Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

AN OLD COMPUTOR NEWBIE IN DIRE NEED

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

AN OLD COMPUTOR NEWBIE IN DIRE NEED

Unread postby owzatsteve » November 5th, 2007, 4:55 pm

good evening i,m sorry to say i am very new to this and very much an old computor newbie , it has now become my only source of comunicating with the outside world ,but i am having great problems with numerouse companies offering me a free virus scan and probally 100 pop ups of these when i wake in the morning ,anyones help would be greatly recieved and a donation is not a problem ,in my terms my worlds eyes and ears are closing
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND
Advertisement
Register to Remove

Unread postby beynac » November 7th, 2007, 10:33 am

Good afternoon. Welcome to Malware Removal. :)

I'll be happy to help you sort out your problem. In order to help me with this, please note the following points:
  • If you have any questions or problems - stop and ask
  • It's important that you do not take any independent action to clean the computer (e.g. scans and clean-up programs)
  • Please continue until I give the "all clear". The symptoms may disappear quite quickly, but this doesn't mean that the computer is clean
----------------------------------------------

Please download HJTInstall.exe and save it to your desktop
  • Double click on the HJTInstall.exe icon on your desktop
  • Click I Accept
  • HijackThis will open
  • Click on the Do a system scan and save a log file button.
  • It will scan and then the log will open in notepad.
  • Paste the log as a reply to this thread.
  • Don't use the Analyse This button - its findings are dangerous if misinterpreted.
Do NOT have HijackThis fix anything yet.

---------------------------------------------

Please post the HijackThis log as a reply to this thread.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby owzatsteve » November 7th, 2007, 4:37 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:10, on 07/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Add-on\icthis.exe
C:\Program Files\Online Add-on\isfmntr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Online Add-on\icmntr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\System32\vi32.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\WinAnonymous\GDC.exe
C:\PROGRA~1\WINANO~1\UGDCcw.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\WinAnonymous\mc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
c:\windows\system32\alle32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Add-on\isfmdl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Online Add-on\ictmdl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\System32\vi32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\WINANO~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\mc.exe" dm=http://winanonymous.com; ad=http://winanonymous.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7978516467
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7978494077
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper ... Helper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spin ... lashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.virginmedia.com/online ... der_v5.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinoclassic.microgaming.com/c ... ashAX2.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O22 - SharedTaskScheduler: eurymus - {ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b} - C:\WINDOWS\System32\rrtrit.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\icf.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9898 bytes

thank you very much i do not know whats on the computor as it was given to me so i could keep in touch with people .your kindness is much appreciated ,god bless you
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby beynac » November 7th, 2007, 6:39 pm

Good evening.

You have got an impressive set of malware on your computer! Your version of XP is unpatched and you haven't got an antivirus program or firewall running. This leaves you wide open to infection. We should get that sorted out first, but I think that we need to get some of the popups stopped before we attempt anything else. It is important that you don't connect to the internet except for the purpose of running our 'fixes'. Leave it connected while running our scans as some of the tools we use need to connect to the internet.

There's quite a lot to do in this post. Take it one step at a time. Stop and ask if you are unsure of anything.

------------------------------------------------

SmitFraudFix (by S!Ri)
  • Please download SmitFraudFix from here and save it to your Desktop.
Do not use it yet.

---------------------------------------------

You need to reboot your computer in Safe Mode for the next step. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an 'always on' connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting a menu appears.
  • Use up-arrow key to select Safe Mode and press Enter.
-------------------------------------------------------------

Double-click on SmitFraudFix, on your desktop, to run the program.
Select option #2 - Clean by typing 2 and press 'Enter' to delete infected files.

You will be prompted : 'Registry cleaning - Do you want to clean the registry ?'; answer 'Yes' by typing Y and press 'Enter' in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer 'Yes' by typing Y and press 'Enter'.

The tool may need to restart your computer to finish the cleaning process.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt.

-------------------------------------------------

Reboot into Normal Mode

-------------------------------------------------

Double-click on SmitFraudFix, on your desktop, to run the program.
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question 'Restore Trusted Zone ?' by typing Y and hit Enter.

-----------------------------------------------------------

ComboFix by sUBs

Important: If you already have ComboFix on your computer, please delete it and download the latest version.
  • Download this file - ComboFix.exe. (Please save it on your desktop).
  • Close all open windows.
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it will produce a log for you. Please post that log in your next reply
Important: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

-----------------------------------------------

Please run another HijackThis scan and post the following, as a reply to this post:
  • The SmitFraudFix report (C:\rapport.txt)
  • The ComboFix log
  • A new HijackThis log
Note: You will probably need more than one post. I suggest that you use one post for the SmitFraudFix report and the HijackThis log and then a second one for the ComboFix log. It is important that I see the full logs.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby owzatsteve » November 7th, 2007, 7:07 pm

thank you for your help beynac i will have to try this tommorrow as its very late here us old und need our beauty sleep lol many thanks
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby owzatsteve » November 8th, 2007, 8:39 am

SmitFraudFix v2.250

Scan done at 23:35:06.76, 07/11/2007
Run from C:\Documents and Settings\Chappers\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{06F3A4EB-056A-4901-BDD6-E5321769E32A}: DhcpNameServer=194.168.8.100 194.168.4.100
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B725AF3F-B8A6-4E9C-858D-D680CD0AF482}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{06F3A4EB-056A-4901-BDD6-E5321769E32A}: DhcpNameServer=194.168.8.100 194.168.4.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B725AF3F-B8A6-4E9C-858D-D680CD0AF482}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{06F3A4EB-056A-4901-BDD6-E5321769E32A}: DhcpNameServer=194.168.8.100 194.168.4.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B725AF3F-B8A6-4E9C-858D-D680CD0AF482}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby owzatsteve » November 8th, 2007, 8:40 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:30, on 08/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\WinAnonymous\GDC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7978516467
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7978494077
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper ... Helper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spin ... lashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.virginmedia.com/online ... der_v5.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinoclassic.microgaming.com/c ... ashAX2.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7299 bytes
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby owzatsteve » November 8th, 2007, 8:41 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:30, on 08/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\WinAnonymous\GDC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7978516467
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7978494077
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper ... Helper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spin ... lashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.virginmedia.com/online ... der_v5.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinoclassic.microgaming.com/c ... ashAX2.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7299 bytes
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby owzatsteve » November 8th, 2007, 8:47 am

ComboFix 07-11-08.1 - Chappers 2007-11-08 12:44:47.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.76 [GMT 0:00]
Running from: C:\Documents and Settings\Chappers\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 03:26 76,438 --a------ C:\WINDOWS\picts-8618.zip
2007-11-08 03:26 76,438 --a------ C:\WINDOWS\picts-3129.zip
2007-11-08 03:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 23:38 76,438 --a------ C:\WINDOWS\picts-8760.zip
2007-11-07 23:38 76,438 --a------ C:\WINDOWS\picts-7798.zip
2007-11-07 23:33 1,538 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-07 23:32 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 23:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 23:32 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 23:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 23:32 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 20:43 76,438 --a------ C:\WINDOWS\picts-6380.zip
2007-11-07 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-07 03:09 76,438 --a------ C:\WINDOWS\picts-4760.zip
2007-11-07 03:08 <DIR> d--hs---- C:\FOUND.005
2007-11-07 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-06 20:16 76,438 --a------ C:\WINDOWS\picts-8523.zip
2007-11-06 20:16 76,438 --a------ C:\WINDOWS\picts-6505.zip
2007-11-06 19:51 76,438 --a------ C:\WINDOWS\picts-8001.zip
2007-11-06 19:51 76,438 --a------ C:\WINDOWS\picts-4672.zip
2007-11-06 19:45 76,438 --a------ C:\WINDOWS\picts-3142.zip
2007-11-06 19:45 76,438 --a------ C:\WINDOWS\picts-2894.zip
2007-11-05 19:53 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\WinAnonymous
2007-11-05 19:46 <DIR> d-------- C:\Program Files\WinAnonymous
2007-11-05 19:46 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2007-11-05 19:13 <DIR> d-------- C:\Program Files\Uniblue
2007-11-05 19:13 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\Uniblue
2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\Lavasoft
2007-11-05 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-11-05 18:50 <DIR> d-------- C:\Program Files\Citrix
2007-11-05 18:50 60,968 --a------ C:\Documents and Settings\Chappers\GoToAssistDownloadHelper.exe
2007-11-05 18:02 <DIR> d-------- C:\Program Files\TechTracker
2007-11-05 18:02 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\VersionTracker Pro
2007-11-05 08:09 24,064 --a------ C:\WINDOWS\system32\icf.exe
2007-11-04 19:53 10,240 --a------ C:\mlpss.exe
2007-11-04 19:47 76,438 --a------ C:\WINDOWS\picts-7964.zip
2007-11-04 19:47 76,438 --a------ C:\WINDOWS\picts-5106.zip
2007-11-04 19:47 76,288 -r-hs---- C:\WINDOWS\system32\dllcache\jucheck.exe
2007-11-01 19:25 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2007-10-31 03:54 40 --a------ C:\WINDOWS\ujf635.bin
2007-10-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2007-10-16 23:19 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-16 22:50 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\SpywareBot
2007-10-14 16:40 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-10-12 20:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-12 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-12 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 19:09 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-10-12 19:09 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-12 19:09 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 03:43 97,344 ----a-w C:\WINDOWS\system32\alle32.exe
2007-10-06 03:43 533,056 ----a-w C:\WINDOWS\system32\vi32.exe
2007-09-28 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\pixelStorm
2007-08-24 05:41 97,344 ----a-w C:\WINDOWS\system32\vrm.exe
2007-08-24 05:41 533,056 ----a-w C:\WINDOWS\system32\vsm.exe
2006-04-30 23:26 266 --sh--w C:\Program Files\desktop.ini
2006-04-30 23:26 11,079 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_ 3.26.33.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 10:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2007-11-08 03:22:22 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-08 12:44:46 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-08-12 13:00:10 40,108 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 03:30:34 40,108 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-08-12 13:00:10 311,912 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 03:30:34 311,912 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 17:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-05 00:28]
"jucheck"="C:\WINDOWS\system32\dllcache\jucheck.exe" [2007-11-04 17:13]
"WinAnonymous"="C:\Program Files\WinAnonymous\GDC.exe" [2007-10-10 19:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 16:49]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2007-11-05 18:02:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-11-05 18:50 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c

S3 Bulk;HDJBulk;C:\WINDOWS\System32\Drivers\HDJBulk.sys
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\System32\DRIVERS\HDJMidi.sys
S3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\System32\drivers\stac97na.sys
S3 STAC97NH;STAC97NH;C:\WINDOWS\System32\drivers\stac97nh.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 15:00:02 C:\WINDOWS\Tasks\Norton Security Scan.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 12:46:01
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 12:46:38
C:\ComboFix2.txt ... 2007-11-08 03:26
.
--- E O F ---
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby owzatsteve » November 8th, 2007, 8:50 am

ComboFix 07-11-08.1 - Chappers 2007-11-08 12:44:47.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.76 [GMT 0:00]
Running from: C:\Documents and Settings\Chappers\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 03:26 76,438 --a------ C:\WINDOWS\picts-8618.zip
2007-11-08 03:26 76,438 --a------ C:\WINDOWS\picts-3129.zip
2007-11-08 03:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 23:38 76,438 --a------ C:\WINDOWS\picts-8760.zip
2007-11-07 23:38 76,438 --a------ C:\WINDOWS\picts-7798.zip
2007-11-07 23:33 1,538 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-07 23:32 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 23:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 23:32 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 23:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 23:32 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 20:43 76,438 --a------ C:\WINDOWS\picts-6380.zip
2007-11-07 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-07 03:09 76,438 --a------ C:\WINDOWS\picts-4760.zip
2007-11-07 03:08 <DIR> d--hs---- C:\FOUND.005
2007-11-07 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-06 20:16 76,438 --a------ C:\WINDOWS\picts-8523.zip
2007-11-06 20:16 76,438 --a------ C:\WINDOWS\picts-6505.zip
2007-11-06 19:51 76,438 --a------ C:\WINDOWS\picts-8001.zip
2007-11-06 19:51 76,438 --a------ C:\WINDOWS\picts-4672.zip
2007-11-06 19:45 76,438 --a------ C:\WINDOWS\picts-3142.zip
2007-11-06 19:45 76,438 --a------ C:\WINDOWS\picts-2894.zip
2007-11-05 19:53 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\WinAnonymous
2007-11-05 19:46 <DIR> d-------- C:\Program Files\WinAnonymous
2007-11-05 19:46 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2007-11-05 19:13 <DIR> d-------- C:\Program Files\Uniblue
2007-11-05 19:13 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\Uniblue
2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\Lavasoft
2007-11-05 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-11-05 18:50 <DIR> d-------- C:\Program Files\Citrix
2007-11-05 18:50 60,968 --a------ C:\Documents and Settings\Chappers\GoToAssistDownloadHelper.exe
2007-11-05 18:02 <DIR> d-------- C:\Program Files\TechTracker
2007-11-05 18:02 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\VersionTracker Pro
2007-11-05 08:09 24,064 --a------ C:\WINDOWS\system32\icf.exe
2007-11-04 19:53 10,240 --a------ C:\mlpss.exe
2007-11-04 19:47 76,438 --a------ C:\WINDOWS\picts-7964.zip
2007-11-04 19:47 76,438 --a------ C:\WINDOWS\picts-5106.zip
2007-11-04 19:47 76,288 -r-hs---- C:\WINDOWS\system32\dllcache\jucheck.exe
2007-11-01 19:25 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2007-10-31 03:54 40 --a------ C:\WINDOWS\ujf635.bin
2007-10-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2007-10-16 23:19 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-16 22:50 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\SpywareBot
2007-10-14 16:40 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-10-12 20:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-12 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-12 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 19:09 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-10-12 19:09 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-12 19:09 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 03:43 97,344 ----a-w C:\WINDOWS\system32\alle32.exe
2007-10-06 03:43 533,056 ----a-w C:\WINDOWS\system32\vi32.exe
2007-09-28 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\pixelStorm
2007-08-24 05:41 97,344 ----a-w C:\WINDOWS\system32\vrm.exe
2007-08-24 05:41 533,056 ----a-w C:\WINDOWS\system32\vsm.exe
2006-04-30 23:26 266 --sh--w C:\Program Files\desktop.ini
2006-04-30 23:26 11,079 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_ 3.26.33.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 10:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2007-11-08 03:22:22 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-08 12:44:46 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-08-12 13:00:10 40,108 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 03:30:34 40,108 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-08-12 13:00:10 311,912 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 03:30:34 311,912 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 17:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-05 00:28]
"jucheck"="C:\WINDOWS\system32\dllcache\jucheck.exe" [2007-11-04 17:13]
"WinAnonymous"="C:\Program Files\WinAnonymous\GDC.exe" [2007-10-10 19:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 16:49]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2007-11-05 18:02:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-11-05 18:50 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c

S3 Bulk;HDJBulk;C:\WINDOWS\System32\Drivers\HDJBulk.sys
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\System32\DRIVERS\HDJMidi.sys
S3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\System32\drivers\stac97na.sys
S3 STAC97NH;STAC97NH;C:\WINDOWS\System32\drivers\stac97nh.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 15:00:02 C:\WINDOWS\Tasks\Norton Security Scan.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 12:46:01
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
thank you bayner i do hope i,ve done this properly i would hate to make you task any harder ,i appologise for my slowness as i am still learning but i must say with these tasks you are asking me to do things are seeming to make more sence many thanks
**************************************************************************
.
Completion time: 2007-11-08 12:46:38
C:\ComboFix2.txt ... 2007-11-08 03:26
.
--- E O F ---
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby beynac » November 8th, 2007, 9:10 am

The HijackThis log is a lot cleaner. You appear to have run ComboFix twice. It is important that I see the log from the first run. Click on Start then My Computer and open the file C:\ComboFix2.txt. Copy the contents and post as a reply to this thread.

I need to see this as soon as possible, so please let me know if you have any trouble finding it.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby owzatsteve » November 8th, 2007, 11:00 am

ComboFix 07-11-08.1 - Chappers 2007-11-08 3:22:26.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.72 [GMT 0:00]Running from: C:\Documents and Settings\Chappers\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Chappers\Application Data\installer_en[1].exe
C:\Documents and Settings\Chappers\Desktop\internet.lnk
C:\Documents and Settings\Chappers\Desktop\internetgamebox.lnk
c:\Documents and Settings\Chappers\Local Settings\Application Data\tipacvdeqg.dat
C:\Documents and Settings\Chappers\Local Settings\Application Data\tipacvdeqg.exe
C:\Documents and Settings\Chappers\Local Settings\Application Data\tipacvdeqg_nav.dat
C:\Documents and Settings\Chappers\Local Settings\Application Data\tipacvdeqg_navps.dat
C:\Documents and Settings\Chappers\Start Menu\Programs\InternetGameBox
C:\Documents and Settings\Chappers\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\Chappers\Start Menu\Programs\InternetGameBox\Privacy Policy.lnk
C:\Documents and Settings\Chappers\Start Menu\Programs\InternetGameBox\Terms and conditions.lnk
C:\Documents and Settings\Chappers\Start Menu\Programs\InternetGameBox\Website.lnk
C:\Program Files\internetgamebox
C:\Program Files\internetgamebox\InternetGameBox.exe
C:\Program Files\internetgamebox\language
C:\Program Files\internetgamebox\Privacy Policy.url
C:\Program Files\internetgamebox\ressources\AttenteOff.html
C:\Program Files\internetgamebox\ressources\AttenteOn.html
C:\Program Files\internetgamebox\ressources\configv2_en.xml
C:\Program Files\internetgamebox\ressources\configv2_es.xml
C:\Program Files\internetgamebox\ressources\configv2_fr.xml
C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
C:\Program Files\internetgamebox\skins\skinv2.skn
C:\Program Files\internetgamebox\Terms and conditions.url
C:\Program Files\internetgamebox\uninst.exe
C:\Program Files\internetgamebox\Website.url
C:\WINDOWS\bck7.dat
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\rmvalid.exe
C:\WINDOWS\system32\smvalid.exe
C:\WINDOWS\system32\u2g.f

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ASC3550F
-------\LEGACY_ICF
-------\ICF


((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 03:26 76,438 --a------ C:\WINDOWS\picts-8618.zip
2007-11-08 03:26 76,438 --a------ C:\WINDOWS\picts-3129.zip
2007-11-08 03:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 23:38 76,438 --a------ C:\WINDOWS\picts-8760.zip
2007-11-07 23:38 76,438 --a------ C:\WINDOWS\picts-7798.zip
2007-11-07 23:33 1,538 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-07 23:32 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 23:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 23:32 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 23:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 23:32 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 20:43 76,438 --a------ C:\WINDOWS\picts-6380.zip
2007-11-07 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-07 03:09 76,438 --a------ C:\WINDOWS\picts-4760.zip
2007-11-07 03:08 <DIR> d--hs---- C:\FOUND.005
2007-11-07 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-06 20:16 76,438 --a------ C:\WINDOWS\picts-8523.zip
2007-11-06 20:16 76,438 --a------ C:\WINDOWS\picts-6505.zip
2007-11-06 19:51 76,438 --a------ C:\WINDOWS\picts-8001.zip
2007-11-06 19:51 76,438 --a------ C:\WINDOWS\picts-4672.zip
2007-11-06 19:45 76,438 --a------ C:\WINDOWS\picts-3142.zip
2007-11-06 19:45 76,438 --a------ C:\WINDOWS\picts-2894.zip
2007-11-05 19:53 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\WinAnonymous
2007-11-05 19:46 <DIR> d-------- C:\Program Files\WinAnonymous
2007-11-05 19:46 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2007-11-05 19:13 <DIR> d-------- C:\Program Files\Uniblue
2007-11-05 19:13 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\Uniblue
2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\Lavasoft
2007-11-05 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-11-05 18:50 <DIR> d-------- C:\Program Files\Citrix
2007-11-05 18:50 60,968 --a------ C:\Documents and Settings\Chappers\GoToAssistDownloadHelper.exe
2007-11-05 18:02 <DIR> d-------- C:\Program Files\TechTracker
2007-11-05 18:02 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\VersionTracker Pro
2007-11-05 08:09 24,064 --a------ C:\WINDOWS\system32\icf.exe
2007-11-04 19:53 10,240 --a------ C:\mlpss.exe
2007-11-04 19:47 76,438 --a------ C:\WINDOWS\picts-7964.zip
2007-11-04 19:47 76,438 --a------ C:\WINDOWS\picts-5106.zip
2007-11-04 19:47 76,288 -r-hs---- C:\WINDOWS\system32\dllcache\jucheck.exe
2007-11-01 19:25 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2007-10-31 03:54 40 --a------ C:\WINDOWS\ujf635.bin
2007-10-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2007-10-16 23:19 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-16 22:50 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\SpywareBot
2007-10-14 16:40 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-10-12 20:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-12 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-12 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 19:09 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-10-12 19:09 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-12 19:09 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 03:43 97,344 ----a-w C:\WINDOWS\system32\alle32.exe
2007-10-06 03:43 533,056 ----a-w C:\WINDOWS\system32\vi32.exe
2007-09-28 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\pixelStorm
2007-08-24 05:41 97,344 ----a-w C:\WINDOWS\system32\vrm.exe
2007-08-24 05:41 533,056 ----a-w C:\WINDOWS\system32\vsm.exe
2006-04-30 23:26 266 --sh--w C:\Program Files\desktop.ini
2006-04-30 23:26 11,079 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 17:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-05 00:28]
"jucheck"="C:\WINDOWS\system32\dllcache\jucheck.exe" [2007-11-04 17:13]
"WinAnonymous"="C:\Program Files\WinAnonymous\GDC.exe" [2007-10-10 19:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 16:49]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2007-11-05 18:02:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-11-05 18:50 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c

S3 Bulk;HDJBulk;C:\WINDOWS\System32\Drivers\HDJBulk.sys
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\System32\DRIVERS\HDJMidi.sys
S3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\System32\drivers\stac97na.sys
S3 STAC97NH;STAC97NH;C:\WINDOWS\System32\drivers\stac97nh.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 15:00:02 C:\WINDOWS\Tasks\Norton Security Scan.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 03:26:10
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 3:26:55 - machine was rebooted
.
--- E O F ---
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby beynac » November 8th, 2007, 11:07 am

Thanks for posting the logs. As I said, your HijackThis log is much better but we still have some things to get rid of.

Open Notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\picts-8618.zip
C:\WINDOWS\picts-3129.zip
C:\WINDOWS\picts-8760.zip
C:\WINDOWS\picts-7798.zip
C:\WINDOWS\picts-6380.zip
C:\WINDOWS\picts-4760.zip
C:\WINDOWS\picts-8523.zip
C:\WINDOWS\picts-6505.zip
C:\WINDOWS\picts-8001.zip
C:\WINDOWS\picts-4672.zip
C:\WINDOWS\picts-3142.zip
C:\WINDOWS\picts-2894.zip
C:\WINDOWS\picts-7964.zip
C:\WINDOWS\picts-5106.zip
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\WINDOWS\system32\alle32.exe
C:\WINDOWS\system32\vi32.exe
C:\WINDOWS\system32\vrm.exe
C:\WINDOWS\system32\vsm.exe
C:\WINDOWS\system32\icf.exe
C:\mlpss.exe

Folder::
C:\Documents and Settings\Chappers\Application Data\WinAnonymous
C:\Program Files\WinAnonymous
C:\Program Files\Common Files\WinAnonymous

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jucheck"=-
"WinAnonymous"=-


Save this on your Desktop as CFScript.txt

Image
ComboFix should also be on your Desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe. ComboFix will then run. When finished, it will produce a log (C:\ComboFix.txt). Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running as this may cause it to stall.

------------------------------------------------

Please post, as a reply to this thread:
  • The ComboFix log
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby owzatsteve » November 8th, 2007, 11:31 am

ComboFix 07-11-08.1 - Chappers 2007-11-08 15:22:37.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.95 [GMT 0:00]
Running from: C:\Documents and Settings\Chappers\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chappers\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\mlpss.exe
C:\WINDOWS\picts-2894.zip
C:\WINDOWS\picts-3129.zip
C:\WINDOWS\picts-3142.zip
C:\WINDOWS\picts-4672.zip
C:\WINDOWS\picts-4760.zip
C:\WINDOWS\picts-5106.zip
C:\WINDOWS\picts-6380.zip
C:\WINDOWS\picts-6505.zip
C:\WINDOWS\picts-7798.zip
C:\WINDOWS\picts-7964.zip
C:\WINDOWS\picts-8001.zip
C:\WINDOWS\picts-8523.zip
C:\WINDOWS\picts-8618.zip
C:\WINDOWS\picts-8760.zip
C:\WINDOWS\system32\alle32.exe
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\WINDOWS\system32\icf.exe
C:\WINDOWS\system32\vi32.exe
C:\WINDOWS\system32\vrm.exe
C:\WINDOWS\system32\vsm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chappers\Application Data\WinAnonymous
C:\Documents and Settings\Chappers\Application Data\WinAnonymous\Logs\update.log
C:\mlpss.exe
C:\Program Files\Common Files\WinAnonymous
C:\Program Files\Common Files\WinAnonymous\mc.exe
C:\Program Files\WinAnonymous
C:\Program Files\WinAnonymous\config.ini
C:\Program Files\WinAnonymous\data\application\7-Zip Compression Pgm.scr
C:\Program Files\WinAnonymous\data\application\AbsoluteFTP.scr
C:\Program Files\WinAnonymous\data\application\ACDSee32.scr
C:\Program Files\WinAnonymous\data\application\Acoustica CD Label Maker.scr
C:\Program Files\WinAnonymous\data\application\Ad-aware SE.scr
C:\Program Files\WinAnonymous\data\application\Adaptec's Audio CD.scr
C:\Program Files\WinAnonymous\data\application\Adaptec Easy CD Creator v4.scr
C:\Program Files\WinAnonymous\data\application\Addsoft.scr
C:\Program Files\WinAnonymous\data\application\AddWeb 3.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v3.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v3.1.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v4.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v5.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v6.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v7.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Photoshop v5.0 LE.scr
C:\Program Files\WinAnonymous\data\application\Adobe Photoshop v5.5.scr
C:\Program Files\WinAnonymous\data\application\Adobe Photoshop v6.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Photoshop v7.0.scr
C:\Program Files\WinAnonymous\data\application\Advanced Disk Catalog.scr
C:\Program Files\WinAnonymous\data\application\Advanced MP3 Catalog.scr
C:\Program Files\WinAnonymous\data\application\Advanced Password Recovery.scr
C:\Program Files\WinAnonymous\data\application\ahead cover designer.scr
C:\Program Files\WinAnonymous\data\application\Albatros ADGaspect.scr
C:\Program Files\WinAnonymous\data\application\Albatros ADGpano.scr
C:\Program Files\WinAnonymous\data\application\Albatros ADGview.scr
C:\Program Files\WinAnonymous\data\application\Alcohol MRU List.scr
C:\Program Files\WinAnonymous\data\application\Animation Shop 1.x.scr
C:\Program Files\WinAnonymous\data\application\Animation Shop 3.x.scr
C:\Program Files\WinAnonymous\data\application\AOL - Spool.scr
C:\Program Files\WinAnonymous\data\application\ASPack.scr
C:\Program Files\WinAnonymous\data\application\Avant Browser.scr
C:\Program Files\WinAnonymous\data\application\AX-Icons 4.x.scr
C:\Program Files\WinAnonymous\data\application\Axialis Icon Workshop 5.x.scr
C:\Program Files\WinAnonymous\data\application\Axialis Media Browser.scr
C:\Program Files\WinAnonymous\data\application\Babylon Builder 2.2.scr
C:\Program Files\WinAnonymous\data\application\Babylon Translator.scr
C:\Program Files\WinAnonymous\data\application\BlazeDVD 2.0.scr
C:\Program Files\WinAnonymous\data\application\Bookreader.scr
C:\Program Files\WinAnonymous\data\application\C++ Builder.scr
C:\Program Files\WinAnonymous\data\application\Cabinet Manager.scr
C:\Program Files\WinAnonymous\data\application\Chameleon Web Browser.scr
C:\Program Files\WinAnonymous\data\application\Classify 98.scr
C:\Program Files\WinAnonymous\data\application\Clicktionary 2000.scr
C:\Program Files\WinAnonymous\data\application\CoffeeCup DirectFTP.scr
C:\Program Files\WinAnonymous\data\application\CoffeeCup GIF Animator.scr
C:\Program Files\WinAnonymous\data\application\Cool Edit 2000 1.1.scr
C:\Program Files\WinAnonymous\data\application\Cool Edit Pro.scr
C:\Program Files\WinAnonymous\data\application\Corel PhotoPaint 8.scr
C:\Program Files\WinAnonymous\data\application\CrissCross.scr
C:\Program Files\WinAnonymous\data\application\CRT 2.x.scr
C:\Program Files\WinAnonymous\data\application\Cute FTP v3.0.scr
C:\Program Files\WinAnonymous\data\application\Cute FTP v4.0.scr
C:\Program Files\WinAnonymous\data\application\Cute MX.scr
C:\Program Files\WinAnonymous\data\application\CuteFTP.scr
C:\Program Files\WinAnonymous\data\application\CuteHTML.scr
C:\Program Files\WinAnonymous\data\application\DataRescue_IDA.scr
C:\Program Files\WinAnonymous\data\application\Delphi v3.scr
C:\Program Files\WinAnonymous\data\application\Delphi v4.scr
C:\Program Files\WinAnonymous\data\application\Delphi v5.scr
C:\Program Files\WinAnonymous\data\application\Delphi v7.scr
C:\Program Files\WinAnonymous\data\application\Disk Explorer Professional 3.scr
C:\Program Files\WinAnonymous\data\application\Diskeeper 5.0.scr
C:\Program Files\WinAnonymous\data\application\DivX Player.scr
C:\Program Files\WinAnonymous\data\application\Download Accelerator.scr
C:\Program Files\WinAnonymous\data\application\Ebay Toolbar.scr
C:\Program Files\WinAnonymous\data\application\EditPad.scr
C:\Program Files\WinAnonymous\data\application\EditPlus 2.scr
C:\Program Files\WinAnonymous\data\application\edonkey2000.scr
C:\Program Files\WinAnonymous\data\application\eMule.scr
C:\Program Files\WinAnonymous\data\application\Enfish Onespace.scr
C:\Program Files\WinAnonymous\data\application\Enigma Browser.scr
C:\Program Files\WinAnonymous\data\application\F-Secure SSH 2.x.scr
C:\Program Files\WinAnonymous\data\application\Fix-It 2000.scr
C:\Program Files\WinAnonymous\data\application\FlashGet.scr
C:\Program Files\WinAnonymous\data\application\FotoCanvas 2.0.scr
C:\Program Files\WinAnonymous\data\application\Fotostation 4.0.scr
C:\Program Files\WinAnonymous\data\application\foxit reader.scr
C:\Program Files\WinAnonymous\data\application\Free Download Manager 1.x.scr
C:\Program Files\WinAnonymous\data\application\FTP Explorer.scr
C:\Program Files\WinAnonymous\data\application\FTP Voyager.scr
C:\Program Files\WinAnonymous\data\application\Fun CD.scr
C:\Program Files\WinAnonymous\data\application\Gator.scr
C:\Program Files\WinAnonymous\data\application\GeoVid Video to Flash Batch Converter.scr
C:\Program Files\WinAnonymous\data\application\GetRight ExplorerBar.scr
C:\Program Files\WinAnonymous\data\application\GetRight.scr
C:\Program Files\WinAnonymous\data\application\Go!Zilla.scr
C:\Program Files\WinAnonymous\data\application\Google Deskbar.scr
C:\Program Files\WinAnonymous\data\application\Google Desktop Search History.scr
C:\Program Files\WinAnonymous\data\application\Google Toolbar.scr
C:\Program Files\WinAnonymous\data\application\Google Video Player 1.x.scr
C:\Program Files\WinAnonymous\data\application\GoZilla.scr
C:\Program Files\WinAnonymous\data\application\Gravity Newsreader.scr
C:\Program Files\WinAnonymous\data\application\hardcopy.scr
C:\Program Files\WinAnonymous\data\application\Helios TextPad v3.scr
C:\Program Files\WinAnonymous\data\application\Helios TextPad v4.scr
C:\Program Files\WinAnonymous\data\application\HelpWriter.scr
C:\Program Files\WinAnonymous\data\application\hexworkshop.scr
C:\Program Files\WinAnonymous\data\application\Homesite 4.0.scr
C:\Program Files\WinAnonymous\data\application\Hotbar 3.0.scr
C:\Program Files\WinAnonymous\data\application\HotJava Browser.scr
C:\Program Files\WinAnonymous\data\application\HTML Help Workshop.scr
C:\Program Files\WinAnonymous\data\application\Icon Extractor.scr
C:\Program Files\WinAnonymous\data\application\iMesh.scr
C:\Program Files\WinAnonymous\data\application\InoculatelT PE Antivirus.scr
C:\Program Files\WinAnonymous\data\application\InstallShield Express.scr
C:\Program Files\WinAnonymous\data\application\InterQuick.scr
C:\Program Files\WinAnonymous\data\application\Irfanview.scr
C:\Program Files\WinAnonymous\data\application\Iso Buster.scr
C:\Program Files\WinAnonymous\data\application\Jasc Animation Shop 3.scr
C:\Program Files\WinAnonymous\data\application\JASC Paintshop Pro v5.scr
C:\Program Files\WinAnonymous\data\application\JASC Paintshop Pro v6.scr
C:\Program Files\WinAnonymous\data\application\JASC Paintshop Pro v7.scr
C:\Program Files\WinAnonymous\data\application\JASC Paintshop Pro v8.scr
C:\Program Files\WinAnonymous\data\application\Jet Photo Shell.scr
C:\Program Files\WinAnonymous\data\application\juno.scr
C:\Program Files\WinAnonymous\data\application\K-Lite Codec Pack.scr
C:\Program Files\WinAnonymous\data\application\Kazaa Media Desktop.scr
C:\Program Files\WinAnonymous\data\application\Kodak Imaging.scr
C:\Program Files\WinAnonymous\data\application\LeapFTP 2.6.scr
C:\Program Files\WinAnonymous\data\application\LeechFTP.scr
C:\Program Files\WinAnonymous\data\application\Letterbox.scr
C:\Program Files\WinAnonymous\data\application\LViewPro 2.x.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Dreamweaver MX.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Dreamweaver Ultradev 4.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Firework MX.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Fireworks 3.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Flash MX.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Flash Player.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Flash v4.0.scr
C:\Program Files\WinAnonymous\data\application\Magic ISO Maker 4.6.scr
C:\Program Files\WinAnonymous\data\application\mapinfo mapmarker.scr
C:\Program Files\WinAnonymous\data\application\Mass Download.scr
C:\Program Files\WinAnonymous\data\application\MasterSplitter v2.1.scr
C:\Program Files\WinAnonymous\data\application\McAfee Virus Scan.scr
C:\Program Files\WinAnonymous\data\application\MEDA MP3 Splitter.scr
C:\Program Files\WinAnonymous\data\application\Metapad.scr
C:\Program Files\WinAnonymous\data\application\MGI PHOTOSUITE SE 1.x.scr
C:\Program Files\WinAnonymous\data\application\MGUSOFT Setup Builder.scr
C:\Program Files\WinAnonymous\data\application\Microangelo 98.scr
C:\Program Files\WinAnonymous\data\application\MicroAngelo.scr
C:\Program Files\WinAnonymous\data\application\Micrografx Picture Publisher v7.scr
C:\Program Files\WinAnonymous\data\application\Micrografx Picture Publisher v8.scr
C:\Program Files\WinAnonymous\data\application\Microsoft FrontPage Express.scr
C:\Program Files\WinAnonymous\data\application\Microsoft FrontPage.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Help Workshop.scr
C:\Program Files\WinAnonymous\data\application\Microsoft HTML Help.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Imaging.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Managemant Console.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Netmeeting.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office 2000.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office 2003.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office 97.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office InfoPath 2003.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office XP.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Outlook Express 5.0.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Photo Editor 3.x.scr
C:\Program Files\WinAnonymous\data\application\MicroSoft PhotoDraw.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Picture It Publishing.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Publisher 2000.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Visual Studio 6.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Windows Paint.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Windows WordPad.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Word 2000.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Word Backup Files.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Works 4.0.scr
C:\Program Files\WinAnonymous\data\application\Mijenix Powerdesk 4.0.scr
C:\Program Files\WinAnonymous\data\application\MIRC.scr
C:\Program Files\WinAnonymous\data\application\miroMEDIA PCTV.scr
C:\Program Files\WinAnonymous\data\application\mixmeister.scr
C:\Program Files\WinAnonymous\data\application\Morpheus.scr
C:\Program Files\WinAnonymous\data\application\MovieXone 1.0.scr
C:\Program Files\WinAnonymous\data\application\Mozart 4.0.scr
C:\Program Files\WinAnonymous\data\application\ms autoroute express.scr
C:\Program Files\WinAnonymous\data\application\MS WORD.scr
C:\Program Files\WinAnonymous\data\application\MSE.scr
C:\Program Files\WinAnonymous\data\application\MSN Toolbar.scr
C:\Program Files\WinAnonymous\data\application\Music Match Jukebox.scr
C:\Program Files\WinAnonymous\data\application\MyWay Advertising.scr
C:\Program Files\WinAnonymous\data\application\Napster Music Community.scr
C:\Program Files\WinAnonymous\data\application\Naviscope.scr
C:\Program Files\WinAnonymous\data\application\NEATO Labels.scr
C:\Program Files\WinAnonymous\data\application\nero burning rom.scr
C:\Program Files\WinAnonymous\data\application\Nero Vision.scr
C:\Program Files\WinAnonymous\data\application\Net Vampire 3.x.scr
C:\Program Files\WinAnonymous\data\application\netants.scr
C:\Program Files\WinAnonymous\data\application\NetCaptor.scr
C:\Program Files\WinAnonymous\data\application\netmeeting.scr
C:\Program Files\WinAnonymous\data\application\Netsonic.scr
C:\Program Files\WinAnonymous\data\application\Netzip Download Demon 3.x.scr
C:\Program Files\WinAnonymous\data\application\NewsBin Pro 4.scr
C:\Program Files\WinAnonymous\data\application\Norton AntiVirus 2000 (v6).scr
C:\Program Files\WinAnonymous\data\application\Norton AntiVirus 2003.scr
C:\Program Files\WinAnonymous\data\application\Norton Commander.scr
C:\Program Files\WinAnonymous\data\application\Norton File Manager.scr
C:\Program Files\WinAnonymous\data\application\Norton Firewall.scr
C:\Program Files\WinAnonymous\data\application\Norton Internet Security.scr
C:\Program Files\WinAnonymous\data\application\Norton LiveUpdate.scr
C:\Program Files\WinAnonymous\data\application\Norton Utilities 2000.scr
C:\Program Files\WinAnonymous\data\application\NotePad Plus.scr
C:\Program Files\WinAnonymous\data\application\notetab lite.scr
C:\Program Files\WinAnonymous\data\application\NoteTab Pro.scr
C:\Program Files\WinAnonymous\data\application\Object Rescue.scr
C:\Program Files\WinAnonymous\data\application\OmniPage 10.0.scr
C:\Program Files\WinAnonymous\data\application\OnTrack Powerdesk 4.scr
C:\Program Files\WinAnonymous\data\application\Ontrack PowerDesk 5.scr
C:\Program Files\WinAnonymous\data\application\PackageForTheWeb.scr
C:\Program Files\WinAnonymous\data\application\Paint Shop Pro 5.0.scr
C:\Program Files\WinAnonymous\data\application\Paint Shop Pro 7.0.scr
C:\Program Files\WinAnonymous\data\application\Password Safe.scr
C:\Program Files\WinAnonymous\data\application\PE Explorer 1.95.scr
C:\Program Files\WinAnonymous\data\application\Personal Ancestral File.scr
C:\Program Files\WinAnonymous\data\application\photo magic 4.0.scr
C:\Program Files\WinAnonymous\data\application\PhotoCanvas 2.0.scr
C:\Program Files\WinAnonymous\data\application\Photodex Compupic Pro.scr
C:\Program Files\WinAnonymous\data\application\PhotoDraw 2000.scr
C:\Program Files\WinAnonymous\data\application\PhotoImpact 8.0.scr
C:\Program Files\WinAnonymous\data\application\PhotoImpact Viewer 4.0.scr
C:\Program Files\WinAnonymous\data\application\PicoZip.scr
C:\Program Files\WinAnonymous\data\application\PictureIt Digital Image Pro 7.0.scr
C:\Program Files\WinAnonymous\data\application\PKZip for Windows v2.60.03+.scr
C:\Program Files\WinAnonymous\data\application\PolyView.scr
C:\Program Files\WinAnonymous\data\application\Popup Purger.scr
C:\Program Files\WinAnonymous\data\application\PopUpCop.scr
C:\Program Files\WinAnonymous\data\application\Power archiver.scr
C:\Program Files\WinAnonymous\data\application\PowerArc.scr
C:\Program Files\WinAnonymous\data\application\PowerDVD.scr
C:\Program Files\WinAnonymous\data\application\PowerZip.scr
C:\Program Files\WinAnonymous\data\application\Privacy Eraser Pro.scr
C:\Program Files\WinAnonymous\data\application\Putty hostkeys.scr
C:\Program Files\WinAnonymous\data\application\PYTHON.scr
C:\Program Files\WinAnonymous\data\application\QuickTime.scr
C:\Program Files\WinAnonymous\data\application\Real Audio Player v6 v7 v8.scr
C:\Program Files\WinAnonymous\data\application\Real Download v4.scr
C:\Program Files\WinAnonymous\data\application\RealNetworks Real Download.scr
C:\Program Files\WinAnonymous\data\application\RealOne & RealPlayer.scr
C:\Program Files\WinAnonymous\data\application\RealVNC.scr
C:\Program Files\WinAnonymous\data\application\RegEdit.scr
C:\Program Files\WinAnonymous\data\application\Roxio Easy CD Creator.scr
C:\Program Files\WinAnonymous\data\application\Save Now.scr
C:\Program Files\WinAnonymous\data\application\Scour Exchange.scr
C:\Program Files\WinAnonymous\data\application\Seal Module Mlayer.scr
C:\Program Files\WinAnonymous\data\application\SearchAndBrowse.scr
C:\Program Files\WinAnonymous\data\application\SearchAnt.scr
C:\Program Files\WinAnonymous\data\application\SearchV.scr
C:\Program Files\WinAnonymous\data\application\SearchWolf.scr
C:\Program Files\WinAnonymous\data\application\SearchWWW.scr
C:\Program Files\WinAnonymous\data\application\SideStep.scr
C:\Program Files\WinAnonymous\data\application\Skype.scr
C:\Program Files\WinAnonymous\data\application\Smart Explorer.scr
C:\Program Files\WinAnonymous\data\application\SmartDraw 6.scr
C:\Program Files\WinAnonymous\data\application\smartftp.scr
C:\Program Files\WinAnonymous\data\application\SmartPops.scr
C:\Program Files\WinAnonymous\data\application\Sonic Foundry's Acid 2.0.scr
C:\Program Files\WinAnonymous\data\application\Sonique Player.scr
C:\Program Files\WinAnonymous\data\application\Spinner Plus.scr
C:\Program Files\WinAnonymous\data\application\SpotOn Browser plugin.scr
C:\Program Files\WinAnonymous\data\application\Staff-FTP.scr
C:\Program Files\WinAnonymous\data\application\Star Downloader.scr
C:\Program Files\WinAnonymous\data\application\Stardialer.scr
C:\Program Files\WinAnonymous\data\application\StarOffice 5.x.scr
C:\Program Files\WinAnonymous\data\application\SubmitWolf Pro.scr
C:\Program Files\WinAnonymous\data\application\Sun Java Cache.scr
C:\Program Files\WinAnonymous\data\application\SureThing CD Labeler.scr
C:\Program Files\WinAnonymous\data\application\SVAPlayer.scr
C:\Program Files\WinAnonymous\data\application\SWiSH 2.0.scr
C:\Program Files\WinAnonymous\data\application\Teleport Pro.scr
C:\Program Files\WinAnonymous\data\application\Telnet.scr
C:\Program Files\WinAnonymous\data\application\Text Pad 4.x.scr
C:\Program Files\WinAnonymous\data\application\The Playa.scr
C:\Program Files\WinAnonymous\data\application\Third Voice 1.x.scr
C:\Program Files\WinAnonymous\data\application\Thumbs Plus 4.scr
C:\Program Files\WinAnonymous\data\application\Timesink.scr
C:\Program Files\WinAnonymous\data\application\TinyBar.scr
C:\Program Files\WinAnonymous\data\application\TOPicks.scr
C:\Program Files\WinAnonymous\data\application\Total Commander.scr
C:\Program Files\WinAnonymous\data\application\transponder.scr
C:\Program Files\WinAnonymous\data\application\Trellians Classify 98.scr
C:\Program Files\WinAnonymous\data\application\Tribal Voice's PowWow.scr
C:\Program Files\WinAnonymous\data\application\Trojan Remover.scr
C:\Program Files\WinAnonymous\data\application\TSADBOT.scr
C:\Program Files\WinAnonymous\data\application\UCmore toolbar.scr
C:\Program Files\WinAnonymous\data\application\Ulead Gif Animator v4.0.scr
C:\Program Files\WinAnonymous\data\application\Ulead GIF Animator v5.0.scr
C:\Program Files\WinAnonymous\data\application\Ulead Photo Explorer v4.2.scr
C:\Program Files\WinAnonymous\data\application\Ulead Photo Express.scr
C:\Program Files\WinAnonymous\data\application\Ulead PhotoImpact v5.scr
C:\Program Files\WinAnonymous\data\application\Ulead VideoStudio 4.0.scr
C:\Program Files\WinAnonymous\data\application\Ultimate Paint.scr
C:\Program Files\WinAnonymous\data\application\ULTImate Technology BV v5.5.scr
C:\Program Files\WinAnonymous\data\application\UltraEdit v4.scr
C:\Program Files\WinAnonymous\data\application\UltraEdit v7.scr
C:\Program Files\WinAnonymous\data\application\UltraEdit.scr
C:\Program Files\WinAnonymous\data\application\UltraISO 7.x.scr
C:\Program Files\WinAnonymous\data\application\uTorrent 1.x.scr
C:\Program Files\WinAnonymous\data\application\VBoxEdit.scr
C:\Program Files\WinAnonymous\data\application\VirtualDub.scr
C:\Program Files\WinAnonymous\data\application\VMWARE.scr
C:\Program Files\WinAnonymous\data\application\Vueprint.scr
C:\Program Files\WinAnonymous\data\application\VX2 Respondmiter.scr
C:\Program Files\WinAnonymous\data\application\W32Dasm.scr
C:\Program Files\WinAnonymous\data\application\Web Ferret v3.scr
C:\Program Files\WinAnonymous\data\application\WebFerret.scr
C:\Program Files\WinAnonymous\data\application\webhancer.scr
C:\Program Files\WinAnonymous\data\application\Wildstylz.scr
C:\Program Files\WinAnonymous\data\application\WildTangent.scr
C:\Program Files\WinAnonymous\data\application\WinAce.scr
C:\Program Files\WinAnonymous\data\application\winamp.scr
C:\Program Files\WinAnonymous\data\application\Windows Commander.scr
C:\Program Files\WinAnonymous\data\application\WinHTTrack Website Copier.scr
C:\Program Files\WinAnonymous\data\application\WinOnCD.scr
C:\Program Files\WinAnonymous\data\application\WinRar.scr
C:\Program Files\WinAnonymous\data\application\Winshow.scr
C:\Program Files\WinAnonymous\data\application\WinUAE.scr
C:\Program Files\WinAnonymous\data\application\Winupie.scr
C:\Program Files\WinAnonymous\data\application\WinVNC.scr
C:\Program Files\WinAnonymous\data\application\WinZip v8.scr
C:\Program Files\WinAnonymous\data\application\Wise Installer.scr
C:\Program Files\WinAnonymous\data\application\Worm.Sobig.scr
C:\Program Files\WinAnonymous\data\application\WurldMedia.scr
C:\Program Files\WinAnonymous\data\application\Xara 3D v4.x.scr
C:\Program Files\WinAnonymous\data\application\Xara Webstyle.scr
C:\Program Files\WinAnonymous\data\application\XDialer.scr
C:\Program Files\WinAnonymous\data\application\XING MP3 PLAYER.scr
C:\Program Files\WinAnonymous\data\application\XLoader.scr
C:\Program Files\WinAnonymous\data\application\Xolox.scr
C:\Program Files\WinAnonymous\data\application\Xrenoder.scr
C:\Program Files\WinAnonymous\data\application\Xupiter toolbar.scr
C:\Program Files\WinAnonymous\data\application\Xzoomy.scr
C:\Program Files\WinAnonymous\data\application\Yahoo Player.scr
C:\Program Files\WinAnonymous\data\application\Yahoo! Toolbar.scr
C:\Program Files\WinAnonymous\data\application\Yamaha S-YXG100.scr
C:\Program Files\WinAnonymous\data\application\ZeroPopup.scr
C:\Program Files\WinAnonymous\data\application\ZipMagic 2000.scr
C:\Program Files\WinAnonymous\data\application\Zone Alarm.scr
C:\Program Files\WinAnonymous\data\brand.dat
C:\Program Files\WinAnonymous\data\firefox\firefox - cache.scr
C:\Program Files\WinAnonymous\data\firefox\firefox - cookies.scr
C:\Program Files\WinAnonymous\data\firefox\firefox - history.scr
C:\Program Files\WinAnonymous\data\ie\ie cookies.scr
C:\Program Files\WinAnonymous\data\ie\ie internet cache.scr
C:\Program Files\WinAnonymous\data\ie\ie privacy history.scr
C:\Program Files\WinAnonymous\data\ie\ie typed urls.scr
C:\Program Files\WinAnonymous\data\ie\ie url history.scr
C:\Program Files\WinAnonymous\data\ie\windows autocomplete.scr
C:\Program Files\WinAnonymous\data\ie\windows downloaded files.scr
C:\Program Files\WinAnonymous\data\ie\windows favorites order.scr
C:\Program Files\WinAnonymous\data\ie\windows passwords.scr
C:\Program Files\WinAnonymous\data\messanger\aim.scr
C:\Program Files\WinAnonymous\data\messanger\AOL Bart.scr
C:\Program Files\WinAnonymous\data\messanger\AOL Instant Messenger.scr
C:\Program Files\WinAnonymous\data\messanger\aolim.scr
C:\Program Files\WinAnonymous\data\messanger\icq - download.scr
C:\Program Files\WinAnonymous\data\messanger\icq - logs.scr
C:\Program Files\WinAnonymous\data\messanger\Miranda ICQ.scr
C:\Program Files\WinAnonymous\data\messanger\MSN Messenger User Account.scr
C:\Program Files\WinAnonymous\data\messanger\Trillian cache.scr
C:\Program Files\WinAnonymous\data\messanger\trillian downloads.scr
C:\Program Files\WinAnonymous\data\messanger\trillian logs.scr
C:\Program Files\WinAnonymous\data\messanger\yahoo messenger logs.scr
C:\Program Files\WinAnonymous\data\messanger\Yahoo! Messenger.scr
C:\Program Files\WinAnonymous\data\mozilla\mozilla - autocomplete.scr
C:\Program Files\WinAnonymous\data\mozilla\mozilla - cache.scr
C:\Program Files\WinAnonymous\data\mozilla\mozilla - cookies.scr
C:\Program Files\WinAnonymous\data\mozilla\Mozilla - history.scr
C:\Program Files\WinAnonymous\data\mozilla\mozilla - saved passwords.scr
C:\Program Files\WinAnonymous\data\mozilla\Mozilla - typed urls.scr
C:\Program Files\WinAnonymous\data\netscape\netscape - cache.scr
C:\Program Files\WinAnonymous\data\netscape\netscape - cookies.scr
C:\Program Files\WinAnonymous\data\netscape\netscape - history.scr
C:\Program Files\WinAnonymous\data\netscape\Netscape Navigator - last trusted apps.scr
C:\Program Files\WinAnonymous\data\opera\Opera Browser - cache.scr
C:\Program Files\WinAnonymous\data\opera\Opera Browser - cookies.scr
C:\Program Files\WinAnonymous\data\opera\Opera Browser - Download.scr
C:\Program Files\WinAnonymous\data\opera\Opera Browser - history.scr
C:\Program Files\WinAnonymous\data\opera\Opera Browser - misc.scr
C:\Program Files\WinAnonymous\data\opera\Opera Browser - mru.scr
C:\Program Files\WinAnonymous\data\opera\Opera Browser - visited.scr
C:\Program Files\WinAnonymous\data\sfl.dat
C:\Program Files\WinAnonymous\data\skin.skn
C:\Program Files\WinAnonymous\data\srl.dat
C:\Program Files\WinAnonymous\data\windows\Direct Draw.scr
C:\Program Files\WinAnonymous\data\windows\direct input.scr
C:\Program Files\WinAnonymous\data\windows\last files.scr
C:\Program Files\WinAnonymous\data\windows\Microsoft Send-To Extensions.scr
C:\Program Files\WinAnonymous\data\windows\windows applog.scr
C:\Program Files\WinAnonymous\data\windows\windows documents.scr
C:\Program Files\WinAnonymous\data\windows\Windows Downloaded Installations.scr
C:\Program Files\WinAnonymous\data\windows\windows empty recylcing bin.scr
C:\Program Files\WinAnonymous\data\windows\Windows Explorer User Assistant history.scr
C:\Program Files\WinAnonymous\data\windows\windows findfile.scr
C:\Program Files\WinAnonymous\data\windows\Windows FTP Accounts.scr
C:\Program Files\WinAnonymous\data\windows\windows hotfix uninstall.scr
C:\Program Files\WinAnonymous\data\windows\windows logfiles.scr
C:\Program Files\WinAnonymous\data\windows\Windows Mapped Drives.scr
C:\Program Files\WinAnonymous\data\windows\windows media player 7.scr
C:\Program Files\WinAnonymous\data\windows\windows minidump.scr
C:\Program Files\WinAnonymous\data\windows\windows MUICache.scr
C:\Program Files\WinAnonymous\data\windows\windows network links.scr
C:\Program Files\WinAnonymous\data\windows\windows opensave.scr
C:\Program Files\WinAnonymous\data\windows\windows openwith.scr
C:\Program Files\WinAnonymous\data\windows\windows prefetch.scr
C:\Program Files\WinAnonymous\data\windows\windows reg history.scr
C:\Program Files\WinAnonymous\data\windows\windows run history.scr
C:\Program Files\WinAnonymous\data\windows\windows search.scr
C:\Program Files\WinAnonymous\data\windows\windows start menu order.scr
C:\Program Files\WinAnonymous\data\windows\windows stream history.scr
C:\Program Files\WinAnonymous\data\windows\windows temp.scr
C:\Program Files\WinAnonymous\data\windows\windows update.scr
C:\Program Files\WinAnonymous\data\windows\windows usb.scr
C:\Program Files\WinAnonymous\data\windows\Windows XP Unread Mail Count.scr
C:\Program Files\WinAnonymous\default.ini
C:\Program Files\WinAnonymous\GDC.exe
C:\Program Files\WinAnonymous\GDC.url
C:\Program Files\WinAnonymous\GDCPatch.exe
C:\Program Files\WinAnonymous\gfx\button_arrow.bmp
C:\Program Files\WinAnonymous\gfx\button_arrow2.bmp
C:\Program Files\WinAnonymous\gfx\buy.bmp
C:\Program Files\WinAnonymous\gfx\checked.bmp
C:\Program Files\WinAnonymous\gfx\custom.bmp
C:\Program Files\WinAnonymous\gfx\customcleanup.bmp
C:\Program Files\WinAnonymous\gfx\header.bmp
C:\Program Files\WinAnonymous\gfx\icon.ico
C:\Program Files\WinAnonymous\gfx\icon_about.ico
C:\Program Files\WinAnonymous\gfx\icon_checked.ico
C:\Program Files\WinAnonymous\gfx\icon_grayed.ico
C:\Program Files\WinAnonymous\gfx\icon_link.ico
C:\Program Files\WinAnonymous\gfx\icon_manual.ico
C:\Program Files\WinAnonymous\gfx\icon_quit.ico
C:\Program Files\WinAnonymous\gfx\icon_support.ico
C:\Program Files\WinAnonymous\gfx\icon_unchecked.ico
C:\Program Files\WinAnonymous\gfx\icon_uncheked.ico
C:\Program Files\WinAnonymous\gfx\icon_uninstall.ico
C:\Program Files\WinAnonymous\gfx\icon_update.ico
C:\Program Files\WinAnonymous\gfx\log.bmp
C:\Program Files\WinAnonymous\gfx\logo.bmp
C:\Program Files\WinAnonymous\gfx\register.bmp
C:\Program Files\WinAnonymous\gfx\settings.bmp
C:\Program Files\WinAnonymous\gfx\sign_green.bmp
C:\Program Files\WinAnonymous\gfx\sign_green_big.bmp
C:\Program Files\WinAnonymous\gfx\sign_red.bmp
C:\Program Files\WinAnonymous\gfx\sign_red_big.bmp
C:\Program Files\WinAnonymous\gfx\sign_yellow.bmp
C:\Program Files\WinAnonymous\gfx\splash.bmp
C:\Program Files\WinAnonymous\gfx\status_good.bmp
C:\Program Files\WinAnonymous\gfx\status_risk.bmp
C:\Program Files\WinAnonymous\gfx\support.bmp
C:\Program Files\WinAnonymous\gfx\sys_shield.bmp
C:\Program Files\WinAnonymous\gfx\sys_update.bmp
C:\Program Files\WinAnonymous\gfx\sysstatus.bmp
C:\Program Files\WinAnonymous\gfx\unchecked.bmp
C:\Program Files\WinAnonymous\gfx\update.bmp
C:\Program Files\WinAnonymous\IH.exe
C:\Program Files\WinAnonymous\lang\Arabic.lng
C:\Program Files\WinAnonymous\lang\Brazilian.lng
C:\Program Files\WinAnonymous\lang\Catalan.lng
C:\Program Files\WinAnonymous\lang\Chinese.lng
C:\Program Files\WinAnonymous\lang\Czech.lng
C:\Program Files\WinAnonymous\lang\Danish.lng
C:\Program Files\WinAnonymous\lang\Dutch.lng
C:\Program Files\WinAnonymous\lang\English.lng
C:\Program Files\WinAnonymous\lang\Finnish.lng
C:\Program Files\WinAnonymous\lang\French.lng
C:\Program Files\WinAnonymous\lang\German.lng
C:\Program Files\WinAnonymous\lang\Greek.lng
C:\Program Files\WinAnonymous\lang\Hebrew.lng
C:\Program Files\WinAnonymous\lang\Italian.lng
C:\Program Files\WinAnonymous\lang\Japanese.lng
C:\Program Files\WinAnonymous\lang\Malayan.lng
C:\Program Files\WinAnonymous\lang\Norwegian.lng
C:\Program Files\WinAnonymous\lang\Polish.lng
C:\Program Files\WinAnonymous\lang\Portuguese.lng
C:\Program Files\WinAnonymous\lang\Russian.lng
C:\Program Files\WinAnonymous\lang\Slovenian.lng
C:\Program Files\WinAnonymous\lang\Spanish.lng
C:\Program Files\WinAnonymous\lang\Swedish.lng
C:\Program Files\WinAnonymous\lang\Thai.lng
C:\Program Files\WinAnonymous\lang\Turkish.lng
C:\Program Files\WinAnonymous\License.rtf
C:\Program Files\WinAnonymous\Readme.rtf
C:\Program Files\WinAnonymous\secure_del.dll
C:\Program Files\WinAnonymous\sr.log
C:\Program Files\WinAnonymous\support.url
C:\Program Files\WinAnonymous\UGDCcw.exe
C:\Program Files\WinAnonymous\unins000.dat
C:\Program Files\WinAnonymous\unins000.exe
C:\Program Files\WinAnonymous\updater.dat
C:\Program Files\WinAnonymous\updater.exe
C:\Program Files\WinAnonymous\ver.dat
C:\WINDOWS\picts-2894.zip
C:\WINDOWS\picts-3129.zip
C:\WINDOWS\picts-3142.zip
C:\WINDOWS\picts-4672.zip
C:\WINDOWS\picts-4760.zip
C:\WINDOWS\picts-5106.zip
C:\WINDOWS\picts-6380.zip
C:\WINDOWS\picts-6505.zip
C:\WINDOWS\picts-7798.zip
C:\WINDOWS\picts-7964.zip
C:\WINDOWS\picts-8001.zip
C:\WINDOWS\picts-8523.zip
C:\WINDOWS\picts-8618.zip
C:\WINDOWS\picts-8760.zip
C:\WINDOWS\system32\alle32.exe
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\WINDOWS\system32\icf.exe
C:\WINDOWS\system32\vi32.exe
C:\WINDOWS\system32\vrm.exe
C:\WINDOWS\system32\vsm.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 03:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 23:33 1,538 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-07 23:32 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 23:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 23:32 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 23:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 23:32 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-07 03:08 <DIR> d--hs---- C:\FOUND.005
2007-11-07 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-05 19:13 <DIR> d-------- C:\Program Files\Uniblue
2007-11-05 19:13 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\Uniblue
2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\Lavasoft
2007-11-05 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-11-05 18:50 <DIR> d-------- C:\Program Files\Citrix
2007-11-05 18:50 60,968 --a------ C:\Documents and Settings\Chappers\GoToAssistDownloadHelper.exe
2007-11-05 18:02 <DIR> d-------- C:\Program Files\TechTracker
2007-11-05 18:02 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\VersionTracker Pro
2007-11-01 19:25 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2007-10-31 03:54 40 --a------ C:\WINDOWS\ujf635.bin
2007-10-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2007-10-16 23:19 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-16 22:50 <DIR> d-------- C:\Documents and Settings\Chappers\Application Data\SpywareBot
2007-10-14 16:40 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-10-12 20:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-12 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-12 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 19:09 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-10-12 19:09 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-12 19:09 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\pixelStorm
2006-04-30 23:26 266 --sh--w C:\Program Files\desktop.ini
2006-04-30 23:26 11,079 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_ 3.26.33.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 10:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2007-11-08 03:22:22 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-08 15:22:34 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-08-12 13:00:10 40,108 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 03:30:34 40,108 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-08-12 13:00:10 311,912 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 03:30:34 311,912 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 17:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-05 00:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 16:49]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2007-11-05 18:02:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-11-05 18:50 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c

S3 Bulk;HDJBulk;C:\WINDOWS\System32\Drivers\HDJBulk.sys
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\System32\DRIVERS\HDJMidi.sys
S3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\System32\drivers\stac97na.sys
S3 STAC97NH;STAC97NH;C:\WINDOWS\System32\drivers\stac97nh.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 15:00:02 C:\WINDOWS\Tasks\Norton Security Scan.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 15:27:01
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 15:27:54 - machine was rebooted
C:\ComboFix3.txt ... 2007-11-08 03:26
C:\ComboFix2.txt ... 2007-11-08 12:46
.
--- E O F ---
ComboFix 07-11-08.1 - Chappers 2007-11-08 15:22:37.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.95 [GMT 0:00]
Running from: C:\Documents and Settings\Chappers\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chappers\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\mlpss.exe
C:\WINDOWS\picts-2894.zip
C:\WINDOWS\picts-3129.zip
C:\WINDOWS\picts-3142.zip
C:\WINDOWS\picts-4672.zip
C:\WINDOWS\picts-4760.zip
C:\WINDOWS\picts-5106.zip
C:\WINDOWS\picts-6380.zip
C:\WINDOWS\picts-6505.zip
C:\WINDOWS\picts-7798.zip
C:\WINDOWS\picts-7964.zip
C:\WINDOWS\picts-8001.zip
C:\WINDOWS\picts-8523.zip
C:\WINDOWS\picts-8618.zip
C:\WINDOWS\picts-8760.zip
C:\WINDOWS\system32\alle32.exe
C:\WINDOWS\system32\dllcache\jucheck.exe
C:\WINDOWS\system32\icf.exe
C:\WINDOWS\system32\vi32.exe
C:\WINDOWS\system32\vrm.exe
C:\WINDOWS\system32\vsm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chappers\Application Data\WinAnonymous
C:\Documents and Settings\Chappers\Application Data\WinAnonymous\Logs\update.log
C:\mlpss.exe
C:\Program Files\Common Files\WinAnonymous
C:\Program Files\Common Files\WinAnonymous\mc.exe
C:\Program Files\WinAnonymous
C:\Program Files\WinAnonymous\config.ini
C:\Program Files\WinAnonymous\data\application\7-Zip Compression Pgm.scr
C:\Program Files\WinAnonymous\data\application\AbsoluteFTP.scr
C:\Program Files\WinAnonymous\data\application\ACDSee32.scr
C:\Program Files\WinAnonymous\data\application\Acoustica CD Label Maker.scr
C:\Program Files\WinAnonymous\data\application\Ad-aware SE.scr
C:\Program Files\WinAnonymous\data\application\Adaptec's Audio CD.scr
C:\Program Files\WinAnonymous\data\application\Adaptec Easy CD Creator v4.scr
C:\Program Files\WinAnonymous\data\application\Addsoft.scr
C:\Program Files\WinAnonymous\data\application\AddWeb 3.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v3.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v3.1.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v4.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v5.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v6.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Acrobat Reader v7.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Photoshop v5.0 LE.scr
C:\Program Files\WinAnonymous\data\application\Adobe Photoshop v5.5.scr
C:\Program Files\WinAnonymous\data\application\Adobe Photoshop v6.0.scr
C:\Program Files\WinAnonymous\data\application\Adobe Photoshop v7.0.scr
C:\Program Files\WinAnonymous\data\application\Advanced Disk Catalog.scr
C:\Program Files\WinAnonymous\data\application\Advanced MP3 Catalog.scr
C:\Program Files\WinAnonymous\data\application\Advanced Password Recovery.scr
C:\Program Files\WinAnonymous\data\application\ahead cover designer.scr
C:\Program Files\WinAnonymous\data\application\Albatros ADGaspect.scr
C:\Program Files\WinAnonymous\data\application\Albatros ADGpano.scr
C:\Program Files\WinAnonymous\data\application\Albatros ADGview.scr
C:\Program Files\WinAnonymous\data\application\Alcohol MRU List.scr
C:\Program Files\WinAnonymous\data\application\Animation Shop 1.x.scr
C:\Program Files\WinAnonymous\data\application\Animation Shop 3.x.scr
C:\Program Files\WinAnonymous\data\application\AOL - Spool.scr
C:\Program Files\WinAnonymous\data\application\ASPack.scr
C:\Program Files\WinAnonymous\data\application\Avant Browser.scr
C:\Program Files\WinAnonymous\data\application\AX-Icons 4.x.scr
C:\Program Files\WinAnonymous\data\application\Axialis Icon Workshop 5.x.scr
C:\Program Files\WinAnonymous\data\application\Axialis Media Browser.scr
C:\Program Files\WinAnonymous\data\application\Babylon Builder 2.2.scr
C:\Program Files\WinAnonymous\data\application\Babylon Translator.scr
C:\Program Files\WinAnonymous\data\application\BlazeDVD 2.0.scr
C:\Program Files\WinAnonymous\data\application\Bookreader.scr
C:\Program Files\WinAnonymous\data\application\C++ Builder.scr
C:\Program Files\WinAnonymous\data\application\Cabinet Manager.scr
C:\Program Files\WinAnonymous\data\application\Chameleon Web Browser.scr
C:\Program Files\WinAnonymous\data\application\Classify 98.scr
C:\Program Files\WinAnonymous\data\application\Clicktionary 2000.scr
C:\Program Files\WinAnonymous\data\application\CoffeeCup DirectFTP.scr
C:\Program Files\WinAnonymous\data\application\CoffeeCup GIF Animator.scr
C:\Program Files\WinAnonymous\data\application\Cool Edit 2000 1.1.scr
C:\Program Files\WinAnonymous\data\application\Cool Edit Pro.scr
C:\Program Files\WinAnonymous\data\application\Corel PhotoPaint 8.scr
C:\Program Files\WinAnonymous\data\application\CrissCross.scr
C:\Program Files\WinAnonymous\data\application\CRT 2.x.scr
C:\Program Files\WinAnonymous\data\application\Cute FTP v3.0.scr
C:\Program Files\WinAnonymous\data\application\Cute FTP v4.0.scr
C:\Program Files\WinAnonymous\data\application\Cute MX.scr
C:\Program Files\WinAnonymous\data\application\CuteFTP.scr
C:\Program Files\WinAnonymous\data\application\CuteHTML.scr
C:\Program Files\WinAnonymous\data\application\DataRescue_IDA.scr
C:\Program Files\WinAnonymous\data\application\Delphi v3.scr
C:\Program Files\WinAnonymous\data\application\Delphi v4.scr
C:\Program Files\WinAnonymous\data\application\Delphi v5.scr
C:\Program Files\WinAnonymous\data\application\Delphi v7.scr
C:\Program Files\WinAnonymous\data\application\Disk Explorer Professional 3.scr
C:\Program Files\WinAnonymous\data\application\Diskeeper 5.0.scr
C:\Program Files\WinAnonymous\data\application\DivX Player.scr
C:\Program Files\WinAnonymous\data\application\Download Accelerator.scr
C:\Program Files\WinAnonymous\data\application\Ebay Toolbar.scr
C:\Program Files\WinAnonymous\data\application\EditPad.scr
C:\Program Files\WinAnonymous\data\application\EditPlus 2.scr
C:\Program Files\WinAnonymous\data\application\edonkey2000.scr
C:\Program Files\WinAnonymous\data\application\eMule.scr
C:\Program Files\WinAnonymous\data\application\Enfish Onespace.scr
C:\Program Files\WinAnonymous\data\application\Enigma Browser.scr
C:\Program Files\WinAnonymous\data\application\F-Secure SSH 2.x.scr
C:\Program Files\WinAnonymous\data\application\Fix-It 2000.scr
C:\Program Files\WinAnonymous\data\application\FlashGet.scr
C:\Program Files\WinAnonymous\data\application\FotoCanvas 2.0.scr
C:\Program Files\WinAnonymous\data\application\Fotostation 4.0.scr
C:\Program Files\WinAnonymous\data\application\foxit reader.scr
C:\Program Files\WinAnonymous\data\application\Free Download Manager 1.x.scr
C:\Program Files\WinAnonymous\data\application\FTP Explorer.scr
C:\Program Files\WinAnonymous\data\application\FTP Voyager.scr
C:\Program Files\WinAnonymous\data\application\Fun CD.scr
C:\Program Files\WinAnonymous\data\application\Gator.scr
C:\Program Files\WinAnonymous\data\application\GeoVid Video to Flash Batch Converter.scr
C:\Program Files\WinAnonymous\data\application\GetRight ExplorerBar.scr
C:\Program Files\WinAnonymous\data\application\GetRight.scr
C:\Program Files\WinAnonymous\data\application\Go!Zilla.scr
C:\Program Files\WinAnonymous\data\application\Google Deskbar.scr
C:\Program Files\WinAnonymous\data\application\Google Desktop Search History.scr
C:\Program Files\WinAnonymous\data\application\Google Toolbar.scr
C:\Program Files\WinAnonymous\data\application\Google Video Player 1.x.scr
C:\Program Files\WinAnonymous\data\application\GoZilla.scr
C:\Program Files\WinAnonymous\data\application\Gravity Newsreader.scr
C:\Program Files\WinAnonymous\data\application\hardcopy.scr
C:\Program Files\WinAnonymous\data\application\Helios TextPad v3.scr
C:\Program Files\WinAnonymous\data\application\Helios TextPad v4.scr
C:\Program Files\WinAnonymous\data\application\HelpWriter.scr
C:\Program Files\WinAnonymous\data\application\hexworkshop.scr
C:\Program Files\WinAnonymous\data\application\Homesite 4.0.scr
C:\Program Files\WinAnonymous\data\application\Hotbar 3.0.scr
C:\Program Files\WinAnonymous\data\application\HotJava Browser.scr
C:\Program Files\WinAnonymous\data\application\HTML Help Workshop.scr
C:\Program Files\WinAnonymous\data\application\Icon Extractor.scr
C:\Program Files\WinAnonymous\data\application\iMesh.scr
C:\Program Files\WinAnonymous\data\application\InoculatelT PE Antivirus.scr
C:\Program Files\WinAnonymous\data\application\InstallShield Express.scr
C:\Program Files\WinAnonymous\data\application\InterQuick.scr
C:\Program Files\WinAnonymous\data\application\Irfanview.scr
C:\Program Files\WinAnonymous\data\application\Iso Buster.scr
C:\Program Files\WinAnonymous\data\application\Jasc Animation Shop 3.scr
C:\Program Files\WinAnonymous\data\application\JASC Paintshop Pro v5.scr
C:\Program Files\WinAnonymous\data\application\JASC Paintshop Pro v6.scr
C:\Program Files\WinAnonymous\data\application\JASC Paintshop Pro v7.scr
C:\Program Files\WinAnonymous\data\application\JASC Paintshop Pro v8.scr
C:\Program Files\WinAnonymous\data\application\Jet Photo Shell.scr
C:\Program Files\WinAnonymous\data\application\juno.scr
C:\Program Files\WinAnonymous\data\application\K-Lite Codec Pack.scr
C:\Program Files\WinAnonymous\data\application\Kazaa Media Desktop.scr
C:\Program Files\WinAnonymous\data\application\Kodak Imaging.scr
C:\Program Files\WinAnonymous\data\application\LeapFTP 2.6.scr
C:\Program Files\WinAnonymous\data\application\LeechFTP.scr
C:\Program Files\WinAnonymous\data\application\Letterbox.scr
C:\Program Files\WinAnonymous\data\application\LViewPro 2.x.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Dreamweaver MX.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Dreamweaver Ultradev 4.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Firework MX.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Fireworks 3.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Flash MX.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Flash Player.scr
C:\Program Files\WinAnonymous\data\application\Macromedia Flash v4.0.scr
C:\Program Files\WinAnonymous\data\application\Magic ISO Maker 4.6.scr
C:\Program Files\WinAnonymous\data\application\mapinfo mapmarker.scr
C:\Program Files\WinAnonymous\data\application\Mass Download.scr
C:\Program Files\WinAnonymous\data\application\MasterSplitter v2.1.scr
C:\Program Files\WinAnonymous\data\application\McAfee Virus Scan.scr
C:\Program Files\WinAnonymous\data\application\MEDA MP3 Splitter.scr
C:\Program Files\WinAnonymous\data\application\Metapad.scr
C:\Program Files\WinAnonymous\data\application\MGI PHOTOSUITE SE 1.x.scr
C:\Program Files\WinAnonymous\data\application\MGUSOFT Setup Builder.scr
C:\Program Files\WinAnonymous\data\application\Microangelo 98.scr
C:\Program Files\WinAnonymous\data\application\MicroAngelo.scr
C:\Program Files\WinAnonymous\data\application\Micrografx Picture Publisher v7.scr
C:\Program Files\WinAnonymous\data\application\Micrografx Picture Publisher v8.scr
C:\Program Files\WinAnonymous\data\application\Microsoft FrontPage Express.scr
C:\Program Files\WinAnonymous\data\application\Microsoft FrontPage.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Help Workshop.scr
C:\Program Files\WinAnonymous\data\application\Microsoft HTML Help.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Imaging.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Managemant Console.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Netmeeting.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office 2000.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office 2003.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office 97.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office InfoPath 2003.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office XP.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Office.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Outlook Express 5.0.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Photo Editor 3.x.scr
C:\Program Files\WinAnonymous\data\application\MicroSoft PhotoDraw.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Picture It Publishing.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Publisher 2000.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Visual Studio 6.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Windows Paint.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Windows WordPad.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Word 2000.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Word Backup Files.scr
C:\Program Files\WinAnonymous\data\application\Microsoft Works 4.0.scr
C:\Program Files\WinAnonymous\data\application\Mijenix Powerdesk 4.0.scr
C:\Program Files\WinAnonymous\data\application\MIRC.scr
C:\Program Files\WinAnonymous\data\application\miroMEDIA PCTV.scr
C:\Program Files\WinAnonymous\data\application\mixmeister.scr
C:\Program Files\WinAnonymous\data\application\Morpheus.scr
C:\Program Files\WinAnonymous\data\application\MovieXone 1.0.scr
C:\Program Files\WinAnonymous\data\application\Mozart 4.0.scr
C:\Program Files\WinAnonymous\data\application\ms autoroute express.scr
C:\Program Files\WinAnonymous\data\application\MS WORD.scr
C:\Program Files\WinAnonymous\data\application\MSE.scr
C:\Program Files\WinAnonymous\data\application\MSN Toolbar.scr
C:\Program Files\WinAnonymous\data\application\Music Match Jukebox.scr
C:\Program Files\WinAnonymous\data\application\MyWay Advertising.scr
C:\Program Files\WinAnonymous\data\application\Napster Music Community.scr
C:\Program Files\WinAnonymous\data\application\Naviscope.scr
C:\Program Files\WinAnonymous\data\application\NEATO Labels.scr
C:\Program Files\WinAnonymous\data\application\nero burning rom.scr
C:\Program Files\WinAnonymous\data\application\Nero Vision.scr
C:\Program Files\WinAnonymous\data\application\Net Vampire 3.x.scr
C:\Program Files\WinAnonymous\data\application\netants.scr
C:\Program Files\WinAnonymous\data\application\NetCaptor.scr
C:\Program Files\WinAnonymous\data\application\netmeeting.scr
C:\Program Files\WinAnonymous\data\application\Netsonic.scr
C:\Program Files\WinAnonymous\data\application\Netzip Download Demon 3.x.scr
C:\Program Files\WinAnonymous\data\application\NewsBin Pro 4.scr
C:\Program Files\WinAnonymous\data\application\Norton AntiVirus 2000 (v6).scr
C:\Program Files\WinAnonymous\data\application\Norton AntiVirus 2003.scr
C:\Program Files\WinAnonymous\data\application\Norton Commander.scr
C:\Program Files\WinAnonymous\data\application\Norton File Manager.scr
C:\Program Files\WinAnonymous\data\application\Norton Firewall.scr
C:\Program Files\WinAnonymous\data\application\Norton Internet Security.scr
C:\Program Files\WinAnonymous\data\application\Norton LiveUpdate.scr
C:\Program Files\WinAnonymous\data\application\Norton Utilities 2000.scr
C:\Program Files\WinAnonymous\data\application\NotePad Plus.scr
C:\Program Files\WinAnonymous\data\application\notetab lite.scr
C:\Program Files\WinAnonymous\data\application\NoteTab Pro.scr
C:\Program Files\WinAnonymous\data\application\Object Rescue.scr
C:\Program Files\WinAnonymous\data\application\OmniPage 10.0.scr
C:\Program Files\WinAnonymous\data\application\OnTrack Powerdesk 4.scr
C:\Program Files\WinAnonymous\data\application\Ontrack PowerDesk 5.scr
C:\Program Files\WinAnonymous\data\application\PackageForTheWeb.scr
C:\Program Files\WinAnonymous\data\application\Paint Shop Pro 5.0.scr
C:\Program Files\WinAnonymous\data\application\Paint Shop Pro 7.0.scr
C:\Program Files\WinAnonymous\data\application\Password Safe.scr
C:\Program Files\WinAnonymous\data\application\PE Explorer 1.95.scr
C:\Program Files\WinAnonymous\data\application\Personal Ancestral File.scr
C:\Program Files\WinAnonymous\data\application\photo magic 4.0.scr
C:\Program Files\WinAnonymous\data\application\PhotoCanvas 2.0.scr
C:\Program Files\WinAnonymous\data\application\Photodex Compupic Pro.scr
C:\Program Files\WinAnonymous\data\application\PhotoDraw 2000.scr
C:\Program Files\WinAnonymous\data\application\PhotoImpact 8.0.scr
C:\Program Files\WinAnonymous\data\application\PhotoImpact Viewer 4.0.scr
C:\Program Files\WinAnonymous\data\application\PicoZip.scr
C:\Program Files\WinAnonymous\data\application\PictureIt Digital Image Pro 7.0.scr
C:\Program Files\WinAnonymous\data\application\PKZip for Windows v2.60.03+.scr
C:\Program Files\WinAnonymous\data\application\PolyView.scr
C:\Program Files\WinAnonymous\data\application\Popup Purger.scr
C:\Program Files\WinAnonymous\data\application\PopUpCop.scr
C:\Program Files\WinAnonymous\data\application\Power archiver.scr
C:\Program Files\WinAnonymous\data\application\PowerArc.scr
C:\Program Files\WinAnonymous\data\application\PowerDVD.scr
C:\Program Files\WinAnonymous\data\application\PowerZip.scr
C:\Program Files\WinAnonymous\data\application\Privacy Eraser Pro.scr
C:\Program Files\WinAnonymous\data\application\Putty hostkeys.scr
C:\Program Files\WinAnonymous\data\application\PYTHON.scr
C:\Program Files\WinAnonymous\data\application\QuickTime.scr
C:\Program Files\WinAnonymous\data\application\Real Audio Player v6 v7 v8.scr
C:\Program Files\WinAnonymous\data\application\Real Download v4.scr
C:\Program Files\WinAnonymous\data\application\RealNetworks Real Download.scr
C:\Program Files\WinAnonymous\data\application\RealOne & RealPlayer.scr
C:\Program Files\WinAnonymous\data\application\RealVNC.scr
C:\Program Files\WinAnonymous\data\application\RegEdit.scr
C:\Program Files\WinAnonymous\data\application\Roxio Easy CD Creator.scr
C:\Program Files\WinAnonymous\data\application\Save Now.scr
C:\Program Files\WinAnonymous\data\application\Scour Exchange.scr
C:\Program Files\WinAnonymous\data\application\Seal Module Mlayer.scr
C:\Program Files\WinAnonymous\data\application\SearchAndBrowse.scr
C:\Program Files\WinAnonymous\data\application\SearchAnt.scr
C:\Program Files\WinAnonymous\data\application\SearchV.scr
C:\Program Files\WinAnonymous\data\application\SearchWolf.scr
C:\Program Files\WinAnonymous\data\application\SearchWWW.scr
C:\Program Files\WinAnonymous\data\application\SideStep.scr
C:\Program Files\WinAnonymous\data\application\Skype.scr
C:\Program Files\WinAnonymous\data\application\Smart Explorer.scr
C:\Program Files\WinAnonymous\data\application\SmartDraw 6.scr
C:\Program Files\WinAnonymous\data\application\smartftp.scr
C:\Program Files\WinAnonymous\data\application\SmartPops.scr
C:\Program Files\WinAnonymous\data\application\Sonic Foundry's Acid 2.0.scr
C:\Program Files\WinAnonymous\data\application\Sonique Player.scr
C:\Program Files\WinAnonymous\data\application\Spinner Plus.scr
C:\Program Files\WinAnonymous\data\application\SpotOn Browser plugin.scr
C:\Program Files\WinAnonymous\data\application\Staff-FTP.scr
C:\Program Files\WinAnonymous\data\application\Star Downloader.scr
C:\Program Files\WinAnonymous\data\application\Stardialer.scr
C:\Program Files\WinAnonymous\data\application\StarOffice 5.x.scr
C:\Program Files\WinAnonymous\data\application\SubmitWolf Pro.scr
C:\Program Files\WinAnonymous\data\application\Sun Java Cache.scr
C:\Program Files\WinAnonymous\data\application\SureThing CD Labeler.scr
C:\Program Files\WinAnonymous\data\application\SVAPlayer.scr
C:\Program Files\WinAnonymous\data\application\SWiSH 2.0.scr
C:\Program Files\WinAnonymous\data\application\Teleport Pro.scr
C:\Program Files\WinAnonymous\data\application\Telnet.scr
C:\Program Files\WinAnonymous\data\application\Text Pad 4.x.scr
C:\Program Files\WinAnonymous\data\application\The Playa.scr
C:\Program Files\WinAnonymous\data\application\Third Voice 1.x.scr
C:\Program Files\WinAnonymous\data\application\Thumbs Plus 4.scr
C:\Program Files\WinAnonymous\data\application\Timesink.scr
C:\Program Files\WinAnonymous\data\application\TinyBar.scr
C:\Program Files\WinAnonymous\data\application\TOPicks.scr
C:\Program Files\WinAnonymous\data\application\Total Commander.scr
C:\Program Files\WinAnonymous\data\application\transponder.scr
C:\Program Files\WinAnonymous\data\application\Trellians Classify 98.scr
C:\Program Files\WinAnonymous\data\application\Tribal Voice's PowWow.scr
C:\Program Files\WinAnonymous\data\application\Trojan Remover.scr
C:\Program Files\WinAnonymous\data\application\TSADBOT.scr
C:\Program Files\WinAnonymous\data\application\UCmore toolbar.scr
C:\Program Files\WinAnonymous\data\application\Ulead Gif Animator v4.0.scr
C:\Program Files\WinAnonymous\data\application\Ulead GIF Animator v5.0.scr
C:\Program Files\WinAnonymous\data\application\Ulead Photo Explorer v4.2.scr
C:\Program Files\WinAnonymous\data\application\Ulead Photo Express.scr
C:\Program Files\WinAnonymous\data\application\Ulead PhotoImpact v5.scr
C:\Program Files\WinAnonymous\data\application\Ulead VideoStudio 4.0.scr
C:\Program Files\WinAnonymous\data\application\Ultimate Paint.scr
C:\Program Files\WinAnonymous\data\application\ULTImate Technology BV v5.5.scr
C:\Program Files\WinAnonymous\data\application\UltraEdit v4.scr
C:\Program Files\WinAnonymous\data\application\UltraEdit v7.scr
C:\Program Files\WinAnonymous\data\application\UltraEdit.scr
C:\Program Files\WinAnonymous\data\application\UltraISO 7.x.scr
C:\Program Files\WinAnonymous\data\application\uTorrent 1.x.scr
C:\Program Files\WinAnonymous\data\application\VBoxEdit.scr
C:\Program Files\WinAnonymous\data\application\VirtualDub.scr
C:\Program Files\WinAnonymous\data\application\VMWARE.scr
C:\Program Files\WinAnonymous\data\application\Vueprint.scr
C:\Program Files\WinAnonymous\data\application\VX2 Respondmiter.scr
C:\Program Files\WinAnonymous\data\application\W32Dasm.scr
C:\Program Files\WinAnonymous\data\application\Web Ferret v3.scr
C:\Program Files\WinAnonymous\data\application\WebFerret.scr
C:\Program Files\WinAnonymous\data\application\webhancer.scr
C:\Program Files\WinAnonymous\data\application\Wildstylz.scr
C:\Program Files\WinAnonymous\data\application\WildTangent.scr
C:\Program Files\WinAnonymous\data\application\WinAce.scr
C:\Program Files\WinAnonymous\data\application\winamp.scr
C:\Program Files\WinAnonymous\data\application\Windows Commander.scr
C:\Program Files\WinAnonymous\data\application\WinHTTrack Website Copier.scr
C:\Program Files\WinAnonymous\data\application\WinOnCD.scr
C:\Program Files\WinAnonymous\data\application\WinRar.scr
C:\Program Files\WinAnonymous\data\application\Winshow.scr
C:\Program Files\WinAnonymous\data\application\WinUAE.scr
C:\Program Files\WinAnonymous\data\application\Winupie.scr
C:\Program Files\WinAnonymous\data\application\WinVNC.scr
C:\Program Files\WinAnonymous\data\application\WinZip v8.scr
C:\Program Files\WinAnonymous\data\application\Wise Installer.scr
C:\Program Files\WinAnonymous\data\application\Worm.Sobig.scr
C:\Program Files\WinAnonymous\data\application\WurldMedia.scr
C:\Program Files\WinAnonymous\data\application\Xara 3D v4.x.scr
C:\Program Files\WinAnonymous\data\application\Xara Webstyle.scr
C:\Program Files\WinAnonymous\data\application\XDialer.scr
C:\Program Files\WinAnonymous\data\application\XING MP3 PLAYER.scr
C:\Program Files\WinAnonymous\data\application\XLoader.scr
C:\Program Files\WinAnonymous\data\application\Xolox.scr
C:\Program Files\WinAnonymous\data\application\Xrenoder.scr
C:\Program Files\WinAnonymous\data\application\Xupiter toolbar.scr
C:\Program Files\WinAnonymous\data\application\Xzoomy.scr
C:\Program Files\WinAnonymous\data\application\Yahoo Player.scr
C:\Program Files\WinAnonymous\data\application\Yahoo! Toolbar.scr
C:\Program Files\WinAnonymous\data\application\Yamaha S-YXG100.scr
C:\Program Files\WinAnonymous\data\application\ZeroPopup.scr
C:\Program Files\WinAnonymous\data\application\ZipMagic 2000.scr
C:\Program Files\WinAnonymous\data\application\Zone Alarm.scr
C:\Program Files\WinAnonymous\data\brand.dat
C:\Program Files\WinAnonymous\data\firefox\firefox - cache.scr
C:\Program Files\WinAnonymous\data\firefox\firefox - cookies.scr
C:\Program Files\WinAnonymous\data\firefox\firefox - history.scr
C:\Program Files\WinAnonymous\data\ie\ie cookies.scr
C:\Program Files\WinAnonymous\data\ie\ie internet cache.scr
C:\Program Files\WinAnonymous\data\ie\ie privacy history.scr
C:\Program Files\WinAnonymous\data\ie\ie typed urls.scr
C:\Program Files\WinAnonymous\data\ie\ie url history.scr
C:\Program Files\WinAnonymous\data\ie\windows autocomplete.scr
C:\Program Files\WinAnonymous\data\ie\windows downloaded files.scr
C:\Program Files\WinAnonymous\data\ie\windows favorites order.scr
C:\Program Files\WinAnonymous\data\ie\windows passwords.scr
C:\Program Files\WinAnonymous\data\messanger\aim.scr
C:\Program Files\WinAnonymous\data\messanger\AOL Bart.scr
C:\Program Files\WinAnonymous\data\messanger\AOL Instant Messenger.scr
C:\P
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND

Unread postby owzatsteve » November 8th, 2007, 11:33 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:24, on 08/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7978516467
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7978494077
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper ... Helper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spin ... lashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.virginmedia.com/online ... der_v5.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinoclassic.microgaming.com/c ... ashAX2.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7018 bytes
owzatsteve
Regular Member
 
Posts: 15
Joined: November 5th, 2007, 4:30 pm
Location: royston ENGLAND
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware