en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-8.0.0.20/pebb...ebble-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.30/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.22/wate...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.9.4.34/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/pino...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.2.32/popp...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.36/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squa...uares-en_US.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-8.0.5.30/sawg...grass-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.9.3.39/slot...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.3.20/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-8.0.5.30/spad...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.2.40/spid...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.2.40/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-8.0.0.30/swee...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-8.0.2.40/swee...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://ea02.pogo.com/applet-8.0.2.32/tank/tank-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.4.32/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.3.20/tumb...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turb...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.1.32/mlsl...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.5.30/memo...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babb...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/word...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-8.0.5.30/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.1.32/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-8.0.5.30/word...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/worl...class-en_US.cab
O16 - DPF: Yahoo! Dots - http://download2.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175911946796
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...195/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 15821 bytes

#15 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:06 AM

Posted 06 January 2008 - 03:55 AM

Hey Susansoxs,

Thanks for posting the logs :thumbsup: .

As a side note, a lot of what was downloaded with the File-sharing / Peer-to-Peer programmes has been deleted. Depending where you reside, downloading music or sharing entertainment files and proprietary software infringes the copyright laws and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (ie the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Step #1
  • Open notepad and copy/paste the text in the codebox below into it:

    File::
    C:\WINDOWS\system32\zrbdgxpx.dat
    C:\WINDOWS\system32\dxpfytsh.dat
    C:\WINDOWS\system32\prknqkes.dat
    C:\WINDOWS\system32\qekzonrv.dat
    C:\WINDOWS\system32\egrpgvzc.dat
  • Save this as CFScript.txt

    Posted Image
  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall
Step #2

Please do an online scan with Kaspersky Webscan (You need to use InternetExplorer or enable IEView in Firefox)

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button >> name it >> chose "Text file" in the Save as type dialogue
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #3

Please post back with the log from ComboFix and the Kaspersky Onlinescan result. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users