Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer Many Processes Runing. Has Malware Pop Ups And Windows Errors


  • This topic is locked This topic is locked
40 replies to this topic

#1 masterhuli

masterhuli

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 22 April 2008 - 07:11 PM

for some reason the second report is not showing up and when i save these files they wont lwt me reopen them it says "access deinied". i have tryed using spybot s&d and it alwase detects items like zango and asks to restart computer and they just show back up again and there are some that spybot says that it can not delete. when spybot is running it asks for my permision before a regestry can change and it asks alot so it is if somthing is bleepinously trying to get in cause if i say denie is will constatly block it endlessly. my task manager, regedit, and toolbar get messed up somtimes. the task manager just wont open and the regedit says that it is currently used by another program. i get a windows error message evertime my computer starts. i have ran vundo, avg, regestry cleaners, spybot and other various programs multiple times. i hope this helps






Deckard's System Scanner v20071014.68
Run by jonathan on 2008-04-22 17:02:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jonathan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:38 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jonathan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jonathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07E24635-2140-438D-91DB-413B86E61D42} - C:\WINDOWS\system32\fccaXRIA.dll (file missing)
O2 - BHO: (no name) - {111A374E-44F0-4A5A-9E54-659232BB9EEB} - C:\WINDOWS\system32\opnmNDVl.dll (file missing)
O2 - BHO: (no name) - {52427CB2-5945-4C7E-999A-D886F2787297} - C:\WINDOWS\system32\urqNGywv.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5919B3E8-4853-4CE3-B779-CDEA97C7F1BA} - C:\WINDOWS\system32\geBsTmMG.dll (file missing)
O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - C:\WINDOWS\system32\mlJAtrQH.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avp] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [YSearchProtection] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\jonathan\svchost.exe
O4 - HKLM\..\Run: [BMc388a54a] Rundll32.exe "C:\WINDOWS\system32\ccltbmeg.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA7909] command /c del "C:\WINDOWS\system32\fccaXRIA.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9372] cmd /c del "C:\WINDOWS\system32\fccaXRIA.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xiee] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: mlJAtrQH - C:\WINDOWS\SYSTEM32\mlJAtrQH.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O20 - Winlogon Notify: wvustur - wvustur.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 7465 bytes

-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-22 15:45:09 411503 --ahs---- C:\WINDOWS\system32\AIRXaccf.ini2
2008-04-22 13:21:34 411019 --ahs---- C:\WINDOWS\system32\GMmTsBeg.ini2
2008-04-21 20:39:43 405719 --ahs---- C:\WINDOWS\system32\vwyGNqru.ini2
2008-04-21 16:33:36 410780 --ahs---- C:\WINDOWS\system32\lVDNmnpo.ini2
2008-04-21 16:28:29 0 d-------- C:\Temp
2008-04-21 16:28:17 38400 --a------ C:\WINDOWS\system32\mlJAtrQH.dll
2008-04-20 23:49:38 0 d-------- C:\bintheredunthat
2008-04-20 23:25:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-20 23:05:03 0 d-------- C:\Documents and Settings\jonathan\.housecall6.6
2008-04-20 11:48:02 0 d-------- C:\BFU
2008-04-20 10:43:05 1755 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
2008-04-19 22:07:34 0 d-------- C:\Program Files\Lavasoft
2008-04-19 22:07:24 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-19 22:03:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 21:55:56 0 d-------- C:\Documents and Settings\jonathan\Application Data\GlarySoft
2008-04-19 21:51:46 0 d-------- C:\Program Files\Registry Repair
2008-04-19 01:02:26 301 --a------ C:\194.bat
2008-04-18 20:45:26 0 d--hs---- C:\Documents and Settings\jonathan\!
2008-04-18 20:43:48 0 d-------- C:\WINDOWS\system32\xcsDd05


-- Find3M Report ---------------------------------------------------------------

2008-04-22 13:16:46 0 d-------- C:\Documents and Settings\jonathan\Application Data\AVG7
2008-04-21 23:00:44 0 d-------- C:\Program Files\Warcraft III
2008-04-21 20:30:46 0 d-------- C:\Program Files\Common Files
2008-04-21 18:32:19 0 d-------- C:\Documents and Settings\jonathan\Application Data\LimeWire
2008-04-21 18:31:03 0 d-------- C:\Program Files\Common Files\Windows
2008-04-20 23:49:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-20 23:49:04 0 d-------- C:\Program Files\Gamenext
2008-04-19 01:05:15 0 d-------- C:\Program Files\LimeWire
2008-03-17 17:44:47 0 d-------- C:\Documents and Settings\jonathan\Application Data\PlayFirst
2008-03-17 17:44:24 0 d-------- C:\Program Files\GamesBar
2008-02-10 00:19:22 77179 --a------ C:\WINDOWS\War3Unin.dat
2008-02-09 21:10:40 1094 --a------ C:\WINDOWS\checkip.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07E24635-2140-438D-91DB-413B86E61D42}]
C:\WINDOWS\system32\fccaXRIA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{111A374E-44F0-4A5A-9E54-659232BB9EEB}]
C:\WINDOWS\system32\opnmNDVl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52427CB2-5945-4C7E-999A-D886F2787297}]
C:\WINDOWS\system32\urqNGywv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5919B3E8-4853-4CE3-B779-CDEA97C7F1BA}]
C:\WINDOWS\system32\geBsTmMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}]
04/21/2008 04:28 PM 38400 --a------ C:\WINDOWS\system32\mlJAtrQH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 09:35 AM]
"avp"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [03/04/2005 03:36 AM]
"YSearchProtection"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [03/04/2005 03:36 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Host Process"="C:\Documents and Settings\jonathan\svchost.exe" []
"BMc388a54a"="C:\WINDOWS\system32\ccltbmeg.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Xiee"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [03/04/2005 03:36 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA7909"=command /c del "C:\WINDOWS\system32\fccaXRIA.dll_old"
"SpybotDeletingC9372"=cmd /c del "C:\WINDOWS\system32\fccaXRIA.dll_old"
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}"= C:\WINDOWS\system32\mlJAtrQH.dll [04/21/2008 04:28 PM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtrQH]
mlJAtrQH.dll 04/21/2008 04:28 PM 38400 C:\WINDOWS\system32\mlJAtrQH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
winjvd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvustur]
wvustur.dll







[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccaXRIA

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
path=
backup=




-- End of Deckard's System Scanner: finished at 2008-04-22 17:03:25 ------------

BC AdBot (Login to Remove)

 


#2 masterhuli

masterhuli
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 25 April 2008 - 12:40 AM

some one anyone please help assist me.......

#3 masterhuli

masterhuli
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 29 April 2008 - 04:17 PM

bump................

#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 08 May 2008 - 12:41 PM

Hello masterhuli,

I apologise for the delay. The forum is too busy.
----------------------------------------------
I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
IMPORTANT NOTE:
If you are using Windows Vista you must right click on the desktop icon and choose Run as Administrator all tools.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
----------------------------------------------
Post back:
A new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#5 masterhuli

masterhuli
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 08 May 2008 - 06:25 PM

thank you very much for you response here is what you askd for.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:46 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avp] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [YSearchProtection] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\jonathan\svchost.exe
O4 - HKLM\..\Run: [c0bb96d6] rundll32.exe "C:\WINDOWS\system32\vbdodicj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xiee] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 5870 bytes

#6 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 09 May 2008 - 12:26 AM

Hello masterhuli,

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.
----------------------------------------------
Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 6.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 6 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u6-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
----------------------------------------------
Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#7 masterhuli

masterhuli
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 09 May 2008 - 03:00 PM

once again thank you very much for helping did everything you said here is the combo fix log

ComboFix 08-05-08.1 - jonathan 2008-05-09 6:20:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.362 [GMT -7:00]
Running from: C:\Documents and Settings\jonathan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\jonathan\My Documents\YMANTE~1
C:\Documents and Settings\jonathan\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\jonathan\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\asembl~1
C:\Program Files\asembl~1\cmd.exe
C:\Program Files\Common Files\download
C:\Program Files\Common Files\windows
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\crosof~1.net\??crosoft.NET\
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IA
C:\WINDOWS\mwinsys.ini
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\yj3qX5qwQXuc.exe
C:\WINDOWS\PerfInfo\yj3qX5qwQXud.exe
C:\WINDOWS\ppqvmpqr
C:\WINDOWS\ppqvmpqr\1.png
C:\WINDOWS\ppqvmpqr\2.png
C:\WINDOWS\ppqvmpqr\3.png
C:\WINDOWS\ppqvmpqr\4.png
C:\WINDOWS\ppqvmpqr\5.png
C:\WINDOWS\ppqvmpqr\6.png
C:\WINDOWS\ppqvmpqr\bottom-rc.gif
C:\WINDOWS\ppqvmpqr\content.png
C:\WINDOWS\ppqvmpqr\download.gif
C:\WINDOWS\ppqvmpqr\frame-bottom-left.gif
C:\WINDOWS\ppqvmpqr\frame-h1bg.gif
C:\WINDOWS\ppqvmpqr\head.png
C:\WINDOWS\ppqvmpqr\indexuc.html
C:\WINDOWS\ppqvmpqr\indexud.html
C:\WINDOWS\ppqvmpqr\main.css
C:\WINDOWS\ppqvmpqr\net.png
C:\WINDOWS\ppqvmpqr\pc-mag.gif
C:\WINDOWS\ppqvmpqr\pc.gif
C:\WINDOWS\ppqvmpqr\poloska1.png
C:\WINDOWS\ppqvmpqr\poloska2.png
C:\WINDOWS\ppqvmpqr\poloska3.png
C:\WINDOWS\ppqvmpqr\promouc1.html
C:\WINDOWS\ppqvmpqr\promouc2.html
C:\WINDOWS\ppqvmpqr\promouc3.html
C:\WINDOWS\ppqvmpqr\promouc4.html
C:\WINDOWS\ppqvmpqr\promouc5.html
C:\WINDOWS\ppqvmpqr\promoud1.html
C:\WINDOWS\ppqvmpqr\promoud2.html
C:\WINDOWS\ppqvmpqr\promoud3.html
C:\WINDOWS\ppqvmpqr\promoud4.html
C:\WINDOWS\ppqvmpqr\promoud5.html
C:\WINDOWS\ppqvmpqr\reg.png
C:\WINDOWS\ppqvmpqr\repair.png
C:\WINDOWS\ppqvmpqr\scr-1.png
C:\WINDOWS\ppqvmpqr\scr-2.png
C:\WINDOWS\ppqvmpqr\styles.css
C:\WINDOWS\ppqvmpqr\top-rc.gif
C:\WINDOWS\ppqvmpqr\vline.gif
C:\WINDOWS\pskt.ini
C:\WINDOWS\pwisys.ini
C:\WINDOWS\system32\AIRXaccf.ini
C:\WINDOWS\system32\AIRXaccf.ini2
C:\WINDOWS\system32\angrouin.dll
C:\WINDOWS\system32\auipwjmi.dll
C:\WINDOWS\system32\bascvabh.dll
C:\WINDOWS\system32\dgOUEfhk.ini
C:\WINDOWS\system32\dgOUEfhk.ini2
C:\WINDOWS\system32\elcbhxuq.ini
C:\WINDOWS\system32\eplofifw.dll
C:\WINDOWS\system32\gdghkuit.ini
C:\WINDOWS\system32\ghuwksxa.dll
C:\WINDOWS\system32\GMmTsBeg.ini
C:\WINDOWS\system32\GMmTsBeg.ini2
C:\WINDOWS\system32\gwreeftm.dll
C:\WINDOWS\system32\hcharsjc.ini
C:\WINDOWS\system32\hhnvkxdg.ini
C:\WINDOWS\system32\hlunlgkx.ini
C:\WINDOWS\system32\igonawmf.ini
C:\WINDOWS\system32\imjwpiua.ini
C:\WINDOWS\system32\inf\svchost.exe
C:\WINDOWS\system32\jcidodbv.ini
C:\WINDOWS\system32\khfEUOgd.dll
C:\WINDOWS\system32\LSrBeMoq.ini
C:\WINDOWS\system32\LSrBeMoq.ini2
C:\WINDOWS\system32\lVDNmnpo.ini
C:\WINDOWS\system32\lVDNmnpo.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJAtrQH.dll
C:\WINDOWS\system32\mrdqtopy.ini
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\nhexxcvy.ini
C:\WINDOWS\system32\ogwfvnkd.ini
C:\WINDOWS\system32\otjhvnhb.ini
C:\WINDOWS\system32\owomndxl.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\plxwnvds.ini
C:\WINDOWS\system32\quxhbcle.dll
C:\WINDOWS\system32\RunOnce.tmp
C:\WINDOWS\system32\servoxne.dll
C:\WINDOWS\system32\snbdwqaf.ini
C:\WINDOWS\system32\snbifoyj.ini
C:\WINDOWS\system32\swwwchuq.ini
C:\WINDOWS\system32\uredamsk.dll
C:\WINDOWS\system32\uyjxmihh.ini
C:\WINDOWS\system32\vbdodicj.dll
C:\WINDOWS\system32\vggbtkng.dll
C:\WINDOWS\system32\vwyGNqru.ini
C:\WINDOWS\system32\vwyGNqru.ini2
C:\WINDOWS\system32\vylmbmgo.ini
C:\WINDOWS\system32\wbqnpmhl.dll
C:\WINDOWS\system32\wdddjoxl.ini
C:\WINDOWS\system32\whvjekyh.dll
C:\WINDOWS\system32\ytawcymq.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_MICROSOFT_INET_SERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-09 06:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 06:12 . 2008-05-09 06:14 <DIR> d-------- C:\Documents and Settings\jonathan\.SunDownloadManager
2008-05-08 13:18 . 2008-05-08 13:18 2,112 --a------ C:\WINDOWS\system32\unqfvpoo.exe
2008-05-07 13:15 . 2008-05-07 13:15 2,112 --a------ C:\WINDOWS\system32\efdpbcpl.exe
2008-05-06 16:09 . 2008-05-06 16:09 2,112 --a------ C:\WINDOWS\system32\sdkxvivy.exe
2008-05-01 19:05 . 2008-05-01 19:07 <DIR> d-------- C:\Documents and Settings\jonathan\Application Data\Move Networks
2008-05-01 12:53 . 2008-05-01 12:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 12:53 . 2008-05-01 12:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 11:14 . 2008-04-26 11:14 3,443,248 --a------ C:\Ashley Simpson - Outta My Head (Ay Ya Ya).mp3
2008-04-22 16:43 . 2008-04-22 16:43 <DIR> d-------- C:\Deckard
2008-04-21 20:31 . 2008-04-22 16:16 385 --a------ C:\WINDOWS\wininit.ini
2008-04-21 16:34 . 2008-05-08 13:12 109,709 --a------ C:\WINDOWS\BMc388a54a.xml
2008-04-21 16:28 . 2008-04-21 16:28 <DIR> d-------- C:\Temp\berDrv11
2008-04-21 16:28 . 2008-04-21 16:28 <DIR> d-------- C:\Temp
2008-04-21 15:40 . 2008-04-21 15:43 4,855,654 --a------ C:\Atreyu - Suicide Notes and Butterfly Kisses.mp3
2008-04-21 15:40 . 2008-04-21 15:43 4,520,176 --a------ C:\Atreyu - Doomsday.mp3
2008-04-21 15:40 . 2008-04-21 15:42 3,572,297 --a------ C:\Atreyu - Ain't Love Grand.mp3
2008-04-21 15:40 . 2008-04-21 15:43 3,511,152 --a------ C:\Atreyu - Bleeding Mascara.mp3
2008-04-21 15:39 . 2008-04-21 15:43 5,808,256 --a------ C:\Atreyu - The Crimson.mp3
2008-04-21 15:39 . 2008-04-21 15:43 3,302,848 --a------ C:\Atreyu - You Give Love A Bad Name.mp3
2008-04-21 15:38 . 2008-04-21 15:43 7,027,145 --a------ C:\Atreyu - Her Portrait In Black.mp3
2008-04-21 15:38 . 2008-04-21 15:43 6,578,234 --a------ C:\atreyu - The Theft.mp3
2008-04-21 15:38 . 2008-04-21 15:41 4,877,347 --a------ C:\Atreyu - Lip Gloss And Black.mp3
2008-04-21 15:38 . 2008-04-21 15:41 3,504,068 --a------ C:\Atreyu - Becoming the Bull.mp3
2008-04-21 15:38 . 2008-04-21 15:43 3,384,807 --a------ C:\Atreyu - Ex's and Oh's.mp3
2008-04-21 15:36 . 2008-04-21 15:37 3,653,607 --a------ C:\Story of The Year - Falling Down.mp3
2008-04-20 23:49 . 2008-04-20 23:49 <DIR> d-------- C:\bintheredunthat
2008-04-20 23:25 . 2008-04-20 23:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-20 23:25 . 2008-04-20 23:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-20 23:06 . 2008-04-20 23:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-20 23:05 . 2008-04-20 23:47 <DIR> d-------- C:\Documents and Settings\jonathan\.housecall6.6
2008-04-20 11:48 . 2008-04-20 23:49 <DIR> d-------- C:\BFU
2008-04-19 22:07 . 2008-04-19 22:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-19 22:07 . 2008-04-19 22:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-19 22:03 . 2008-04-19 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 21:55 . 2008-04-19 21:55 <DIR> d-------- C:\Documents and Settings\jonathan\Application Data\GlarySoft
2008-04-19 21:51 . 2008-04-19 21:51 <DIR> d-------- C:\Program Files\Registry Repair
2008-04-19 01:02 . 2008-04-19 01:02 301 --a------ C:\194.bat
2008-04-18 20:45 . 2008-04-18 20:54 <DIR> d--hs---- C:\Documents and Settings\jonathan\!
2008-04-18 20:43 . 2008-04-23 10:30 <DIR> d-------- C:\WINDOWS\system32\xcsDd05
2008-04-15 21:51 . 2006-11-13 15:45 1,419,232 --a------ C:\Documents and Settings\jonathan\wdfcoinstaller01005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 13:21 --------- d-----w C:\Program Files\GamesBar
2008-05-09 13:16 --------- d-----w C:\Program Files\Java
2008-05-09 04:24 --------- d-----w C:\Program Files\Warcraft III
2008-05-08 17:01 --------- d-----w C:\Documents and Settings\jonathan\Application Data\AVG7
2008-04-26 22:52 --------- d-----w C:\Documents and Settings\jonathan\Application Data\SyncCell
2008-04-26 18:26 --------- d-----w C:\Documents and Settings\jonathan\Application Data\LimeWire
2008-04-21 06:49 --------- d-----w C:\Program Files\Gamenext
2008-04-21 06:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-20 04:55 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-19 08:05 --------- d-----w C:\Program Files\LimeWire
2008-04-19 07:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar
2008-03-18 00:44 --------- d-----w C:\Documents and Settings\jonathan\Application Data\PlayFirst
2008-03-18 00:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
2008-03-13 05:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap
2006-12-28 13:23 817,985 ----a-w C:\Documents and Settings\jonathan\BluetoothFileSenderLiteSetup.exe
2006-09-27 11:36 49 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb41.dat
2006-09-27 11:36 337 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb1942.dat
2006-09-27 11:36 177,152 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb4827.dat
2006-09-27 11:36 13,046 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb5436.dat
2006-09-27 11:36 0 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb8253.dat
2006-09-27 11:36 0 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb4604.dat
2006-09-27 11:36 0 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb3902.dat
2006-09-27 11:36 0 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb2391.dat
2006-09-27 11:36 0 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb153.dat
2006-09-27 11:35 9,216 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb8467.dat
2006-09-27 11:35 0 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb6334.dat
2006-06-09 20:42 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-29 21:09 288 -c--a-w C:\Documents and Settings\Compaq_Owner\zzz.exe
2005-12-21 19:23 33,968 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-12-16 23:31 0 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2005-12-14 06:37 0 -c--a-w C:\Documents and Settings\Compaq_Owner\ignorelist.dat
2005-07-30 00:24 472 --sha-r C:\WINDOWS\am9u\uA6R.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Xiee"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:35 579584]
"avp"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"YSearchProtection"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-04 23:43 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
winjvd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvustur]
wvustur.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.xvid"= xvid.dll
path=
backup=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
S3 FastLynx;FastLynx;C:\Program Files\FastLynx\FastLynx.sys [2002-10-07 12:40]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 19:48:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 13:41:53 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-08 23:21:47 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 06:42:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
.
**************************************************************************
.
Completion time: 2008-05-09 6:51:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 13:51:24

Pre-Run: 22,679,781,376 bytes free
Post-Run: 23,369,379,840 bytes free

285 --- E O F --- 2008-04-20 10:09:33











here is the new hijack this log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:28 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avp] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xiee] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O20 - Winlogon Notify: wvustur - wvustur.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 6063 bytes



thanks!!

#8 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 10 May 2008 - 07:42 AM

Hello masterhuli :thumbsup: ,

P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you choose not to remove them, please do not use them until this computer is clean.
----------------------------------------------
I can't find any information about these files:

C:\194.bat
C:\WINDOWS\am9u\uA6R.vbs

About the latest, see the folder name am9u, does it reminds you something?

Do you know what are they? If not please follow the steps below.

Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:

C:\194.bat

Press Submit - this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results in your next response.

Repeat the steps for this file too:
C:\WINDOWS\am9u\uA6R.vbs
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    http://www.bleepingcomputer.com/forums/t/143243/slow-computer-many-processes-runing-has-malware-pop-ups-and-windows-errors/
    
    KILLALL::
    
    File::
    C:\WINDOWS\system32\winjvd32.dll
    C:\WINDOWS\system32\wvustur.dll
    
    Collect::
    C:\WINDOWS\system32\unqfvpoo.exe
    C:\WINDOWS\system32\efdpbcpl.exe
    C:\WINDOWS\system32\sdkxvivy.exe
    C:\WINDOWS\BMc388a54a.xml
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb41.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb1942.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb4827.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb5436.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb8253.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb4604.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb3902.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb2391.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb153.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb8467.dat
    C:\Documents and Settings\Compaq_Owner\Application Data\internaldb6334.dat
    C:\Documents and Settings\Compaq_Owner\ignorelist.dat
    
    Folder::
    C:\Temp\berDrv11
    C:\WINDOWS\system32\xcsDd05
    C:\Program Files\GamesBar
    C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar
    C:\Program Files\Java\jre1.5.0_02
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xiee"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "YSearchProtection"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvustur]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#9 masterhuli

masterhuli
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 10 May 2008 - 12:15 PM

ok first file scanned results.....

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



and second one.....

File: uA6R.vbs
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 387edbb90a5275d1b464eb31f3162c40
Packers detected: -
Bit9 reports:

Scanner results
Scan taken on 10 May 2008 17:14:08 (GMT)
A-Squared Found nothing
AntiVir Found ADSPY/Isearch
ArcaVir Found Trojan.Autorun.Uu
Avast Found VBS:Malware-gen
AVG Antivirus Found nothing
BitDefender Found Adware.Isearch.D
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found Adware/Isearch
Ikarus Found AdWare.Isearch
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found VBS/CommAd.A
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

#10 masterhuli

masterhuli
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 10 May 2008 - 12:40 PM

ok and here is the combofix


ComboFix 08-05-08.1 - jonathan 2008-05-10 10:21:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.384 [GMT -7:00]
Running from: C:\Documents and Settings\jonathan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jonathan\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\winjvd32.dll
C:\WINDOWS\system32\wvustur.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56.xm_
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\3d_ultra_minigolf_adventures_deluxe16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\about.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\action.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\arcade.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\buy.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\candy_factory16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\cards.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\cradle_of_persia16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\cradle_rome16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\deals.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\deep_quest16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\download.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\farm_frenzy16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\fashion_rush16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\feedback.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\go_go_gourmet16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\help.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\highlight.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\MCF_raven16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\multiplayer.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\mygames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\newGames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\partner.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\popup_off.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\popup_on.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\puzzle.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\search.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\search_goog.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\sendafriend.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\trial.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\turbo_pizza16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\uninstall.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\update.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-22-13-31-56\webgame.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09.xm_
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\3d_ultra_minigolf_adventures_deluxe16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\about.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\action.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\arcade.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\buy.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\candy_factory16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\cards.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\cradle_of_persia16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\cradle_rome16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\deals.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\deep_quest16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\download.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\farm_frenzy16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\fashion_rush16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\feedback.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\go_go_gourmet16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\help.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\highlight.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\MCF_raven16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\multiplayer.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\mygames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\newGames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\partner.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\popup_off.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\popup_on.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\puzzle.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\search.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\search_goog.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\sendafriend.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\trial.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\turbo_pizza16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\uninstall.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\update.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-03-29-20-39-09\webgame.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10.xm_
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\3d_ultra_minigolf_adventures_deluxe16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\about.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\action.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\arcade.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\buy.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\candy_factory16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\cards.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\cradle_of_persia16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\cradle_rome16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\deals.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\deep_quest16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\download.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\farm_frenzy16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\fashion_rush16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\feedback.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\go_go_gourmet16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\help.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\highlight.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\MCF_raven16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\multiplayer.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\mygames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\newGames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\partner.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\popup_off.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\popup_on.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\puzzle.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\search.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\search_goog.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\sendafriend.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\trial.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\turbo_pizza16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\uninstall.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\update.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-10\webgame.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11.xm_
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\3d_ultra_minigolf_adventures_deluxe16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\about.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\action.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\arcade.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\buy.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\candy_factory16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\cards.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\cradle_of_persia16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\cradle_rome16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\deals.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\deep_quest16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\download.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\farm_frenzy16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\fashion_rush16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\feedback.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\go_go_gourmet16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\help.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\highlight.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\MCF_raven16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\multiplayer.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\mygames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\newGames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\partner.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\popup_off.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\popup_on.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\puzzle.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\search.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\search_goog.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\sendafriend.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\trial.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\turbo_pizza16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\uninstall.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\update.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\08-04-01-10-07-11\webgame.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\3d_ultra_minigolf_adventures_deluxe16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\about.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\action.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\arcade.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\buy.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\candy_factory16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\cards.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\cradle_of_persia16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\cradle_rome16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\deals.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\deep_quest16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\download.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\farm_frenzy16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\fashion_rush16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\feedback.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\go_go_gourmet16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\help.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\highlight.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\MCF_raven16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\multiplayer.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\mygames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\newGames.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\oberonconfig.xm_
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\obSearchHistory.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\partner.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\popup_off.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\popup_on.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\puzzle.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\search.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\search_goog.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\sendafriend.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\trial.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\turbo_pizza16x16.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\uninstall.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\update.gif
C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar\webgame.gif
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb153.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb1942.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb2391.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb3902.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb41.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb4604.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb4827.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb5436.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb6334.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb8253.dat
C:\Documents and Settings\Compaq_Owner\Application Data\internaldb8467.dat
C:\Documents and Settings\Compaq_Owner\ignorelist.dat
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-English.ini
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe
C:\Program Files\Java\jre1.5.0_02
C:\Program Files\Java\jre1.5.0_02\bin\awt.dll
C:\Program Files\Java\jre1.5.0_02\bin\axbridge.dll
C:\Program Files\Java\jre1.5.0_02\bin\client\classes.jsa
C:\Program Files\Java\jre1.5.0_02\bin\client\jvm.dll
C:\Program Files\Java\jre1.5.0_02\bin\client\Xusage.txt
C:\Program Files\Java\jre1.5.0_02\bin\cmm.dll
C:\Program Files\Java\jre1.5.0_02\bin\dcpr.dll
C:\Program Files\Java\jre1.5.0_02\bin\deploy.dll
C:\Program Files\Java\jre1.5.0_02\bin\dt_shmem.dll
C:\Program Files\Java\jre1.5.0_02\bin\dt_socket.dll
C:\Program Files\Java\jre1.5.0_02\bin\fontmanager.dll
C:\Program Files\Java\jre1.5.0_02\bin\hpi.dll
C:\Program Files\Java\jre1.5.0_02\bin\hprof.dll
C:\Program Files\Java\jre1.5.0_02\bin\instrument.dll
C:\Program Files\Java\jre1.5.0_02\bin\ioser12.dll
C:\Program Files\Java\jre1.5.0_02\bin\j2pkcs11.dll
C:\Program Files\Java\jre1.5.0_02\bin\jaas_nt.dll
C:\Program Files\Java\jre1.5.0_02\bin\java.dll
C:\Program Files\Java\jre1.5.0_02\bin\java.exe
C:\Program Files\Java\jre1.5.0_02\bin\java_crw_demo.dll
C:\Program Files\Java\jre1.5.0_02\bin\javacpl.exe
C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe
C:\Program Files\Java\jre1.5.0_02\bin\JavaWebStart.dll
C:\Program Files\Java\jre1.5.0_02\bin\javaws.exe
C:\Program Files\Java\jre1.5.0_02\bin\jawt.dll
C:\Program Files\Java\jre1.5.0_02\bin\JdbcOdbc.dll
C:\Program Files\Java\jre1.5.0_02\bin\jdwp.dll
C:\Program Files\Java\jre1.5.0_02\bin\jpeg.dll
C:\Program Files\Java\jre1.5.0_02\bin\jpicom32.dll
C:\Program Files\Java\jre1.5.0_02\bin\jpicpl32.cpl
C:\Program Files\Java\jre1.5.0_02\bin\jpiexp32.dll
C:\Program Files\Java\jre1.5.0_02\bin\jpinscp.dll
C:\Program Files\Java\jre1.5.0_02\bin\jpioji.dll
C:\Program Files\Java\jre1.5.0_02\bin\jpishare.dll
C:\Program Files\Java\jre1.5.0_02\bin\jsound.dll
C:\Program Files\Java\jre1.5.0_02\bin\jsoundds.dll
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\keytool.exe
C:\Program Files\Java\jre1.5.0_02\bin\kinit.exe
C:\Program Files\Java\jre1.5.0_02\bin\klist.exe
C:\Program Files\Java\jre1.5.0_02\bin\ktab.exe
C:\Program Files\Java\jre1.5.0_02\bin\management.dll
C:\Program Files\Java\jre1.5.0_02\bin\msvcrt.dll
C:\Program Files\Java\jre1.5.0_02\bin\net.dll
C:\Program Files\Java\jre1.5.0_02\bin\nio.dll
C:\Program Files\Java\jre1.5.0_02\bin\NPJava11.dll
C:\Program Files\Java\jre1.5.0_02\bin\NPJava12.dll
C:\Program Files\Java\jre1.5.0_02\bin\NPJava13.dll
C:\Program Files\Java\jre1.5.0_02\bin\NPJava14.dll
C:\Program Files\Java\jre1.5.0_02\bin\NPJava32.dll
C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
C:\Program Files\Java\jre1.5.0_02\bin\NPOJI610.dll
C:\Program Files\Java\jre1.5.0_02\bin\orbd.exe
C:\Program Files\Java\jre1.5.0_02\bin\pack200.exe
C:\Program Files\Java\jre1.5.0_02\bin\policytool.exe
C:\Program Files\Java\jre1.5.0_02\bin\RegUtils.dll
C:\Program Files\Java\jre1.5.0_02\bin\rmi.dll
C:\Program Files\Java\jre1.5.0_02\bin\rmid.exe
C:\Program Files\Java\jre1.5.0_02\bin\rmiregistry.exe
C:\Program Files\Java\jre1.5.0_02\bin\servertool.exe
C:\Program Files\Java\jre1.5.0_02\bin\tnameserv.exe
C:\Program Files\Java\jre1.5.0_02\bin\unicows.dll
C:\Program Files\Java\jre1.5.0_02\bin\unpack.dll
C:\Program Files\Java\jre1.5.0_02\bin\unpack200.exe
C:\Program Files\Java\jre1.5.0_02\bin\verify.dll
C:\Program Files\Java\jre1.5.0_02\bin\w2k_lsa_auth.dll
C:\Program Files\Java\jre1.5.0_02\bin\zip.dll
C:\Program Files\Java\jre1.5.0_02\CHANGES
C:\Program Files\Java\jre1.5.0_02\COPYRIGHT
C:\Program Files\Java\jre1.5.0_02\lib\classlist
C:\Program Files\Java\jre1.5.0_02\lib\cmm\CIEXYZ.pf
C:\Program Files\Java\jre1.5.0_02\lib\cmm\GRAY.pf
C:\Program Files\Java\jre1.5.0_02\lib\cmm\LINEAR_RGB.pf
C:\Program Files\Java\jre1.5.0_02\lib\cmm\sRGB.pf
C:\Program Files\Java\jre1.5.0_02\lib\content-types.properties
C:\Program Files\Java\jre1.5.0_02\lib\deploy.jar
C:\Program Files\Java\jre1.5.0_02\lib\ext\dnsns.jar
C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
C:\Program Files\Java\jre1.5.0_02\lib\ext\sunjce_provider.jar
C:\Program Files\Java\jre1.5.0_02\lib\ext\sunpkcs11.jar
C:\Program Files\Java\jre1.5.0_02\lib\flavormap.properties
C:\Program Files\Java\jre1.5.0_02\lib\fontconfig.98.bfc
C:\Program Files\Java\jre1.5.0_02\lib\fontconfig.98.properties.src
C:\Program Files\Java\jre1.5.0_02\lib\fontconfig.bfc
C:\Program Files\Java\jre1.5.0_02\lib\fontconfig.Me.bfc
C:\Program Files\Java\jre1.5.0_02\lib\fontconfig.Me.properties.src
C:\Program Files\Java\jre1.5.0_02\lib\fontconfig.properties.src
C:\Program Files\Java\jre1.5.0_02\lib\fonts\LucidaSansRegular.ttf
C:\Program Files\Java\jre1.5.0_02\lib\i386\jvm.cfg
C:\Program Files\Java\jre1.5.0_02\lib\im\indicim.jar
C:\Program Files\Java\jre1.5.0_02\lib\im\thaiim.jar
C:\Program Files\Java\jre1.5.0_02\lib\images\cursors\cursors.properties
C:\Program Files\Java\jre1.5.0_02\lib\images\cursors\invalid32x32.gif
C:\Program Files\Java\jre1.5.0_02\lib\images\cursors\win32_CopyDrop32x32.gif
C:\Program Files\Java\jre1.5.0_02\lib\images\cursors\win32_CopyNoDrop32x32.gif
C:\Program Files\Java\jre1.5.0_02\lib\images\cursors\win32_LinkDrop32x32.gif
C:\Program Files\Java\jre1.5.0_02\lib\images\cursors\win32_LinkNoDrop32x32.gif
C:\Program Files\Java\jre1.5.0_02\lib\images\cursors\win32_MoveDrop32x32.gif
C:\Program Files\Java\jre1.5.0_02\lib\images\cursors\win32_MoveNoDrop32x32.gif
C:\Program Files\Java\jre1.5.0_02\lib\javaws.jar
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_de.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_es.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_fr.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_it.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_ja.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_ko.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_sv.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_zh_CN.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_zh_HK.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\messages_zh_TW.properties
C:\Program Files\Java\jre1.5.0_02\lib\javaws\miniSplash.jpg
C:\Program Files\Java\jre1.5.0_02\lib\jce.jar
C:\Program Files\Java\jre1.5.0_02\lib\jsse.jar
C:\Program Files\Java\jre1.5.0_02\lib\jvm.hprof.txt
C:\Program Files\Java\jre1.5.0_02\lib\logging.properties
C:\Program Files\Java\jre1.5.0_02\lib\management\jmxremote.access
C:\Program Files\Java\jre1.5.0_02\lib\management\jmxremote.password.template
C:\Program Files\Java\jre1.5.0_02\lib\management\management.properties
C:\Program Files\Java\jre1.5.0_02\lib\management\snmp.acl.template
C:\Program Files\Java\jre1.5.0_02\lib\net.properties
C:\Program Files\Java\jre1.5.0_02\lib\plugin.jar
C:\Program Files\Java\jre1.5.0_02\lib\psfont.properties.ja
C:\Program Files\Java\jre1.5.0_02\lib\psfontj2d.properties
C:\Program Files\Java\jre1.5.0_02\lib\rt.jar
C:\Program Files\Java\jre1.5.0_02\lib\security\cacerts
C:\Program Files\Java\jre1.5.0_02\lib\security\java.policy
C:\Program Files\Java\jre1.5.0_02\lib\security\java.security
C:\Program Files\Java\jre1.5.0_02\lib\security\javaws.policy
C:\Program Files\Java\jre1.5.0_02\lib\security\local_policy.jar
C:\Program Files\Java\jre1.5.0_02\lib\security\US_export_policy.jar
C:\Program Files\Java\jre1.5.0_02\lib\sound.properties
C:\Program Files\Java\jre1.5.0_02\lib\tzmappings
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Abidjan
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Accra
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Addis_Ababa
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Algiers
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Asmera
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Bamako
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Bangui
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Banjul
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Bissau
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Blantyre
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Brazzaville
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Bujumbura
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Cairo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Casablanca
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Ceuta
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Conakry
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Dakar
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Dar_es_Salaam
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Djibouti
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Douala
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\El_Aaiun
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Freetown
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Gaborone
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Harare
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Johannesburg
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Kampala
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Khartoum
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Kigali
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Kinshasa
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Lagos
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Libreville
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Lome
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Luanda
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Lubumbashi
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Lusaka
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Malabo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Maputo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Maseru
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Mbabane
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Mogadishu
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Monrovia
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Nairobi
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Ndjamena
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Niamey
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Nouakchott
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Ouagadougou
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Porto-Novo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Sao_Tome
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Timbuktu
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Tripoli
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Tunis
C:\Program Files\Java\jre1.5.0_02\lib\zi\Africa\Windhoek
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Adak
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Anchorage
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Anguilla
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Antigua
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Araguaina
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Aruba
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Asuncion
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Bahia
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Barbados
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Belem
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Belize
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Boa_Vista
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Bogota
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Boise
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Buenos_Aires
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Cambridge_Bay
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Campo_Grande
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Cancun
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Caracas
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Catamarca
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Cayenne
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Cayman
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Chicago
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Chihuahua
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Cordoba
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Costa_Rica
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Cuiaba
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Curacao
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Danmarkshavn
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Dawson
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Dawson_Creek
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Denver
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Detroit
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Dominica
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Edmonton
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Eirunepe
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\El_Salvador
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Fortaleza
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Glace_Bay
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Godthab
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Goose_Bay
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Grand_Turk
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Grenada
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Guadeloupe
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Guatemala
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Guayaquil
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Guyana
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Halifax
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Havana
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Hermosillo
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Indiana\Knox
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Indiana\Marengo
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Indiana\Vevay
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Indianapolis
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Inuvik
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Iqaluit
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Jamaica
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Jujuy
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Juneau
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Kentucky\Monticello
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\La_Paz
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Lima
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Los_Angeles
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Louisville
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Maceio
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Managua
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Manaus
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Martinique
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Mazatlan
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Mendoza
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Menominee
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Merida
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Mexico_City
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Miquelon
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Monterrey
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Montevideo
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Montreal
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Montserrat
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Nassau
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\New_York
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Nipigon
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Nome
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Noronha
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\North_Dakota\Center
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Panama
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Pangnirtung
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Paramaribo
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Phoenix
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Port-au-Prince
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Port_of_Spain
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Porto_Velho
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Puerto_Rico
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Rainy_River
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Rankin_Inlet
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Recife
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Regina
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Rio_Branco
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Santiago
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Santo_Domingo
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Sao_Paulo
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Scoresbysund
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\St_Johns
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\St_Kitts
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\St_Lucia
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\St_Thomas
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\St_Vincent
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Swift_Current
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Tegucigalpa
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Thule
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Thunder_Bay
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Tijuana
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Toronto
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Tortola
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Vancouver
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Whitehorse
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Winnipeg
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Yakutat
C:\Program Files\Java\jre1.5.0_02\lib\zi\America\Yellowknife
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\Casey
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\Davis
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\DumontDUrville
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\Mawson
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\McMurdo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\Palmer
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\Rothera
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\Syowa
C:\Program Files\Java\jre1.5.0_02\lib\zi\Antarctica\Vostok
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Aden
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Almaty
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Amman
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Anadyr
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Aqtau
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Aqtobe
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Ashgabat
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Baghdad
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Bahrain
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Baku
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Bangkok
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Beirut
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Bishkek
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Brunei
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Calcutta
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Choibalsan
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Chongqing
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Colombo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Damascus
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Dhaka
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Dili
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Dubai
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Dushanbe
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Gaza
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Harbin
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Hong_Kong
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Hovd
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Irkutsk
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Jakarta
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Jayapura
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Jerusalem
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Kabul
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Kamchatka
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Karachi
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Kashgar
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Katmandu
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Krasnoyarsk
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Kuala_Lumpur
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Kuching
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Kuwait
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Macau
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Magadan
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Makassar
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Manila
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Muscat
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Nicosia
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Novosibirsk
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Omsk
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Oral
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Phnom_Penh
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Pontianak
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Pyongyang
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Qatar
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Qyzylorda
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Rangoon
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Riyadh
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Riyadh87
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Riyadh88
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Riyadh89
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Saigon
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Sakhalin
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Samarkand
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Seoul
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Shanghai
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Singapore
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Taipei
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Tashkent
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Tbilisi
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Tehran
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Thimphu
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Tokyo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Ulaanbaatar
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Urumqi
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Vientiane
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Vladivostok
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Yakutsk
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Yekaterinburg
C:\Program Files\Java\jre1.5.0_02\lib\zi\Asia\Yerevan
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\Azores
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\Bermuda
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\Canary
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\Cape_Verde
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\Faeroe
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\Madeira
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\Reykjavik
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\South_Georgia
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\St_Helena
C:\Program Files\Java\jre1.5.0_02\lib\zi\Atlantic\Stanley
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Adelaide
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Brisbane
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Broken_Hill
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Darwin
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Hobart
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Lindeman
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Lord_Howe
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Melbourne
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Perth
C:\Program Files\Java\jre1.5.0_02\lib\zi\Australia\Sydney
C:\Program Files\Java\jre1.5.0_02\lib\zi\CET
C:\Program Files\Java\jre1.5.0_02\lib\zi\EET
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-1
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-10
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-11
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-12
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-13
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-14
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-2
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-3
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-4
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-5
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-6
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-7
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-8
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT-9
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\GMT
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\UCT
C:\Program Files\Java\jre1.5.0_02\lib\zi\Etc\UTC
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Amsterdam
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Andorra
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Athens
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Belfast
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Belgrade
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Berlin
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Brussels
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Bucharest
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Budapest
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Chisinau
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Copenhagen
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Dublin
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Gibraltar
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Helsinki
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Istanbul
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Kaliningrad
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Kiev
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Lisbon
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\London
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Luxembourg
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Madrid
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Malta
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Minsk
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Monaco
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Moscow
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Oslo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Paris
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Prague
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Riga
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Rome
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Samara
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Simferopol
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Sofia
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Stockholm
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Tallinn
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Tirane
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Uzhgorod
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Vaduz
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Vienna
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Vilnius
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Warsaw
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Zaporozhye
C:\Program Files\Java\jre1.5.0_02\lib\zi\Europe\Zurich
C:\Program Files\Java\jre1.5.0_02\lib\zi\GMT
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Antananarivo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Chagos
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Christmas
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Cocos
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Comoro
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Kerguelen
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Mahe
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Maldives
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Mauritius
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Mayotte
C:\Program Files\Java\jre1.5.0_02\lib\zi\Indian\Reunion
C:\Program Files\Java\jre1.5.0_02\lib\zi\MET
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Apia
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Auckland
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Chatham
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Easter
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Efate
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Enderbury
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Fakaofo
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Fiji
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Funafuti
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Galapagos
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Gambier
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Guadalcanal
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Guam
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Honolulu
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Johnston
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Kiritimati
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Kosrae
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Kwajalein
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Majuro
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Marquesas
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Midway
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Nauru
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Niue
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Norfolk
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Noumea
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Pago_Pago
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Palau
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Pitcairn
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Ponape
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Port_Moresby
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Rarotonga
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Saipan
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Tahiti
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Tarawa
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Tongatapu
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Truk
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Wake
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Wallis
C:\Program Files\Java\jre1.5.0_02\lib\zi\Pacific\Yap
C:\Program Files\Java\jre1.5.0_02\lib\zi\WET
C:\Program Files\Java\jre1.5.0_02\lib\zi\ZoneInfoMappings
C:\Program Files\Java\jre1.5.0_02\LICENSE
C:\Program Files\Java\jre1.5.0_02\PATCH.ERR
C:\Program Files\Java\jre1.5.0_02\README.txt
C:\Program Files\Java\jre1.5.0_02\THIRDPARTYLICENSEREADME.txt
C:\Program Files\Java\jre1.5.0_02\Welcome.html
C:\Temp\berDrv11
C:\WINDOWS\BMc388a54a.xml
C:\WINDOWS\System\AlxRes071109.exe
C:\WINDOWS\system32\inf\scrsys071109.scr
C:\WINDOWS\system32\inf\scrsys16_071109.dll
C:\WINDOWS\system32\mwisys32_071117.dll
C:\WINDOWS\system32\mwisys32_071215.dll
C:\WINDOWS\system32\winsys16_071109.dll
C:\WINDOWS\system32\winsys32_071109.dll
C:\WINDOWS\system32\xcsDd05

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-09 06:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 06:12 . 2008-05-09 06:14 <DIR> d-------- C:\Documents and Settings\jonathan\.SunDownloadManager
2008-05-01 19:05 . 2008-05-01 19:07 <DIR> d-------- C:\Documents and Settings\jonathan\Application Data\Move Networks
2008-05-01 12:53 . 2008-05-01 12:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 12:53 . 2008-05-01 12:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 11:14 . 2008-04-26 11:14 3,443,248 --a------ C:\Ashley Simpson - Outta My Head (Ay Ya Ya).mp3
2008-04-22 16:43 . 2008-04-22 16:43 <DIR> d-------- C:\Deckard
2008-04-21 20:31 . 2008-04-22 16:16 385 --a------ C:\WINDOWS\wininit.ini
2008-04-21 16:28 . 2008-05-10 10:23 <DIR> d-------- C:\Temp
2008-04-21 15:40 . 2008-04-21 15:43 4,855,654 --a------ C:\Atreyu - Suicide Notes and Butterfly Kisses.mp3
2008-04-21 15:40 . 2008-04-21 15:43 4,520,176 --a------ C:\Atreyu - Doomsday.mp3
2008-04-21 15:40 . 2008-04-21 15:42 3,572,297 --a------ C:\Atreyu - Ain't Love Grand.mp3
2008-04-21 15:40 . 2008-04-21 15:43 3,511,152 --a------ C:\Atreyu - Bleeding Mascara.mp3
2008-04-21 15:39 . 2008-04-21 15:43 5,808,256 --a------ C:\Atreyu - The Crimson.mp3
2008-04-21 15:39 . 2008-04-21 15:43 3,302,848 --a------ C:\Atreyu - You Give Love A Bad Name.mp3
2008-04-21 15:38 . 2008-04-21 15:43 7,027,145 --a------ C:\Atreyu - Her Portrait In Black.mp3
2008-04-21 15:38 . 2008-04-21 15:43 6,578,234 --a------ C:\atreyu - The Theft.mp3
2008-04-21 15:38 . 2008-04-21 15:41 4,877,347 --a------ C:\Atreyu - Lip Gloss And Black.mp3
2008-04-21 15:38 . 2008-04-21 15:41 3,504,068 --a------ C:\Atreyu - Becoming the Bull.mp3
2008-04-21 15:38 . 2008-04-21 15:43 3,384,807 --a------ C:\Atreyu - Ex's and Oh's.mp3
2008-04-21 15:36 . 2008-04-21 15:37 3,653,607 --a------ C:\Story of The Year - Falling Down.mp3
2008-04-20 23:49 . 2008-04-20 23:49 <DIR> d-------- C:\bintheredunthat
2008-04-20 23:25 . 2008-04-20 23:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-20 23:25 . 2008-04-20 23:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-20 23:06 . 2008-04-20 23:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-20 23:05 . 2008-04-20 23:47 <DIR> d-------- C:\Documents and Settings\jonathan\.housecall6.6
2008-04-20 11:48 . 2008-04-20 23:49 <DIR> d-------- C:\BFU
2008-04-19 22:07 . 2008-04-19 22:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-19 22:07 . 2008-04-19 22:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-19 22:03 . 2008-04-19 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 21:55 . 2008-04-19 21:55 <DIR> d-------- C:\Documents and Settings\jonathan\Application Data\GlarySoft
2008-04-19 21:51 . 2008-04-19 21:51 <DIR> d-------- C:\Program Files\Registry Repair
2008-04-19 01:02 . 2008-04-19 01:02 301 --a------ C:\194.bat
2008-04-18 20:45 . 2008-04-18 20:54 <DIR> d--hs---- C:\Documents and Settings\jonathan\!
2008-04-15 21:51 . 2006-11-13 15:45 1,419,232 --a------ C:\Documents and Settings\jonathan\wdfcoinstaller01005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 17:23 --------- d-----w C:\Program Files\Java
2008-05-10 17:08 --------- d-----w C:\Documents and Settings\jonathan\Application Data\AVG7
2008-05-10 06:37 --------- d-----w C:\Program Files\Warcraft III
2008-04-26 22:52 --------- d-----w C:\Documents and Settings\jonathan\Application Data\SyncCell
2008-04-26 18:26 --------- d-----w C:\Documents and Settings\jonathan\Application Data\LimeWire
2008-04-21 06:49 --------- d-----w C:\Program Files\Gamenext
2008-04-21 06:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-20 04:55 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-19 08:05 --------- d-----w C:\Program Files\LimeWire
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 00:44 --------- d-----w C:\Documents and Settings\jonathan\Application Data\PlayFirst
2008-03-18 00:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
2008-03-13 05:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-12-28 13:23 817,985 ----a-w C:\Documents and Settings\jonathan\BluetoothFileSenderLiteSetup.exe
2006-06-09 20:42 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-29 21:09 288 -c--a-w C:\Documents and Settings\Compaq_Owner\zzz.exe
2005-12-21 19:23 33,968 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-12-16 23:31 0 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2005-07-30 00:24 472 --sha-r C:\WINDOWS\am9u\uA6R.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-05-09_ 6.51.14.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 13:41:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 17:26:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:35 579584]
"avp"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-04 23:43 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.xvid"= xvid.dll
path=
backup=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
S3 FastLynx;FastLynx;C:\Program Files\FastLynx\FastLynx.sys [2002-10-07 12:40]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 19:48:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-10 17:26:46 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-08 23:21:47 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 10:26:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
.
**************************************************************************
.
Completion time: 2008-05-10 10:36:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 17:36:18
ComboFix2.txt 2008-05-09 13:51:28

Pre-Run: 23,216,373,760 bytes free
Post-Run: 23,352,385,536 bytes free

892 --- E O F --- 2008-04-20 10:09:33

#11 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 10 May 2008 - 12:57 PM

Hello masterhuli,

I am waiting the new HijackThis log and i will post back to you almost immediately. :thumbsup:
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#12 masterhuli

masterhuli
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 10 May 2008 - 04:54 PM

oops thought i sent it sorry hee it is


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:18 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avp] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 5432 bytes

#13 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 10 May 2008 - 11:35 PM

Hello masterhuli,

Download and Run OTMoveIt2

Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
C:\WINDOWS\am9u
  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------
Post back:
OTMoveIt2 report.
Malwarebytes' Anti-Malware report.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#14 masterhuli

masterhuli
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 11 May 2008 - 01:49 PM

here is the log

C:\WINDOWS\am9u moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05112008_101549


ok i did all of that and then deleted it all but everytime i try to pull the log up and error occures and it saye access denied and this is on the maleware program.

#15 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 12 May 2008 - 12:06 AM

ok i did all of that and then deleted it all but everytime i try to pull the log up and error occures and it saye access denied and this is on the maleware program.

OTMoveIt2 report is fine.

Which log? Malwarebytes' Anti-Malware report? Did you download and run the tool?
If yes you can open the report in Notepad, edit/select all and copy past back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users