Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I got me some spyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I got me some spyware

Unread postby eddythepwner » September 20th, 2008, 3:44 am

Well out of no where, I got CID pop-ups all over the place. Also Internet Explorer is open in Task Manager's processes using huge amounts of RAM and slowing the computer down.
Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:50 PM, on 20/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Eddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\Htm tick.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cash web] C:\DOCUME~1\Eddy\APPLIC~1\PUREMP~1\Cool flag.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9982 bytes
eddythepwner
Active Member
 
Posts: 5
Joined: September 20th, 2008, 3:38 am
Advertisement
Register to Remove

Re: I got me some spyware

Unread postby eddythepwner » September 20th, 2008, 11:40 pm

Someone please help!
eddythepwner
Active Member
 
Posts: 5
Joined: September 20th, 2008, 3:38 am

Re: I got me some spyware

Unread postby ktreffin » September 21st, 2008, 12:33 pm

Hi eddythepwner, Welcome to the forums!Image

My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:

Please make an Uninstall List using HiJackThis.


To access the Uninstall Manager you would do the following:
    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.

Lastly, please keep these points in mind:
  • If you have questions, please DON'T hesitate to ask!
  • The instructions I give are specific to your current problem and should not be used on other systems.
  • Please post your replies only to this topic, and please DO NOT start a new thread.
  • Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

I am reviewing your log now, and will be back with you shortly. Thank you for your patience.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: I got me some spyware

Unread postby eddythepwner » September 21st, 2008, 11:29 pm

Adobe Flash Player Plugin
Adobe Reader 7.1.0
Age of Empires III
AGEIA PhysX v7.05.17
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 7.10
AVG 8.0
Battlefield 2(TM)
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Canon Camera Access Library
Canon Camera Support Core Library
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.2
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
ConvertXtoDVD 2.2.3.258h
Dawn Of War
Dawn of War - Dark Crusade
Dawn Of War - Winter Assault
DVD Shrink 3.2
EPSON Printer Software
EVEREST Ultimate Edition v4.00
GameSpot Download Manager
Google Gears
Half-Life(R) 2
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
ImTOO DVD Ripper Platinum 4
InterVideo DVDCopy5
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JMB36X Raid Configurer
LimeWire 4.18.3
Magic ISO Maker v5.3 (build 0221)
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.5.79
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows Journal Viewer
MobileMe Control Panel
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
Nero 8
neroxml
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Oblivion
Oblivion - Knights of the Nine
OpenOffice.org Installer 1.0
Opera 9.52
PowerISO
PunkBuster Services
QuickTime
RealPlayer
Realtek High Definition Audio Driver
S.T.A.L.K.E.R. - Clear Sky [v1.0004]
Safari
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Skype™ 3.6
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Steam(TM)
Tom Clancy's Rainbow Six Vegas 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896256)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
VCRedistSetup
VideoLAN VLC media player 0.8.6c
WinAVI Video Converter
WinAVI Video Converter 9.0
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xbox 360 Controller for Windows
Xfire (remove only)

Theres the Uninstall List. Thanks Alot for your help.
eddythepwner
Active Member
 
Posts: 5
Joined: September 20th, 2008, 3:38 am

Re: I got me some spyware

Unread postby ktreffin » September 22nd, 2008, 6:44 am

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.18.3

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

Post back a new HijackThis, so we can continue cleaning your pc.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: I got me some spyware

Unread postby eddythepwner » September 23rd, 2008, 11:25 am

I got rid of LimeWire. Here's the new HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:51 AM, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Eddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\Htm tick.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cash web] C:\DOCUME~1\Eddy\APPLIC~1\PUREMP~1\Cool flag.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10002 bytes
eddythepwner
Active Member
 
Posts: 5
Joined: September 20th, 2008, 3:38 am

Re: I got me some spyware

Unread postby ktreffin » September 23rd, 2008, 4:16 pm

Hello eddythepwner,

It does appear that you are infected. Before we begin, I need to stress some important points to you.
  • Some of the instructions I will provide may get quite long. I highly recommend that you print a copy of them off or copy them into Notepad.
  • If at any time you have questions, please DON'T hesitate to ask!
  • Please keep in mind that the instructions I give are specific to your current problem and should not be used on other systems.
  • Also, please remember that there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

Ready? Lets go.

Step #1: Download and Run Lop S&D by Eric_71

Download Lop S&D by Eric_71 and save it to your desktop.

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
(list here)
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.

*===============================================*

Step #2: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the Lop S&D report (C:\lopR.txt)

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: I got me some spyware

Unread postby eddythepwner » September 23rd, 2008, 11:43 pm

Here's the LopSD log.


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Eddy ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus 8.0 (Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 111 Go Free : 5 Go
D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
H:\ (CD or DVD) - CDFS - Total : 3 Go Free : 0 Go
I:\ (CD or DVD)
J:\ (CD or DVD) - CDFS - Total : 4 Go Free : 0 Go
K:\ (CD or DVD) - CDFS - Total : 1 Go Free : 0 Go
L:\ (CD or DVD) - CDFS - Total : 3 Go Free : 0 Go
M:\ (CD or DVD)
N:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( Wed 24/09/2008|13:27 )

--------------------\\ Listing folders in APPLIC~1

[20/09/2008|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[14/05/2008|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[15/12/2007|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3
[25/02/2008|03:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[25/02/2008|03:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[13/11/2007|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ashampoo
[06/09/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[24/01/2008|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Cabela's Trophy Bucks Saves
[14/08/2008|02:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> close poke frag ooze
[08/09/2008|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[05/11/2007|06:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[01/03/2008|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/01/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[05/03/2008|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[08/07/2008|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[23/07/2008|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[21/08/2008|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ubisoft
[15/12/2007|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/03/2008|03:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[29/08/2008|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ZoomBrowser

[05/11/2007|04:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[09/11/2007|03:29] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Adobe
[14/05/2008|08:56] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> AdobeUM
[07/04/2008|04:11] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Apple Computer
[13/11/2007|07:38] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Ashampoo
[07/09/2008|10:01] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> AVGTOOLBAR
[18/04/2008|10:34] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars
[05/01/2008|01:22] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> DAEMON Tools
[08/09/2008|07:59] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> dvdcss
[23/08/2008|05:25] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Hamachi
[05/11/2007|04:21] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Identities
[02/02/2008|07:48] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> InstallShield
[15/03/2008|10:04] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Leadertech
[23/09/2008|01:36] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> LimeWire
[05/11/2007|06:03] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Macromedia
[06/09/2008|09:56] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Microsoft
[18/06/2008|06:58] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Mozilla
[12/01/2008|04:29] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Nero
[14/12/2007|08:04] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Opera
[14/08/2008|02:59] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> pure mp3 byte
[30/03/2008|09:05] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Real
[05/01/2008|08:39] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> SecuROM
[09/04/2008|05:58] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Skype
[09/04/2008|04:04] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> skypePM
[06/11/2007|07:42] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Sun
[21/01/2008|01:33] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> SystemRequirementsLab
[22/09/2008|04:41] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> uTorrent
[06/11/2007|04:29] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> vlc
[26/01/2008|02:35] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Vso
[05/11/2007|07:27] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> WinRAR
[23/09/2008|05:10] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> Xfire
[14/09/2008|11:31] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> XRay Engine
[29/08/2008|05:27] C:\DOCUME~1\Eddy\APPLIC~1\<DIR> ZoomBrowser EX

[06/09/2008|09:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[02/02/2008|10:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Xfire

[06/09/2008|09:56] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[10/07/2008|06:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> pure mp3 byte
[03/02/2008|05:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Xfire

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[23/09/2008 10:49 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[24/09/2008 01:00 AM][--ah-----] C:\WINDOWS\tasks\AF618893918A00D7.job
[18/09/2008 01:39 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[24/09/2008 01:15 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 10:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AF618893918A00D7.job )=( c:\docume~1\eddy\applic~1\puremp~1\tooljoyonce.exe )

--------------------\\ Listing Folders in C:\Program Files

[13/02/2008|03:58] C:\Program Files\<DIR> Activision
[23/01/2008|11:38] C:\Program Files\<DIR> Activision Value
[05/11/2007|04:54] C:\Program Files\<DIR> Adobe
[29/03/2008|03:58] C:\Program Files\<DIR> AGEIA Technologies
[26/08/2008|10:17] C:\Program Files\<DIR> Apple Software Update
[23/01/2008|10:22] C:\Program Files\<DIR> Ashampoo
[06/09/2008|09:57] C:\Program Files\<DIR> AVG
[25/01/2008|01:09] C:\Program Files\<DIR> Bethesda Softworks
[20/09/2008|11:43] C:\Program Files\<DIR> Bonjour
[28/08/2008|02:38] C:\Program Files\<DIR> Canon
[28/08/2008|02:35] C:\Program Files\<DIR> Common Files
[05/11/2007|04:14] C:\Program Files\<DIR> ComPlus Applications
[10/02/2008|12:16] C:\Program Files\<DIR> DAEMON Tools Lite
[08/09/2008|09:16] C:\Program Files\<DIR> Deep Silver
[28/01/2008|10:20] C:\Program Files\<DIR> DVD Shrink
[23/04/2008|04:40] C:\Program Files\<DIR> EA GAMES
[10/07/2008|06:50] C:\Program Files\<DIR> Electronic Arts
[09/11/2007|03:33] C:\Program Files\<DIR> EPSON
[18/04/2008|10:18] C:\Program Files\<DIR> GameSpot
[13/11/2007|06:16] C:\Program Files\<DIR> Hamachi
[26/01/2008|02:36] C:\Program Files\<DIR> ImTOO
[21/08/2008|04:36] C:\Program Files\<DIR> InstallShield Installation Information
[17/08/2008|02:18] C:\Program Files\<DIR> Internet Explorer
[05/11/2007|04:56] C:\Program Files\<DIR> InterVideo
[20/09/2008|11:51] C:\Program Files\<DIR> iPod
[20/09/2008|11:51] C:\Program Files\<DIR> iTunes
[27/07/2008|06:11] C:\Program Files\<DIR> Java
[28/12/2007|01:58] C:\Program Files\<DIR> Lavalys
[24/09/2008|01:23] C:\Program Files\<DIR> LimeWire
[24/01/2008|05:17] C:\Program Files\<DIR> MagicDisc
[05/01/2008|01:04] C:\Program Files\<DIR> MagicISO
[09/05/2008|10:03] C:\Program Files\<DIR> MC2
[17/08/2008|02:19] C:\Program Files\<DIR> Messenger
[08/09/2008|06:46] C:\Program Files\<DIR> Messenger Plus! Live
[05/11/2007|04:17] C:\Program Files\<DIR> microsoft frontpage
[15/12/2007|10:28] C:\Program Files\<DIR> Microsoft Games
[10/07/2008|07:51] C:\Program Files\<DIR> Microsoft Office
[05/11/2007|04:15] C:\Program Files\<DIR> Movie Maker
[24/09/2008|12:42] C:\Program Files\<DIR> Mozilla Firefox
[05/11/2007|04:13] C:\Program Files\<DIR> MSN
[05/11/2007|04:14] C:\Program Files\<DIR> MSN Gaming Zone
[15/12/2007|07:50] C:\Program Files\<DIR> MSXML 4.0
[12/01/2008|04:46] C:\Program Files\<DIR> Nero
[05/11/2007|04:15] C:\Program Files\<DIR> NetMeeting
[05/11/2007|04:30] C:\Program Files\<DIR> NVIDIA Corporation
[05/11/2007|04:14] C:\Program Files\<DIR> Online Services
[22/08/2008|08:22] C:\Program Files\<DIR> Opera
[06/11/2007|02:03] C:\Program Files\<DIR> Outlook Express
[10/07/2008|06:43] C:\Program Files\<DIR> PowerISO
[20/09/2008|11:50] C:\Program Files\<DIR> QuickTime
[20/12/2007|06:54] C:\Program Files\<DIR> Real
[05/11/2007|04:34] C:\Program Files\<DIR> Realtek
[28/07/2008|09:49] C:\Program Files\<DIR> Safari
[26/04/2008|04:52] C:\Program Files\<DIR> SEGA
[05/03/2008|11:33] C:\Program Files\<DIR> Skype
[07/07/2008|08:07] C:\Program Files\<DIR> Spybot - Search & Destroy
[27/07/2008|06:11] C:\Program Files\<DIR> Sun
[06/09/2008|07:17] C:\Program Files\<DIR> THQ
[20/09/2008|05:34] C:\Program Files\<DIR> Trend Micro
[21/08/2008|04:36] C:\Program Files\<DIR> Ubisoft
[05/11/2007|04:21] C:\Program Files\<DIR> Uninstall Information
[05/11/2007|07:10] C:\Program Files\<DIR> uTorrent
[05/11/2007|05:46] C:\Program Files\<DIR> Valve
[06/11/2007|04:28] C:\Program Files\<DIR> VideoLAN
[26/01/2008|02:33] C:\Program Files\<DIR> VSO
[24/09/2008|01:20] C:\Program Files\<DIR> Warcraft III
[26/01/2008|02:38] C:\Program Files\<DIR> WinAVI Video Converter
[26/01/2008|02:49] C:\Program Files\<DIR> WinAVI Video Converter 9.0
[06/03/2008|07:54] C:\Program Files\<DIR> Windows Journal Viewer
[01/03/2008|03:18] C:\Program Files\<DIR> Windows Live
[13/09/2008|10:37] C:\Program Files\<DIR> Windows Live Safety Center
[04/03/2008|05:32] C:\Program Files\<DIR> Windows Media Connect 2
[04/03/2008|05:32] C:\Program Files\<DIR> Windows Media Player
[05/11/2007|04:14] C:\Program Files\<DIR> Windows NT
[05/11/2007|04:16] C:\Program Files\<DIR> WindowsUpdate
[05/11/2007|07:26] C:\Program Files\<DIR> WinRAR
[06/11/2007|04:15] C:\Program Files\<DIR> XBox 360 Controller for Windows Software
[05/11/2007|04:17] C:\Program Files\<DIR> xerox
[23/09/2008|05:24] C:\Program Files\<DIR> Xfire

--------------------\\ Listing Folders in C:\Program Files\Common Files

[14/05/2008|08:57] C:\Program Files\Common Files\<DIR> Adobe
[20/09/2008|11:50] C:\Program Files\Common Files\<DIR> Apple
[28/08/2008|02:35] C:\Program Files\Common Files\<DIR> Canon
[22/11/2007|07:00] C:\Program Files\Common Files\<DIR> EasyInfo
[05/11/2007|04:56] C:\Program Files\Common Files\<DIR> InstallShield
[06/11/2007|07:41] C:\Program Files\Common Files\<DIR> Java
[10/07/2008|07:51] C:\Program Files\Common Files\<DIR> Microsoft Shared
[05/11/2007|04:15] C:\Program Files\Common Files\<DIR> MSSoap
[12/01/2008|04:48] C:\Program Files\Common Files\<DIR> Nero
[06/11/2007|03:07] C:\Program Files\Common Files\<DIR> ODBC
[20/12/2007|06:54] C:\Program Files\Common Files\<DIR> Real
[05/11/2007|04:15] C:\Program Files\Common Files\<DIR> Services
[05/03/2008|11:33] C:\Program Files\Common Files\<DIR> Skype
[06/11/2007|03:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/11/2007|02:03] C:\Program Files\Common Files\<DIR> System
[01/03/2008|03:18] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[29/03/2008|03:58] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[20/12/2007|06:54] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 69 Processes )

iexplore.exe ~ [PID:3456]
iexplore.exe ~ [PID:2200]
iexplore.exe ~ [PID:4776]

--------------------\\ Searching with S_Lop

C:\DOCUME~1\Eddy\LOCALS~1\Temp\bisA2.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\close poke frag ooze
C:\DOCUME~1\ALLUSE~1\APPLIC~1\close poke frag ooze\Bat bags.exe
C:\DOCUME~1\Eddy\APPLIC~1\puremp~1
C:\DOCUME~1\Eddy\APPLIC~1\puremp~1\axis lies mpeg great.exe
C:\DOCUME~1\Eddy\APPLIC~1\puremp~1\Cool flag.exe
C:\DOCUME~1\Eddy\APPLIC~1\puremp~1\lpxuyyio.exe
C:\DOCUME~1\Eddy\APPLIC~1\puremp~1\qvmpxydo.exe
C:\DOCUME~1\Eddy\APPLIC~1\puremp~1\tooljoyonce.exe
C:\DOCUME~1\Eddy\APPLIC~1\puremp~1\zjhpqyad.exe
C:\DOCUME~1\NETWOR~1\APPLIC~1\puremp~1
C:\DOCUME~1\NETWOR~1\APPLIC~1\puremp~1\Cool flag.exe
C:\DOCUME~1\Eddy\Cookies\eddy@pacificpoker[2].txt
C:\DOCUME~1\Eddy\Cookies\eddy@partypoker[2].txt
C:\DOCUME~1\Eddy\Cookies\eddy@888[1].txt
C:\DOCUME~1\Eddy\Cookies\eddy@888[2].txt
C:\WINDOWS\Tasks\AF618893918A00D7.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cash web"="C:\\DOCUME~1\\Eddy\\APPLIC~1\\PUREMP~1\\Cool flag.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Frag Ooze Cash Scr"="C:\\Documents and Settings\\All Users\\Application Data\\close poke frag ooze\\Htm tick.exe"

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 8722 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 13:27:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\Eddy\LOCALS~1\APPLIC~1\Microsoft\Messenger\azy222@hotmail.com\SharingMetadata\Working\database_B4D8_18AC_D818_6F3C\$db_clean$ 0 bytes
scan completed successfully
hidden processes: 0
hidden files: 9

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Eddy\Application Data\Opera\Opera\profile\images\crackberry.com.ico
C:\DOCUME~1\Eddy\Application Data\uTorrent\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911.torrent
C:\DOCUME~1\Eddy\Application Data\uTorrent\The Lord Of The Rings Battle For Middle Earth 2 DVD9 V1.1 Crack.torrent
C:\DOCUME~1\Eddy\Application Data\uTorrent\WinRar 3.71 final + keygen (Works 100% ).torrent
C:\DOCUME~1\Eddy\Application Data\uTorrent\[NTi]_Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_DVD9.CRACK.ONLY-FLT.torrent
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack
C:\DOCUME~1\Eddy\Desktop\Desktop\Medieval.II.Total.War.v1.1.REPACK.CRACK-MACiOZO.rar
C:\DOCUME~1\Eddy\Desktop\Desktop\STALKER.Clear.Sky.v1.5.04.Multi5.CRACK.rar
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack\Downloaded.txt
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack\Homepage.url
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack\Magic Iso 5.3b221 + Crack
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack\Sponsor.url
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack\Magic Iso 5.3b221 + Crack\Crack
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack\Magic Iso 5.3b221 + Crack\Setup_MagicISO.exe
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack\Magic Iso 5.3b221 + Crack\Crack\CRD.reg
C:\DOCUME~1\Eddy\Desktop\Desktop\MagicIso 5.3b221 + Crack\Magic Iso 5.3b221 + Crack\Crack\MagicISO.exe
C:\DOCUME~1\Eddy\Desktop\Desktop\Nero 8.1.1.0 Ultra Edition English - {Adeel}\Nero 8 Keygen.exe
C:\DOCUME~1\Eddy\Local Settings\Temp\Rar$DR00.109\Crack
C:\DOCUME~1\Eddy\Local Settings\Temp\Rar$DR02.656\Crack
C:\DOCUME~1\Eddy\Recent\flt-cnc3-crack.lnk
C:\DOCUME~1\Eddy\Recent\STALKER.Clear.Sky.v1.5.04.Multi5.CRACK.lnk


[F:4310][D:232]-> C:\DOCUME~1\Eddy\LOCALS~1\Temp
[F:45][D:0]-> C:\DOCUME~1\Eddy\Cookies
[F:4279][D:8]-> C:\DOCUME~1\Eddy\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 24/09/2008|13:29 - Option : [1]

--------------------\\ Scan completed at 13:29:43


Here's the HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:12 PM, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\Htm tick.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cash web] C:\DOCUME~1\Eddy\APPLIC~1\PUREMP~1\Cool flag.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10133 bytes

I've got a question, Is it possible that the infections in my computer are causing my internet to frequently disconnect?

Thanks.
eddythepwner
Active Member
 
Posts: 5
Joined: September 20th, 2008, 3:38 am

Re: I got me some spyware

Unread postby Gary R » September 24th, 2008, 11:21 am

This forum does not support the use of cracks and keygenerators, such software is illegal and were we to help you further we would be aiding and abetting you in your crime.

I suggest you seek help elsewhere.

This topic is now CLOSED
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 113 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware