Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pop ups all the sudden

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

pop ups all the sudden

Unread postby axilla » March 30th, 2009, 9:30 pm

Hi thanks for your help. Past couple of days I have had regular pop ups any time IE is open about every two or three minutes. I have not expierenced this before and no sort of scan I have done can find anything.
Thanks for your help, James


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:06 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {542bf999-65f3-4a2e-b0b1-72fd57d7490f} - C:\WINDOWS\system32\kevezafi.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lobahazobu] Rundll32.exe "C:\WINDOWS\system32\kiyupufu.dll",s
O4 - HKLM\..\Run: [142f97f9] rundll32.exe "C:\WINDOWS\system32\dijanumo.dll",b
O4 - HKLM\..\Run: [CPM171ca465] Rundll32.exe "c:\windows\system32\lasefoye.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 1.1.4322)" -"http://www.shockwave.com/gamelanding/marshmadness.jsp"
O4 - HKUS\S-1-5-19\..\Run: [lobahazobu] Rundll32.exe "C:\WINDOWS\system32\kiyupufu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lobahazobu] Rundll32.exe "C:\WINDOWS\system32\kiyupufu.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4761371131
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4763039998
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.caroffer.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejewe ... er_v10.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\novikogo.dll c:\windows\system32\lasefoye.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lasefoye.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lasefoye.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15112 bytes
axilla
Active Member
 
Posts: 8
Joined: March 30th, 2009, 9:19 pm
Advertisement
Register to Remove

Re: pop ups all the sudden

Unread postby Axephilic » March 31st, 2009, 7:52 pm

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

I will post back soon with my first fix for you.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: pop ups all the sudden

Unread postby Axephilic » March 31st, 2009, 7:58 pm

Hello,

Download and Run ComboFix
Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.

    Image

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

HostsXpert
Please download HostsXpert from Funkytoad and save it to your desktop.

  1. Right click on HostsXpert.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Once done, check (tick) the Show extracted files box and click Finish.
  5. Once extracted, HostsXpert folder will open.
  6. Double click on HostsXpert.exe to start it.
  7. On your left hand side, click on Restore MS Hosts File (see screenshot below, boxed up in red).

    Image
  8. Exit HostsXpert.

Fix HijackThis lines

Close all open windows and click on Fix checked and when you get a popup window click on Yes.

In your next reply, please include:
  1. ComboFix log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: pop ups all the sudden

Unread postby axilla » March 31st, 2009, 9:50 pm

Hi Adam
Thanks again for your help. I followed your instructions but when I got to:

Fix HijackThis lines

Run HijackThis!
Click on Do a System Scan only
Place a tick next to the following lines:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejewe ... er_v10.cab
Close all open windows and click on Fix checked and when you get a popup window click on Yes.


The three lines were no longer there.
Here are the two logs as instructed.

ComboFix 09-03-31.01 - James 2009-03-31 21:15:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.580 [GMT -4:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\jestertb.dll
c:\windows\system32\adorozig.ini
c:\windows\system32\dijanumo.dll
c:\windows\system32\erenowej.ini
c:\windows\system32\evotutol.ini
c:\windows\system32\fuvehedu.dll
c:\windows\system32\jewonere.dll
c:\windows\system32\jolujara.dll
c:\windows\system32\kevezafi.dll
c:\windows\system32\kiyupufu.dll
c:\windows\system32\lasefoye.dll
c:\windows\system32\lotutove.dll
c:\windows\system32\lovoyanu.dll
c:\windows\system32\mebokewe.dll
c:\windows\system32\merilaro.dll
c:\windows\system32\novikogo.dll
c:\windows\system32\okehoyez.ini
c:\windows\system32\omunajid.ini
c:\windows\system32\utasowas.ini
c:\windows\system32\zeyoheko.dll

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-03-30 16:59 . 2009-03-30 16:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-27 22:13 . 2009-03-27 22:13 2,713 ---hs---- c:\windows\system32\hudekohu.dll
2009-03-27 22:12 . 2009-03-27 22:12 2,713 ---hs---- c:\windows\system32\toborebu.dll
2009-03-07 07:54 . 2009-03-07 07:54 <DIR> d-------- C:\spoolerlogs
2009-03-07 07:00 . 2009-03-07 07:00 21 --a------ c:\windows\FxSetDll.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 01:03 --------- d-----w c:\program files\dl_Cats
2009-03-31 21:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-31 18:05 --------- d-----w c:\program files\Norton SystemWorks
2009-03-30 00:47 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-29 20:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 19:31 --------- d-----w c:\documents and settings\James\Application Data\Symantec
2009-03-29 12:31 --------- d-----w c:\documents and settings\James\Application Data\Azureus
2009-03-28 19:23 --------- d-----w c:\documents and settings\James\Application Data\Move Networks
2009-03-15 01:08 --------- d-----w c:\documents and settings\James\Application Data\FileZilla
2009-03-01 00:02 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-03-01 00:00 --------- d-----w c:\program files\Common Files\Intuit
2009-03-01 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-02-28 23:57 --------- d-----w c:\program files\TurboTax
2009-02-27 01:04 --------- d-----w c:\program files\Azureus
2009-02-16 15:05 --------- d-----w c:\program files\Intuit
2009-02-16 15:05 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2009-02-15 22:37 --------- d-----w c:\program files\Dell Photo AIO Printer 962
2009-02-15 13:52 --------- d-----w c:\program files\Motorola Phone Tools
2009-02-15 13:49 --------- d-----w c:\program files\Avanquest update
2007-11-26 22:54 56,912 ----a-w c:\documents and settings\James\g2mdlhlpx.exe
2008-02-02 10:07 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-02-02 10:07 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-02 10:07 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-02-02 10:07 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-02-02 10:07 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-19 00:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TaskBar"="c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe" [2001-09-20 122880]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 132248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-01-07 100056]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo1"= CSvidcap.dll
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 EasyLogin]
--a------ 2009-03-05 11:59 2200576 c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 11:26 489472 c:\program files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 11:33 73728 c:\program files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-25 04:36 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-11-17 06:42 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-08-31 95328]
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2009-03-28 c:\windows\Tasks\Norton AntiVirus - Scan my computer - James.job
- c:\progra~1\NORTON~1\NORTON~3\Navw32.exe [2005-10-19 13:54]

2009-03-31 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2004-11-04 01:19]

2009-03-29 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 14:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{542bf999-65f3-4a2e-b0b1-72fd57d7490f} - c:\windows\system32\kevezafi.dll
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 21:22:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???V????&??????\??? ??? ???\???\???????????5?B~e?B~\???\???????8,b??????C@?\???\??????sV???\??????s\????&??A??s?&???C@?x???`|?w\?????@
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\dlcfcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\dlbxcoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-03-31 21:29:05 - machine was rebooted [James]
ComboFix-quarantined-files.txt 2009-04-01 01:28:47

Pre-Run: 119,247,585,280 bytes free
Post-Run: 119,687,024,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

236 --- E O F --- 2009-03-21 11:14:05






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:05 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\Analyse.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4761371131
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4763039998
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.caroffer.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13053 bytes


Thanks again, James
axilla
Active Member
 
Posts: 8
Joined: March 30th, 2009, 9:19 pm

Re: pop ups all the sudden

Unread postby Axephilic » March 31st, 2009, 10:17 pm

Hi James,

Make an Uninstall List

Next, please make an uninstall list using HijackThis.
To access the Uninstall Manager you would do the following:

  1. Start HijackThis
  2. Click on the Config button
  3. Click on the Misc Tools button
  4. Click on the Open Uninstall Manager button.

Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Please also include a new HijackThis log.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: pop ups all the sudden

Unread postby axilla » April 1st, 2009, 4:27 am

Adam,

Here is my uninstall list and Hijackthis logs.

1&1 EasyLogin
Adobe Acrobat 8.1.2 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe GoLive
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 6.0
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Avanquest update
Azureus Vuze
Business Plan Pro 2007
Camtasia Studio 5
ccCommon
Convert Excel to HTML V1.21
Coupon Printer for Windows
Creative Audio Console
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
DebtFree(tm) for Windows Personal 5.0h
Dell Photo AIO Printer 962
DivX Converter
DivX Player
DivX Web Player
FileZilla Client 3.0.6
FLAC 1.2.1b (remove only)
foobar2000 v0.9.5.2
Haali Media Splitter
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Instant Readme Maker
Internet Worm Protection
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate
LiveUpdate 3.0 (Symantec Corporation)
Lizardtech DjVu Control (autoinstall)
Logitech QuickCam Software
Logitech® Camera Driver
Matroska Pack
MediaFACE II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Broadband Networking
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2004
Microsoft Visual C++ 2005 Redistributable
MixMeister
mkw Audio Compression Toolkit
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.12)
Mozilla Thunderbird (2.0.0.19)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MuVo Driver
Nero Suite
Norton AntiVirus 2005
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton SystemWorks
Norton SystemWorks 2005 (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
NVIDIA Drivers
Pagos Spreadsheet Component for Java 4.2.0 - Lite Edition
PDF Settings
PHP Coder Release R2 Final PreRelease 3
PHP Designer 2007 - Professional - version 5.3.2
PowerDirector Express
PowerDVD
PowerISO
PowerProducer
Project64 1.6
QuickBooks Premier: Contractor Edition 2007
QuickBooks Product Listing Service
QuickTime
RAR Password Cracker 4.12
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Sales Letter Creator 1.4
Sales Page Builder 1.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sound Blaster Audigy
Sound Blaster Audigy
SPBBC
SupportSoft Assisted Service
Symantec Script Blocking Installer
Symantec Technical Support Web Controls
SymNet
System Requirements Lab
Turbo Lister 2
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmeiper
TurboTax 2008 wrapper
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2006
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Rhine-Family Fast Ethernet Adapter
Windows Imaging Component
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip
WordWeb
YNAB Pro version 2.8.2.1



-----------------------------------------------------------------------------------------------------------------




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:51 AM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\Analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4761371131
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4763039998
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.caroffer.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13126 bytes


Thanks again, James
axilla
Active Member
 
Posts: 8
Joined: March 30th, 2009, 9:19 pm

Re: pop ups all the sudden

Unread postby Axephilic » April 1st, 2009, 10:47 pm

P2P Warning!

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following programs and click on the Change/Remove button to uninstall them.

    Azureus Vuze

  3. Close Add/Remove Programs and Control Panel when done.

Please post a new HijackThis log when done.
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: pop ups all the sudden

Unread postby axilla » April 2nd, 2009, 5:04 am

Removed it.
Here is my new HijackThis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:13 AM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4761371131
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4763039998
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.caroffer.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13126 bytes
axilla
Active Member
 
Posts: 8
Joined: March 30th, 2009, 9:19 pm

Re: pop ups all the sudden

Unread postby Axephilic » April 2nd, 2009, 4:57 pm

Hi there,

Thank you for removing that. :)

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\system32\hudekohu.dll
c:\windows\system32\toborebu.dll

Folder::
c:\documents and settings\James\Application Data\Azureus
c:\program files\Azureus

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

In your next reply, please include:
  1. ComboFix log
  2. MBAM log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: pop ups all the sudden

Unread postby axilla » April 2nd, 2009, 9:29 pm

Here yhey are...
ComboFix log, MBAM log, & A new HijackThis log


ComboFix 09-04-01.01 - James 2009-04-02 18:33:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.552 [GMT -4:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\hudekohu.dll
c:\windows\system32\toborebu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\James\Application Data\Azureus
c:\documents and settings\James\Application Data\Azureus\.certs
c:\documents and settings\James\Application Data\Azureus\.keystore
c:\documents and settings\James\Application Data\Azureus\.lock
c:\documents and settings\James\Application Data\Azureus\active\4A0F12A0437DB279FD6E6E42BA17D85A230A30F9.dat
c:\documents and settings\James\Application Data\Azureus\active\4A0F12A0437DB279FD6E6E42BA17D85A230A30F9.dat.bak
c:\documents and settings\James\Application Data\Azureus\active\5B76E31F788EE4BB636B7E08906B6EE0FF5A6A67.dat
c:\documents and settings\James\Application Data\Azureus\active\5B76E31F788EE4BB636B7E08906B6EE0FF5A6A67.dat.bak
c:\documents and settings\James\Application Data\Azureus\active\6C403D16294F9E617288C86D6F07C3C8A6A7B0F5.dat
c:\documents and settings\James\Application Data\Azureus\active\6C403D16294F9E617288C86D6F07C3C8A6A7B0F5.dat.bak
c:\documents and settings\James\Application Data\Azureus\active\79375EF55A75961A359ACB0230B540A7504CD130.dat
c:\documents and settings\James\Application Data\Azureus\active\79375EF55A75961A359ACB0230B540A7504CD130.dat.bak
c:\documents and settings\James\Application Data\Azureus\active\8648AA6E02E20BEA5A9D8013C682AEC346421246.dat
c:\documents and settings\James\Application Data\Azureus\active\8648AA6E02E20BEA5A9D8013C682AEC346421246.dat.bak
c:\documents and settings\James\Application Data\Azureus\active\86A231BAB96BC372A1CD317DA11B701309D3BE38.dat
c:\documents and settings\James\Application Data\Azureus\active\86A231BAB96BC372A1CD317DA11B701309D3BE38.dat.bak
c:\documents and settings\James\Application Data\Azureus\active\A9D032C80AD7C14BE97AF0E3A17333074EAB5A9B.dat
c:\documents and settings\James\Application Data\Azureus\active\A9D032C80AD7C14BE97AF0E3A17333074EAB5A9B.dat.bak
c:\documents and settings\James\Application Data\Azureus\active\B202CD1CE5F0EA2639D4765AF4C00D003E9ED7CB.dat
c:\documents and settings\James\Application Data\Azureus\active\B202CD1CE5F0EA2639D4765AF4C00D003E9ED7CB.dat.bak
c:\documents and settings\James\Application Data\Azureus\active\cache.dat
c:\documents and settings\James\Application Data\Azureus\azureus.config
c:\documents and settings\James\Application Data\Azureus\azureus.config.bak
c:\documents and settings\James\Application Data\Azureus\azureus.statistics
c:\documents and settings\James\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\James\Application Data\Azureus\banips.config
c:\documents and settings\James\Application Data\Azureus\banips.config.bak
c:\documents and settings\James\Application Data\Azureus\cnetworks.config
c:\documents and settings\James\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\James\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\James\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\James\Application Data\Azureus\dht\general.dat
c:\documents and settings\James\Application Data\Azureus\dht\version.dat
c:\documents and settings\James\Application Data\Azureus\downloads.config
c:\documents and settings\James\Application Data\Azureus\downloads.config.bak
c:\documents and settings\James\Application Data\Azureus\filters.config
c:\documents and settings\James\Application Data\Azureus\friends.config
c:\documents and settings\James\Application Data\Azureus\friends.config.bak
c:\documents and settings\James\Application Data\Azureus\ipfilter.cache
c:\documents and settings\James\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\James\Application Data\Azureus\logs\AutoSpeed_1.log
c:\documents and settings\James\Application Data\Azureus\logs\AutoSpeed_2.log
c:\documents and settings\James\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\James\Application Data\Azureus\logs\AutoSpeedSearchHistory_2.log
c:\documents and settings\James\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\James\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\James\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\James\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\James\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\James\Application Data\Azureus\logs\Friends_2.log
c:\documents and settings\James\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\James\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\James\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
c:\documents and settings\James\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
c:\documents and settings\James\Application Data\Azureus\logs\MetaSearch_Engine_9.txt
c:\documents and settings\James\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_alerts_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_AutoSpeed_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_AutoSpeed_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_AutoSpeedSearchHistory_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_AutoSpeedSearchHistory_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_clientid_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_CNetworks_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_debug_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_debug_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_Friends_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_Friends_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_MetaSearch_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_MetaSearch_Engine_3.txt
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_MetaSearch_Engine_4.txt
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_MetaSearch_Engine_5.txt
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_MetaSearch_Engine_9.txt
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_NetStatus_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_seltrace_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_seltrace_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_SpeedMan_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_SpeedMan_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_Subscriptions_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_Subscriptions_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_thread_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_thread_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.ads_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.CMsgr_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.emp_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.emp_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.Friends_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.Friends_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.MD_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.PMsgr_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.PMsgr_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.Stream_1.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_v3.Stream_2.log
c:\documents and settings\James\Application Data\Azureus\logs\save\1237928564625_WP_xsearch_1.log
c:\documents and settings\James\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\James\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\James\Application Data\Azureus\logs\SpeedMan_1.log
c:\documents and settings\James\Application Data\Azureus\logs\SpeedMan_2.log
c:\documents and settings\James\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\James\Application Data\Azureus\logs\Subscriptions_2.log
c:\documents and settings\James\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\James\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.emp_2.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.Friends_2.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.PMsgr_2.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\James\Application Data\Azureus\logs\v3.Stream_2.log
c:\documents and settings\James\Application Data\Azureus\logs\WP_xsearch_1.log
c:\documents and settings\James\Application Data\Azureus\metasearch.config
c:\documents and settings\James\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\James\Application Data\Azureus\net\pm_7015.dat
c:\documents and settings\James\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\James\Application Data\Azureus\sidebarauto.config
c:\documents and settings\James\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\James\Application Data\Azureus\subs\014E47D5024429F6628B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\01D7FB72F0883670E7C6.vuze
c:\documents and settings\James\Application Data\Azureus\subs\01FE0E4954FEEB299706.vuze
c:\documents and settings\James\Application Data\Azureus\subs\026517EFC9FFFD4288B3.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0273424FB60BDF21387A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\065BC7FC173B034D8ED1.vuze
c:\documents and settings\James\Application Data\Azureus\subs\075D0AA68FB88DC73040.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0A3DF375562D92BCC5BE.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0AEBEEA685B4DD6FA70B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0BF27435E5DE65F10FB3.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0C07856F590F8E3BFF05.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0C9F09B8F84337C2B6FD.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0D964673A5030F5630D3.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0E765695B5BC073A792A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0F193C9F601B15C4EFFE.vuze
c:\documents and settings\James\Application Data\Azureus\subs\0F6FC6E2DA1FD1A5AD3C.vuze
c:\documents and settings\James\Application Data\Azureus\subs\1257B177CF465F649788.vuze
c:\documents and settings\James\Application Data\Azureus\subs\1338763DAA0E98F698F7.vuze
c:\documents and settings\James\Application Data\Azureus\subs\139A8300ABC5040DC23A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\13CCCA643B4D4185F7D8.vuze
c:\documents and settings\James\Application Data\Azureus\subs\143BF79E58920F51E644.vuze
c:\documents and settings\James\Application Data\Azureus\subs\15116C2DC6A7B5DF10A7.vuze
c:\documents and settings\James\Application Data\Azureus\subs\182CDA9D1D277C3E992B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\18C48D02C231B6FF5DEF.vuze
c:\documents and settings\James\Application Data\Azureus\subs\192CD55ECCCB4FBDF495.vuze
c:\documents and settings\James\Application Data\Azureus\subs\1D3128F29E4DCA31249B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\1D448BE73F483481F54D.vuze
c:\documents and settings\James\Application Data\Azureus\subs\1E45AB11E90F5F0C23A5.vuze
c:\documents and settings\James\Application Data\Azureus\subs\200D67C79E997E14CCEE.vuze
c:\documents and settings\James\Application Data\Azureus\subs\204A61AC58762563C9F4.vuze
c:\documents and settings\James\Application Data\Azureus\subs\208AA03209FE7B12D93B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\232E059D82033345DD27.vuze
c:\documents and settings\James\Application Data\Azureus\subs\2334242E1A7D1E8F4C28.vuze
c:\documents and settings\James\Application Data\Azureus\subs\23C07FC046663EDB38E5.vuze
c:\documents and settings\James\Application Data\Azureus\subs\24916A26657351AD0B01.vuze
c:\documents and settings\James\Application Data\Azureus\subs\24A583F459EAC4B4E499.vuze
c:\documents and settings\James\Application Data\Azureus\subs\292D07370EA3783CDCAC.vuze
c:\documents and settings\James\Application Data\Azureus\subs\294924D627609ECD97B8.vuze
c:\documents and settings\James\Application Data\Azureus\subs\2BC6CD577EA4C0CC5846.vuze
c:\documents and settings\James\Application Data\Azureus\subs\2DD34BCB85CDDCB979F0.vuze
c:\documents and settings\James\Application Data\Azureus\subs\2E6D6AB970F911C32EE3.vuze
c:\documents and settings\James\Application Data\Azureus\subs\2F7D51E79B34BE84F742.vuze
c:\documents and settings\James\Application Data\Azureus\subs\30ACAF7CE31332BBA9EB.vuze
c:\documents and settings\James\Application Data\Azureus\subs\30B247823AB1F399E6C7.vuze
c:\documents and settings\James\Application Data\Azureus\subs\313D81C7F61CA9EDDF07.vuze
c:\documents and settings\James\Application Data\Azureus\subs\318B32AFAD098CC62036.vuze
c:\documents and settings\James\Application Data\Azureus\subs\32E8D1849848B7F51127.vuze
c:\documents and settings\James\Application Data\Azureus\subs\340123B877828C854A69.vuze
c:\documents and settings\James\Application Data\Azureus\subs\38F14939A1ADE522383C.vuze
c:\documents and settings\James\Application Data\Azureus\subs\39D66249EB7D8CD89041.vuze
c:\documents and settings\James\Application Data\Azureus\subs\3C752F0CC45446C66D5A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\3C7D472B5A87306DEC43.vuze
c:\documents and settings\James\Application Data\Azureus\subs\3CE1DE1CE7E9DE480F06.vuze
c:\documents and settings\James\Application Data\Azureus\subs\3D7973D63AC73E114EB0.vuze
c:\documents and settings\James\Application Data\Azureus\subs\400B09C6BFC041C77125.vuze
c:\documents and settings\James\Application Data\Azureus\subs\4101D8C8E906B8CDD88D.vuze
c:\documents and settings\James\Application Data\Azureus\subs\417A6C94FFDB3EE6A987.vuze
c:\documents and settings\James\Application Data\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\428870FB845DFB86BDFF.vuze
c:\documents and settings\James\Application Data\Azureus\subs\4371596937647EEB0193.vuze
c:\documents and settings\James\Application Data\Azureus\subs\475A6FF4074864929368.vuze
c:\documents and settings\James\Application Data\Azureus\subs\47CA7715E7EFCA83D6A3.vuze
c:\documents and settings\James\Application Data\Azureus\subs\47D01B51E6FACC969E1D.vuze
c:\documents and settings\James\Application Data\Azureus\subs\48319EDC47D27C05C9E9.vuze
c:\documents and settings\James\Application Data\Azureus\subs\487A4B88740420E32C87.vuze
c:\documents and settings\James\Application Data\Azureus\subs\4B713E793017BE7BA43A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\4CD6D96573CE7093FB98.vuze
c:\documents and settings\James\Application Data\Azureus\subs\4CDBD05E6AB48422DDAF.vuze
c:\documents and settings\James\Application Data\Azureus\subs\4E52720D295BF1A3277A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\4F2AA8C2D919E9835A62.vuze
c:\documents and settings\James\Application Data\Azureus\subs\4FB713647C7980B06C08.vuze
c:\documents and settings\James\Application Data\Azureus\subs\51264E9A40531E4C8722.vuze
c:\documents and settings\James\Application Data\Azureus\subs\52C6D09A02BBB590C252.vuze
c:\documents and settings\James\Application Data\Azureus\subs\54004C0B7ADCCE4069C9.vuze
c:\documents and settings\James\Application Data\Azureus\subs\5573CF50EDB18598C541.vuze
c:\documents and settings\James\Application Data\Azureus\subs\581765478D3517627C73.vuze
c:\documents and settings\James\Application Data\Azureus\subs\5C66EC0C29AFE1D1718A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
c:\documents and settings\James\Application Data\Azureus\subs\5D26E4A7F131C22CC7F4.vuze
c:\documents and settings\James\Application Data\Azureus\subs\5DFA363831C9EA57C2BB.vuze
c:\documents and settings\James\Application Data\Azureus\subs\5E1B21E769D03AD2D554.vuze
c:\documents and settings\James\Application Data\Azureus\subs\632A20E73961F1C133F2.vuze
c:\documents and settings\James\Application Data\Azureus\subs\639D824D6F95451782EC.vuze
c:\documents and settings\James\Application Data\Azureus\subs\65CE3C46ACE1B29F7AF8.vuze
c:\documents and settings\James\Application Data\Azureus\subs\681EF84B019157ADE950.vuze
c:\documents and settings\James\Application Data\Azureus\subs\6824755C86CF5244EBB4.vuze
c:\documents and settings\James\Application Data\Azureus\subs\68412F92B305AD1987DF.vuze
c:\documents and settings\James\Application Data\Azureus\subs\68461FFBE2AB011691AE.vuze
c:\documents and settings\James\Application Data\Azureus\subs\6864EAC9277858B1ADC7.vuze
c:\documents and settings\James\Application Data\Azureus\subs\6888D626D85758DCA49E.vuze
c:\documents and settings\James\Application Data\Azureus\subs\6C90193161709CC151BA.vuze
c:\documents and settings\James\Application Data\Azureus\subs\6E72F0C872D97BC6D313.vuze
c:\documents and settings\James\Application Data\Azureus\subs\6EBECCD5965FD3E3F0CC.vuze
c:\documents and settings\James\Application Data\Azureus\subs\6F30D9DE4175284D0FED.vuze
c:\documents and settings\James\Application Data\Azureus\subs\70150DEC7AE8D53ADFA3.vuze
c:\documents and settings\James\Application Data\Azureus\subs\708C5D9333EC9E54E297.vuze
c:\documents and settings\James\Application Data\Azureus\subs\722FEC9BA057A883FE52.vuze
c:\documents and settings\James\Application Data\Azureus\subs\723B1D1AD0BBD2CAE6CC.vuze
c:\documents and settings\James\Application Data\Azureus\subs\72F64D511CE1A2A21ABC.vuze
c:\documents and settings\James\Application Data\Azureus\subs\73215498728C960437E7.vuze
c:\documents and settings\James\Application Data\Azureus\subs\740AF5DF29177BDBE64C.vuze
c:\documents and settings\James\Application Data\Azureus\subs\74A65846DCCA7EB8B150.vuze
c:\documents and settings\James\Application Data\Azureus\subs\7505EB01DCD2B49F38D9.vuze
c:\documents and settings\James\Application Data\Azureus\subs\75BB43C789FFEC732E97.vuze
c:\documents and settings\James\Application Data\Azureus\subs\79C06D5110968E157963.vuze
c:\documents and settings\James\Application Data\Azureus\subs\79D0146B15851A703E92.vuze
c:\documents and settings\James\Application Data\Azureus\subs\79E766BACEC15D14BEA9.vuze
c:\documents and settings\James\Application Data\Azureus\subs\7AA8A97E28F65BEDAE80.vuze
c:\documents and settings\James\Application Data\Azureus\subs\7BC4AF1E72B1BF7A0245.vuze
c:\documents and settings\James\Application Data\Azureus\subs\7C79AB0F1AD6CDBFF6F6.vuze
c:\documents and settings\James\Application Data\Azureus\subs\7EB198584F3721914E9D.vuze
c:\documents and settings\James\Application Data\Azureus\subs\7F2E851054900035295D.vuze
c:\documents and settings\James\Application Data\Azureus\subs\819A6C169B0A45DCAF33.vuze
c:\documents and settings\James\Application Data\Azureus\subs\820E78EE2E12435632DC.vuze
c:\documents and settings\James\Application Data\Azureus\subs\829E59C40EFFE22EB406.vuze
c:\documents and settings\James\Application Data\Azureus\subs\83F9D7CFBA5E7496ACC5.vuze
c:\documents and settings\James\Application Data\Azureus\subs\85FF3060B0AC67E36A4E.vuze
c:\documents and settings\James\Application Data\Azureus\subs\8706470F19A827304864.vuze
c:\documents and settings\James\Application Data\Azureus\subs\87E23B1872099785E348.vuze
c:\documents and settings\James\Application Data\Azureus\subs\8B34AF6B2B8BDEAA190E.vuze
c:\documents and settings\James\Application Data\Azureus\subs\8B9A427971C2CE1EADDB.vuze
c:\documents and settings\James\Application Data\Azureus\subs\8C160D194AB5D313A169.vuze
c:\documents and settings\James\Application Data\Azureus\subs\8D9FFCDE2F4A05A1FCA5.vuze
c:\documents and settings\James\Application Data\Azureus\subs\8E7E881A919D90A10345.vuze
c:\documents and settings\James\Application Data\Azureus\subs\8F99CBA67E6A5F57CCAF.vuze
c:\documents and settings\James\Application Data\Azureus\subs\909DA4CC561DFEEEA518.vuze
c:\documents and settings\James\Application Data\Azureus\subs\92B9575881A124B384EC.vuze
c:\documents and settings\James\Application Data\Azureus\subs\92D434220F49DCAB0070.vuze
c:\documents and settings\James\Application Data\Azureus\subs\93B716386602D52C6EB7.vuze
c:\documents and settings\James\Application Data\Azureus\subs\93E70492723654E0B861.vuze
c:\documents and settings\James\Application Data\Azureus\subs\949DB82106360758737B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\97CE64D838671859DDA0.vuze
c:\documents and settings\James\Application Data\Azureus\subs\9AEFCE7D60200136FF79.vuze
c:\documents and settings\James\Application Data\Azureus\subs\A37CED700C6A8093072F.vuze
c:\documents and settings\James\Application Data\Azureus\subs\A3B365C17E9568BCFE90.vuze
c:\documents and settings\James\Application Data\Azureus\subs\A565421EA8BC1690CF1A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\documents and settings\James\Application Data\Azureus\subs\A6875C9905F5F324D605.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AA18A55630A89D766D85.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AB4948B77D9DC5F80176.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AB5AA44674B45F3681A7.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AB77A8E82C63A68AF3AB.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AC45575633A120FE1243.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AE052811D2B5371F0C0B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AE238A40E189FF666A5E.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AE8EA84C21120FD281D5.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AF52E4F450C76BE1A40D.vuze
c:\documents and settings\James\Application Data\Azureus\subs\AF734186BA1B192A332E.vuze
c:\documents and settings\James\Application Data\Azureus\subs\B0C2F1D8765570CE9C66.vuze
c:\documents and settings\James\Application Data\Azureus\subs\B0D933A2A2A3D2935106.vuze
c:\documents and settings\James\Application Data\Azureus\subs\B222903E31F98E693D98.vuze
c:\documents and settings\James\Application Data\Azureus\subs\B34259B4C2B41777913C.vuze
c:\documents and settings\James\Application Data\Azureus\subs\B4D32FB6E065F6D1372B.vuze
c:\documents and settings\James\Application Data\Azureus\subs\B5A81529F8BA072CAAD2.vuze
c:\documents and settings\James\Application Data\Azureus\subs\B7F26CAEE0FC1462EC81.vuze
c:\documents and settings\James\Application Data\Azureus\subs\B91956BBDE79566C62AE.vuze
c:\documents and settings\James\Application Data\Azureus\subs\BA42C1C871ADA5B254DA.vuze
c:\documents and settings\James\Application Data\Azureus\subs\BAD9AC808DA5DC699651.vuze
c:\documents and settings\James\Application Data\Azureus\subs\BB0F7703FA64E219DFB1.vuze
c:\documents and settings\James\Application Data\Azureus\subs\BB17D91CD5C2B1E646AB.vuze
c:\documents and settings\James\Application Data\Azureus\subs\BD1E584B428958A05A86.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C13AD618B786E85DA955.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C2B99AD8FDF26D4F8D30.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C411C4335ADB52FACBA8.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C58718B647E21A80D230.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C6087E3CBA1EED29D393.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C61A720916E29A0837B2.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C7367A6D43D1DAC18B59.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C868FF325124E3D0D58F.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C9BD6DA8ED60C95A60AE.vuze
c:\documents and settings\James\Application Data\Azureus\subs\C9EBC80E3E1D103634DB.vuze
c:\documents and settings\James\Application Data\Azureus\subs\CB88EEA99EA33DBBF172.vuze
c:\documents and settings\James\Application Data\Azureus\subs\CBF49069311D831F4569.vuze
c:\documents and settings\James\Application Data\Azureus\subs\CC32395F9DD8D167753C.vuze
c:\documents and settings\James\Application Data\Azureus\subs\CE275B7D9043458D6329.vuze
c:\documents and settings\James\Application Data\Azureus\subs\CE7DBE843CC16559F02C.vuze
c:\documents and settings\James\Application Data\Azureus\subs\D29BC128EE2D54AD5871.vuze
c:\documents and settings\James\Application Data\Azureus\subs\D60DDE2F15A3E8775A93.vuze
c:\documents and settings\James\Application Data\Azureus\subs\D8A375EA33EFCCAA55EB.vuze
c:\documents and settings\James\Application Data\Azureus\subs\DB77ECD5F7B5257BD44D.vuze
c:\documents and settings\James\Application Data\Azureus\subs\DB8EBA0A8243FAC1DD16.vuze
c:\documents and settings\James\Application Data\Azureus\subs\DCD20AB6684A16AA1475.vuze
c:\documents and settings\James\Application Data\Azureus\subs\DFD6D7F3C4789E592798.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E06604853A0D65E6C436.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E1DA4B45F792184C3A68.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E267584D36198A287181.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E2AF2CA0C702D64CDAA6.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E2EA3C29770B1D9EB098.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E35566C7DD50D27C73E8.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E3FAFADD4E7B350EBFCD.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E7B662EDA5D033B742BA.vuze
c:\documents and settings\James\Application Data\Azureus\subs\E945B0308AD3020B8B78.vuze
c:\documents and settings\James\Application Data\Azureus\subs\EBEDE1B9AAA932F13D15.vuze
c:\documents and settings\James\Application Data\Azureus\subs\EBF9DCBCF5E2F9B79C29.vuze
c:\documents and settings\James\Application Data\Azureus\subs\EFBCFDD325EF447273DC.vuze
c:\documents and settings\James\Application Data\Azureus\subs\F07279E115F3777EF5CF.vuze
c:\documents and settings\James\Application Data\Azureus\subs\F1DF8D147CA493DD061A.vuze
c:\documents and settings\James\Application Data\Azureus\subs\F697EC37C5A4D154EB6F.vuze
c:\documents and settings\James\Application Data\Azureus\subs\F6CD0F8645AB0692F14F.vuze
c:\documents and settings\James\Application Data\Azureus\subs\F9C5C6F9C03EF9C8A3E3.vuze
c:\documents and settings\James\Application Data\Azureus\subs\FAD397840F16FB208FE4.vuze
c:\documents and settings\James\Application Data\Azureus\subs\FB842F38FBD17B46F780.vuze
c:\documents and settings\James\Application Data\Azureus\subs\FC3A8DCD49B069BC8D8F.vuze
c:\documents and settings\James\Application Data\Azureus\subs\FD57795E1E531E7A63E8.vuze
c:\documents and settings\James\Application Data\Azureus\subs\FE9FC9B80022D3ABEF4F.vuze
c:\documents and settings\James\Application Data\Azureus\subs\FF55257FD9C546B8F7AD.vuze
c:\documents and settings\James\Application Data\Azureus\subs\FF9B43199BB642D99B6B.vuze
c:\documents and settings\James\Application Data\Azureus\subscriptions.config
c:\documents and settings\James\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\James\Application Data\Azureus\tables.config
c:\documents and settings\James\Application Data\Azureus\tables.config.bak
c:\documents and settings\James\Application Data\Azureus\timingstats.dat
c:\documents and settings\James\Application Data\Azureus\tmp\AZU1557939115399174603.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU2841803206624435074.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU3185631952454923249.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU3820206363165703206.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU4440029577965776774.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU5143510891642351262.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU6643259386582738558.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU7220140462995892775.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU7412229414849604122.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU7555456899165103366.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU7576650962160917726.tmp
c:\documents and settings\James\Application Data\Azureus\tmp\AZU7585740160070529161.tmp\patch.jar
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_(Flac)_Cake_-_Comfort_Eagle[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_[HDTV_ENG_SoftSub_ITA]_Lost_S04_E13-14[colombo-bt.org][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_01.16.07.Open.Season.DVDRip.XviD-DoNE[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_300[2006]DvDrip[Eng]-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_52_Episodes_Thomas_The_Tank_Engine_-_Train_TV_Show_kids_toddlers_children_by_awope1_(_seasons_4_&_5)_PACK[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_54804046ada9f359a0b33378617e6189e242c882[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_A_Farm_for_the_Future.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_AFV_Americas_Funniest_Home_Videos_-_Battle_Of_The_Best_DVD_Rip_[.3927328.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Alone_in_the_wilderness[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Atari_-_Good_Sets_(2600,_5200,_7800,_Jaguar,_Lynx)_(Torrentzipped)[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Atari_2600_-_5200_-_7800_-_Jaguar_-_Lynx_-_930_English_Games_+_Emulators[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Banned_Discovery_Channel_Documentary_-_Conspiracy_of_Silence.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_BBC,_PBS,_Nova_-_Vikings,_Pagans,_Indians,_Incas,_natural_history_and_evolution[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_BeachBody_ChaLEAN_Xtreme_deluxe_90_Day_Workout_[smaragdtorrent.to][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Braveheart_(1995)_[ENG]_[DVDrip][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Carlos_Castaneda.Enigma_of_a_Sorcerer(2004)[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Charlie.Wilson's.War[2007]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_ChasingGhostsBeyondTheArcade[XviD].avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Cloverfield[2008]DvDrip.AC3[Eng]-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Curious.George.(2006).PBS.Season.1.Complete[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Curious.George.Goes.to.the.Doctor.and.Lends.a.Helping.Hand.2008..4045532.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Curious.George[2006]DvDrip.AC3[Eng]-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Discovery.Channel.Submarine.Hidden.Hunter(2005).avi.3935018.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_download[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Dscovery_Channel_HowStuffWorks_WATER[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Electronics_Ebook_Collection_-_Rovhal_Knullare.4435654.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Elmo's.World.DVDrip.Eng.xvid[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Elmos_World[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Feasting.On.Waves.S01E01.Sugar.on.Isle.One.HDTV.XviD-FQM.[eztv].4403412.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Feasting.On.Waves.S01E02.Fungi.With.Foraging.and.Fish.HDTV.XviD-FQM.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Feasting.On.Waves.S01E03.Island.Thyme.HDTV.XviD-FQM.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Feasting.On.Waves.S01E04.Won.Love.HDTV.XviD-FQM.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Feasting_on_Asphalt.4144863.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Feasting_on_Waves_-_New_Alton_Brown_Series_Trailer_-_Food_Network[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fixed_Good_Eats_S12_E02_Popover_Sometime_HD.mkv[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fixed_Good_Eats_S12_E03_Celery_Man_HD.mkv[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Forgetting.Sarah.Marshall[2008][Unrated.Edition]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fred.Claus[2007]DvDrip-aXXo.4493729.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fringe.S01E05.HDTV.XviD-NoTV.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fringe.S01E06.HDTV.XViD-DOT.[VTV].avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fringe.S01E07.HDTV.XviD-NoTV.4502835.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fringe.S01E08.HDTV.XviD-0TV.avi.4518547.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fringe.S01E11.HDTV.XviD-NoTV.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fringe.S01E12.HDTV.XviD-NoTV.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fringe.S01E13.HDTV.XviD-NoTV.avi.4701051.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Fringe.S01E14.HDTV.XviD-NoTV.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_FRONTLINE_-_Memory_of_the_Camps_1985[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Glengarry_Glen_Ross.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_-_Behind_The_Eats_Special_[smaragdtorrent.to][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_-_S12E01_-_Frozen_Cache[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_-_Season_1[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_-_Season_10[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E04_Tuna_Surprise_HD.mkv[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E05_There_Will_Be_Oil_HD.mkv[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E06_Oh_My_Meat__Pie__HD.mkv.4494985.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E07_Et_Tu_Mame_HD.mkv.4487058.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E08_Flat_Is_Beautiful_IV_Going_Crackers_HD.mkv.4501753.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E09_American_Classics_Creole_In_A_Bowl_HD.mkv.4516396.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E10_Switched_On_Baklava_HD.mkv.4547868.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E11_A_Cabbage_Sprouts_In_Brussels_HD.mkv[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E12_Ginger__Rise_of_the_Rhizome_HD.mkv.4664319.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E13_Orange_Aid_HD.mkv[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Good_Eats_S12_E14_Pantry_Raid_X_Dark_Side_Of_The_Cain_HD.mkv[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Gran.Torino.2008.DvDRip-FxM.4662902.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Hancock[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Hells.Kitchen.US.S05E04.WS.PDTV.XviD-2HD.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_hells.kitchen.us.s05e05.ws.pdtv.xvid-vain.4753852.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_hells.kitchen.us.s05e06.ws.pdtv.xvid-2hd.4767778.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Hells.Kitchen.US.S05E07.WS.PDTV.XviD-0TV.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_hells.kitchen.us.s05e08.hdtv-xvid.pwe.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_High_Quality_44_National_Geographic_Maps.3996650.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House.S04E16.HDTV.XviD-LOL.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House.S05E04.HDTV.XviD-LOL.4446287.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House.S05E05.HDTV.XviD-LOL.4459833.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House.S05E07.HDTV.XviD-LOL.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House.S05E14.HDTV.XviD-2HD.[VTV].avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House.S05E16.HDTV.XviD-LOL[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House_M.D.__-_[S05E17][V.O._English___Sub._Spanish][www.newpct.com][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House_S05e08_[HDTVRip_-_XviD_-_Mp3_-_ENG_-_SUBITA]_Emancipation_[smaragdtorrent.to][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House_S05E12_HDTV.XviD-FQM.4662435.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House_S05E13_HDTV.XviD-LOL.4680384.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House_S05E15_HDTV.XviD-FQM_[VTV].4728224.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_House_S05E18_HDTV.XviD-LOL_[VTV].4777897.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_How_It's_Made.Season1-9[XTR-Z][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_http___www.monova.org_download_1445136_2008-05-29_111e3541aeeebdbdc4d844be75f26ef8650ae5b9_Good_Eats_-_Season_11[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Indiana_Jones_And_The_Kingdom_Of_The_Crystal_Skull[2008]-aXXo.4421027.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_James.Bond.007.HD-BITS.RO_PACK[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_JAWS[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Jaws_(1975)_[DVDrip_(XviD)].4190059.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Jimmy_Carter_Man_From_Plains_2007_LiMiTED_DVDRip_XviD-PreVail_[www_UsaBit_com]_[smaragdtorrent.to][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Kung.Fu.Panda[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Live_Phish__SBD_2003_Complete_Tour_(almost).4129776.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S04E10.PROPER.HDTV.XViD-DOT.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S04E11.HDTV.XviD-2HD.4179257.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E01.HDTV.XviD-PusherCrew.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E02.The.Lie.HDTV.XviD-2HD.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E03.HDTV.XviD-XOR.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E04.HDTV.XviD-XOR.[eztv][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E05.HDTV.XviD-BitMeTV.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E06.HDTV.XviD-XOR.avi.4731249.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E07.HDTV.XviD-XOR.avi.4742340.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E08.HDTV.XviD-XOR.avi.4751773.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E09.HDTV.XviD-NoTV.4782675.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Lost.S05E10.HDTV.XviD-XOR..4801061.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_LoST_S04_E12_HDTV_XviD_(Eng)-Zox.4191451.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Mad.Max.Trilogy[2007]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Madagascar[2005]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Math[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Phish_03-06-09_SNP_DVD_01.4766369.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Phish_03-06-09_SNP_DVD_02[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Phish_03-06-09_SNP_DVD_03.4781513.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Phish_03-06-09_SNP_DVD_04.4784739.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Pineapple.Express[2008]DVDSCR[XviD]-HEFTY_[No_Habla_RAR].4456819.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_PinkFloyd_BBC_Documentary.avi[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Randy_Pausch_-_Last_Lecture_Achieving_Your_Childhood_Dreams.4316520.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_RocknRolla[2008]DvDrip-aXXo_[smaragdtorrent.to][1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Semi-Pro[2008]DvDrip.AC3-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Shrek.The.Halls[2007]DvDrip-aXXo.4533653.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Step.Brothers[2008][Unrated.Edition]DvDrip-aXXo.4485640.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_SUCCESS_PARTY_PACK_OR[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The.Andromeda.Strain[2008]DvDrip-aXXo.4409222.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The.Business.of.Being.Born.LIMITED.DOCU.DVDRip.XviD-SAPHiRE[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The.Dark.Knight[2008]DvDrip-aXXo.4504741.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The.Happening[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The.Love.Guru[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The.X.Files-I.Want.To.Believe[2008]DvDrip-aXXo.4484659.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The_11th_Hour[2007]DvDrip_AC3[Eng]-FXG.4136001.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The_Bridge[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The_Heartbreak_Kid[2007]DvDrip[Eng]-FXG[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_The_Road_to_Enlightenment[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Traitor[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Tropic.Thunder[2008]DvDrip-aXXo.4479112.TPB[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_TURBO_JAM_BOXSET_-_OpTimAlSpArk[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Turbo_Jam_Live!_Cardio_Party_Remix[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Untraceable[2008]R5.DvDrip[Eng]-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Valkyrie.R5.LINE.XviD-COALiTiON[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Y.P.F.[Young.People.Fucking][2007]DvDrip.AC3-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_You.Don't.Mess.With.The.Zohan[2008][Unrated.Edition]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\[isoHunt]_Zack_And_Miri_Make_A_Porno_{2008}_DVD._Jaybob[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\_[isoHunt]_download[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\_[isoHunt]_Hancock[2008]DvDrip-aXXo[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\__[isoHunt]_download[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\___[isoHunt]_download[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\____[isoHunt]_download[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\_____[isoHunt]_download[1].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\11 World Trade Centre Demolition Mystery. [WJ3Z4I76T4M5CCLIBRVLIJU4PYESX26U].torrent
c:\documents and settings\James\Application Data\Azureus\torrents\AZU15899.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU17206.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU18046.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU229.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU28576.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU28579.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU32341.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU32343.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU32394.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU35583.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU53021.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU6915258029066802362.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU7238900080983259656.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU8374783673081115432.tmp
c:\documents and settings\James\Application Data\Azureus\torrents\AZU996898638526547677.tmp
c:\documents and settings\James\Application Data\Azureus\tracker.config
c:\documents and settings\James\Application Data\Azureus\tracker.config.bak
c:\documents and settings\James\Application Data\Azureus\unsentdata.config
c:\documents and settings\James\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\James\Application Data\Azureus\update.log
c:\documents and settings\James\Application Data\Azureus\update.properties
c:\documents and settings\James\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\James\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\James\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\James\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\Azureus
c:\program files\Azureus\plugins\azemp\azemp_1.9.11.jar
c:\program files\Azureus\plugins\azemp\azemp_1.9.11.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.16.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.16.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.28.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.28.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.30.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.30.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.32.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.32.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.34.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.34.zip
c:\program files\Azureus\plugins\azemp\azmplay.exe.bak
c:\program files\Azureus\plugins\azemp\cp1250-a.raw.bak
c:\program files\Azureus\plugins\azemp\cp1250-b.raw.bak
c:\program files\Azureus\plugins\azemp\font.desc.bak
c:\program files\Azureus\plugins\azemp\mplayer\config
c:\program files\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Azureus\plugins\azemp\plugin.properties_1.9.11
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.16
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.28
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.30
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.32
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.34
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.5.zip
c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.5
c:\windows\system32\hudekohu.dll
c:\windows\system32\toborebu.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-03-30 16:59 . 2009-03-30 16:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-07 07:54 . 2009-03-07 07:54 <DIR> d-------- C:\spoolerlogs
2009-03-07 07:00 . 2009-03-07 07:00 21 --a------ c:\windows\FxSetDll.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 22:18 --------- d-----w c:\program files\dl_Cats
2009-04-02 21:40 --------- d-----w c:\program files\Norton SystemWorks
2009-03-31 21:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-31 14:27 61,440 --sha-w c:\windows\system32\yugutoyi.exe
2009-03-30 20:41 61,440 --sha-w c:\windows\system32\tayanage.exe
2009-03-30 08:32 61,440 --sha-w c:\windows\system32\gurabimi.exe
2009-03-30 00:47 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-29 20:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 19:31 --------- d-----w c:\documents and settings\James\Application Data\Symantec
2009-03-29 14:12 61,440 --sha-w c:\windows\system32\lohulatu.exe
2009-03-29 02:11 61,440 --sha-w c:\windows\system32\nigatoba.exe
2009-03-28 19:23 --------- d-----w c:\documents and settings\James\Application Data\Move Networks
2009-03-28 14:12 61,440 --sha-w c:\windows\system32\yibamaka.exe
2009-03-28 02:11 61,440 --sha-w c:\windows\system32\magolite.exe
2009-03-15 01:08 --------- d-----w c:\documents and settings\James\Application Data\FileZilla
2009-03-01 00:02 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-03-01 00:00 --------- d-----w c:\program files\Common Files\Intuit
2009-03-01 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-02-28 23:57 --------- d-----w c:\program files\TurboTax
2009-02-16 15:05 --------- d-----w c:\program files\Intuit
2009-02-16 15:05 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2009-02-15 22:37 --------- d-----w c:\program files\Dell Photo AIO Printer 962
2009-02-15 13:52 --------- d-----w c:\program files\Motorola Phone Tools
2009-02-15 13:49 --------- d-----w c:\program files\Avanquest update
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 02:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2007-11-26 22:54 56,912 ----a-w c:\documents and settings\James\g2mdlhlpx.exe
2008-02-02 10:07 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-02-02 10:07 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-02 10:07 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-02-02 10:07 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-02-02 10:07 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-19 00:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-31_21.28.01.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-02 08:55:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_11c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TaskBar"="c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe" [2001-09-20 122880]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 132248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-01-07 100056]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo1"= CSvidcap.dll
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 EasyLogin]
--a------ 2009-03-05 11:59 2200576 c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 11:26 489472 c:\program files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 11:33 73728 c:\program files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-25 04:36 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-11-17 06:42 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-08-31 95328]
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2009-03-28 c:\windows\Tasks\Norton AntiVirus - Scan my computer - James.job
- c:\progra~1\NORTON~1\NORTON~3\Navw32.exe [2005-10-19 13:54]

2009-04-02 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2004-11-04 01:19]

2009-03-29 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 14:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 18:36:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???\????&??????\??? ??? ???\???\???????????5?B~e?B~\???\???????X?a??????C@?\???\??????s\???\??????s\????&??A??s?&???C@?x???`|?w\?????@
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-02 18:38:47
ComboFix-quarantined-files.txt 2009-04-02 22:38:12

Pre-Run: 119,430,541,312 bytes free
Post-Run: 119,658,328,064 bytes free

744 --- E O F --- 2009-03-21 11:14:05





_____________________________________________________________________________________________




Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 3

4/2/2009 9:12:59 PM
mbam-log-2009-04-02 (21-12-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 271007
Time elapsed: 36 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dijanumo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B32D8FEF-86A9-4034-8F3A-7E8C3516E3BC}\RP2\A0000038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gurabimi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lohulatu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\magolite.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nigatoba.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tayanage.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yibamaka.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yugutoyi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.




___________________________________________________________________________________________






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:03 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\Analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4761371131
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4763039998
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.caroffer.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13126 bytes
axilla
Active Member
 
Posts: 8
Joined: March 30th, 2009, 9:19 pm

Re: pop ups all the sudden

Unread postby Axephilic » April 2nd, 2009, 9:47 pm

Hello, it's looking good at this point.

I would just like to emphasize something. Downloading copyrighted music, movies, and anything else is illegal and unethical. People work hard to make that stuff and they deserve their cut of the money. Stealing movies and music and stuff is just like stealing a car or stealing from a store. Would you go to a store and steal DVD's and CD's?

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. How is the computer running now?
  2. Kaspersky results
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: pop ups all the sudden

Unread postby axilla » April 3rd, 2009, 4:59 am

Hey Adam,

My computer is running much better so far. No more pop-ups and speed has returned. Thanks...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, April 3, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, April 03, 2009 03:51:13
Records in database: 2002904
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 350386
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 06:01:39


File name / Threat name / Threats count
C:\Documents and Settings\James\My Documents\ebay _business\ebooks\ebooks\davidblainmegamagic.zip Infected: Trojan-PSW.Win32.Agent.klk 1
C:\Documents and Settings\James\My Documents\ebay _business\ebooks\free look\treasures.rar Infected: not-a-virus:AdWare.Win32.WebStars.b 1
C:\Documents and Settings\James\My Documents\ebay _business\ebooks\more ebooks\hypnosis_advanced.zip Infected: Trojan-PSW.Win32.Agent.klk 1
C:\Documents and Settings\James\My Documents\ebay _business\ebooks\need to re upload\listed\davidblainmegamagic.zip Infected: Trojan-PSW.Win32.Agent.klk 1
C:\Documents and Settings\James\My Documents\im_stuff\php scripts\MegaeBookStore200MRR\files to upload\download\davidblaine.zip Infected: Trojan-PSW.Win32.Agent.klk 1


The selected area was scanned.



______________________________________________________________________________________________________________







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:07 AM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\Analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4761371131
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4763039998
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.caroffer.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13167 bytes







Thanks again, James
axilla
Active Member
 
Posts: 8
Joined: March 30th, 2009, 9:19 pm

Re: pop ups all the sudden

Unread postby Axephilic » April 3rd, 2009, 11:42 am

Hello James, your welcome. :)

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\Documents and Settings\James\My Documents\ebay _business\ebooks\ebooks\davidblainmegamagic.zip
C:\Documents and Settings\James\My Documents\ebay _business\ebooks\free look\treasures.rar
C:\Documents and Settings\James\My Documents\ebay _business\ebooks\more ebooks\hypnosis_advanced.zip
C:\Documents and Settings\James\My Documents\ebay _business\ebooks\need to re upload\listed\davidblainmegamagic.zip
C:\Documents and Settings\James\My Documents\im_stuff\php scripts\MegaeBookStore200MRR\files to upload\download\davidblaine.zip


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include:
  1. ComboFix log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: pop ups all the sudden

Unread postby axilla » April 3rd, 2009, 3:55 pm

Adam,


Here are the requested logs...
ComboFix log & a new HijackThis log.




ComboFix 09-04-01.01 - James 2009-04-03 15:41:25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.615 [GMT -4:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
* Created a new restore point

FILE ::
c:\documents and settings\James\My Documents\ebay _business\ebooks\ebooks\davidblainmegamagic.zip
c:\documents and settings\James\My Documents\ebay _business\ebooks\free look\treasures.rar
c:\documents and settings\James\My Documents\ebay _business\ebooks\more ebooks\hypnosis_advanced.zip
c:\documents and settings\James\My Documents\ebay _business\ebooks\need to re upload\listed\davidblainmegamagic.zip
c:\documents and settings\James\My Documents\im_stuff\php scripts\MegaeBookStore200MRR\files to upload\download\davidblaine.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\James\My Documents\ebay _business\ebooks\ebooks\davidblainmegamagic.zip
c:\documents and settings\James\My Documents\ebay _business\ebooks\free look\treasures.rar
c:\documents and settings\James\My Documents\ebay _business\ebooks\more ebooks\hypnosis_advanced.zip
c:\documents and settings\James\My Documents\ebay _business\ebooks\need to re upload\listed\davidblainmegamagic.zip
c:\documents and settings\James\My Documents\im_stuff\php scripts\MegaeBookStore200MRR\files to upload\download\davidblaine.zip

.
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-04-02 18:53 . 2009-04-02 18:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 18:53 . 2009-04-02 18:53 <DIR> d-------- c:\documents and settings\James\Application Data\Malwarebytes
2009-04-02 18:53 . 2009-04-02 18:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 18:53 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 18:53 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-30 16:59 . 2009-03-30 16:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-07 07:54 . 2009-03-07 07:54 <DIR> d-------- C:\spoolerlogs
2009-03-07 07:00 . 2009-03-07 07:00 21 --a------ c:\windows\FxSetDll.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 22:18 --------- d-----w c:\program files\dl_Cats
2009-04-02 21:40 --------- d-----w c:\program files\Norton SystemWorks
2009-03-31 21:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 00:47 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-29 20:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 19:31 --------- d-----w c:\documents and settings\James\Application Data\Symantec
2009-03-28 19:23 --------- d-----w c:\documents and settings\James\Application Data\Move Networks
2009-03-15 01:08 --------- d-----w c:\documents and settings\James\Application Data\FileZilla
2009-03-01 00:02 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-03-01 00:00 --------- d-----w c:\program files\Common Files\Intuit
2009-03-01 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-02-28 23:57 --------- d-----w c:\program files\TurboTax
2009-02-16 15:05 --------- d-----w c:\program files\Intuit
2009-02-16 15:05 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2009-02-15 22:37 --------- d-----w c:\program files\Dell Photo AIO Printer 962
2009-02-15 13:52 --------- d-----w c:\program files\Motorola Phone Tools
2009-02-15 13:49 --------- d-----w c:\program files\Avanquest update
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 02:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2007-11-26 22:54 56,912 ----a-w c:\documents and settings\James\g2mdlhlpx.exe
2008-02-02 10:07 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-02-02 10:07 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-02 10:07 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-02-02 10:07 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-02-02 10:07 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-19 00:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-31_21.28.01.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-03 01:17:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_944.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TaskBar"="c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe" [2001-09-20 122880]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 132248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-01-07 100056]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo1"= CSvidcap.dll
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 EasyLogin]
--a------ 2009-03-05 11:59 2200576 c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 11:26 489472 c:\program files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 11:33 73728 c:\program files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-25 04:36 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-11-17 06:42 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-08-31 95328]
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2009-03-28 c:\windows\Tasks\Norton AntiVirus - Scan my computer - James.job
- c:\progra~1\NORTON~1\NORTON~3\Navw32.exe [2005-10-19 13:54]

2009-04-02 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2004-11-04 01:19]

2009-04-03 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 14:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 15:44:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&??????\??? ??? ???\???\???????????5?B~e?B~\???\???????X?a??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-03 15:46:37
ComboFix-quarantined-files.txt 2009-04-03 19:46:10
ComboFix2.txt 2009-04-02 22:38:48

Pre-Run: 119,430,189,056 bytes free
Post-Run: 119,607,574,528 bytes free

190 --- E O F --- 2009-03-21 11:14:05




________________________________________________________________________________________________________





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:30 PM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\Analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4761371131
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4763039998
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.caroffer.com/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13075 bytes


James
axilla
Active Member
 
Posts: 8
Joined: March 30th, 2009, 9:19 pm

Re: pop ups all the sudden

Unread postby Axephilic » April 3rd, 2009, 5:04 pm

Congratulations, you are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them. If after 48 hours you have not responded to this, then I will assume you have no questions and have the topic closed.

First, lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

You can also delete any other tool that I had you use/download.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware