Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE pop-ups and re-direction

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE pop-ups and re-direction

Unread postby jessl » June 3rd, 2009, 5:06 am

Hello Malware Removal,

I've noticed I have started to get IE pop-ups attempting to open this link:
hxxp : // sameshitasiteverwas.com/traf/tds/default.cgi, as well as another link. My internet speed has also slowed down, sometimes I'm unable to open up basic emails or download anything. I have anti-virus programs and anti-malware programs but they have come up clean.

Below is my HJT log file.

Thank you very much for your time.

J.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:41 PM, on 3/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NoteThingStartup] "D:\Program Files\Note Thing\NoteThing.exe" --startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll,C:\Windows\System32\dmscript32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\System32\IFXTCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9855 bytes
jessl
Active Member
 
Posts: 6
Joined: June 3rd, 2009, 4:46 am
Advertisement
Register to Remove

Re: IE pop-ups and re-direction

Unread postby MWR 3 day Mod » June 6th, 2009, 12:48 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: IE pop-ups and re-direction

Unread postby jmw3 » June 7th, 2009, 3:09 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is postedis ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download gmer.zip from Gmer here & save it to your desktop.
  • Right click on gmer.zip, select Extract All... & extract the contents to your desktop
  • Double click the Gmer.exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE pop-ups and re-direction

Unread postby jessl » June 7th, 2009, 5:41 am

Hello Malware Removal,

I've attached the requested DDS log, Attach.txt and Gmer log in that order.
Thank you very much for your time and fast response!

J.




DDS (Ver_09-05-14.01) - NTFSx86
Run by Jess at 19:04:43.20 on 07/06/2009 Sun
Internet Explorer: 7.0.6001.18000
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\ifxspmgt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\IFXTCS.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Jess\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [NoteThingStartup] "d:\program files\note thing\NoteThing.exe" --startup
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe"
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\users\jess\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/So ... b56986.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: APSHook.dll,avgrsstx.dll,c:\windows\system32\dmscript32.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - d:\program files\dvd region+css free\DVDShell.dll
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\users\jess\appdata\roaming\mozilla\firefox\profiles\gcuj6yju.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: d:\program files\netscape6\nppl3260.dll
FF - plugin: d:\program files\netscape6\nprjplug.dll
FF - plugin: d:\program files\netscape6\nprpjplug.dll
FF - plugin: d:\program files\realplayer\netscape6\nppl3260.dll
FF - plugin: d:\program files\realplayer\netscape6\nprjplug.dll
FF - plugin: d:\program files\realplayer\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2008-9-2 15416]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-22 325896]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090528.001\IDSvix86.sys [2009-5-30 272432]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-7-24 38816]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-22 298776]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-19 149352]
R2 SBSDWSCService;SBSD Security Center Service;d:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-3 1153368]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\drivers\etDevice.sys [2007-9-6 474624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-10 101936]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2008-2-5 206464]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-9-2 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2008-1-31 6528]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-9-2 29736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]

=============== Created Last 30 ================

2009-06-03 21:01 <DIR> --d----- c:\programdata\FLEXnet
2009-06-03 18:43 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 18:05 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-03 18:05 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-03 18:03 <DIR> --d----- c:\programdata\Lavasoft
2009-06-03 18:03 <DIR> --d----- c:\program files\Lavasoft
2009-06-02 20:40 1,372 a------- c:\windows\system32\Oq8sxtp1wN2o6.vbs
2009-06-02 20:39 1,372 a------- c:\windows\system32\VA1xlsdPkgVmtbW.vbs
2009-06-02 20:39 1,372 a------- c:\windows\system32\5GnA3n8Cu4Oda.vbs
2009-06-02 20:34 1,372 a------- c:\windows\system32\6AmcCozB28cW4.vbs
2009-06-02 20:33 1,372 a------- c:\windows\system32\eWc86ZdeEHFhx.vbs
2009-06-02 20:33 1,372 a------- c:\windows\system32\NH2B76UXhGZwr.vbs
2009-06-02 20:20 1,372 a------- c:\windows\system32\IA5Jw.vbs
2009-06-02 20:20 1,372 a------- c:\windows\system32\XMfpQZUKqGDU9.vbs
2009-06-02 20:19 143,360 a------- c:\windows\system32\dmscript32.dll
2009-06-02 20:19 1,372 a------- c:\windows\system32\FYHWW.vbs
2009-06-02 20:02 <DIR> --d----- c:\users\jess\appdata\roaming\EssentialPIM Pro
2009-06-02 19:59 <DIR> --d----- c:\windows\system32\tnt
2009-06-02 19:38 <DIR> --d----- c:\users\jess\appdata\roaming\Konrad Papala
2009-06-02 19:15 <DIR> --d----- c:\users\jess\appdata\roaming\M8 Software
2009-06-02 19:15 <DIR> --d----- c:\programdata\M8 Software
2009-06-02 19:15 <DIR> --d----- c:\progra~2\M8 Software
2009-06-02 19:12 1,347,344 a------- c:\windows\system32\Msvbvm50.dll
2009-06-02 19:12 64,000 a------- c:\windows\system32\Apigid32.dll
2009-06-01 20:40 67 a------- c:\windows\DVDRegionFree.INI
2009-05-08 22:42 <DIR> --d----- c:\program files\Conduit
2009-05-08 22:31 <DIR> --d----- c:\users\jess\appdata\roaming\EleFun Games

==================== Find3M ====================

2009-06-03 22:59 45,056 a------- c:\windows\system32\acovcnt.exe
2009-05-24 07:37 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-24 07:37 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 20:19 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-03-20 12:13 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-20 12:13 86,016 a------- c:\windows\inf\infstor.dat
2009-03-20 12:13 51,200 a------- c:\windows\inf\infpub.dat
2009-03-17 13:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 13:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 13:38 24,064 a------- c:\windows\system32\amxread.dll
2008-12-06 23:29 56 a---h--- c:\programdata\ezsidmv.dat
2008-12-06 23:29 56 a---h--- c:\progra~2\ezsidmv.dat
2008-12-02 17:12 84 a---h--- c:\programdata\aspg.dat
2008-12-02 17:12 84 a---h--- c:\progra~2\aspg.dat
2008-09-02 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-02 12:28 61,440 a------- c:\program files\common files\CPInstallAction.dll
2008-05-23 02:35 51,962 a------- c:\program files\common files\banner.jpg
2008-01-21 12:43 174 a--sh--- c:\program files\desktop.ini
2007-06-13 03:34 35,822 a------- c:\program files\common files\ASPG_icon.ico
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-05-03 19:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 20:47 31,232 ---shr-- c:\windows\system32\msfDX.dll

============= FINISH: 19:05:57.46 ===============







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)


Motherboard: ASUSTeK Computer Inc. | | F8Vr
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Socket 478 | 2401/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 116 GiB total, 68.353 GiB free.
D: is FIXED (NTFS) - 107 GiB total, 65.258 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP244: 29/05/2009 10:08:17 AM - Scheduled Checkpoint
RP245: 30/05/2009 8:56:04 AM - Scheduled Checkpoint
RP246: 30/05/2009 8:00:11 PM - Windows Update
RP247: 3/06/2009 2:45:03 PM - Norton 360 Registry Clean
RP248: 5/06/2009 6:51:10 PM - Scheduled Checkpoint
RP249: 6/06/2009 6:45:45 PM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
AppCore
ASUS CopyProtect
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear eXtreme
ASUS Security Protect Manager
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_F8_ScreenSaver
ATI Catalyst Install Manager
ATK Generic Function Service
ATK Hotkey
ATKOSD2
AuthenTec Fingerprint Sensor Minimum Install
AVG Free 8.5
Backup
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-Branding
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ccCommon
DVD Region+CSS Free 5.9.8.5
Express Gate
GearDrvs
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Infineon TPM Professional Package
ITECIR
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Pro 8
K-Lite Codec Pack 4.7.5 (Standard)
LiveUpdate (Symantec Corporation)
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
NB Probe
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Norton Security Scan
Norton Security Scan (Symantec Corporation)
OGA Notifier 1.7.0105.35.0
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Skins
Skype? 3.8
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
System Requirements Lab
The Sims 2 Super Pack 2007
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 1.3M UVC WebCam
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WIDCOMM Bluetooth Software
Winamp
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
WinFlash
WinRAR archiver
Wireless Console 2

==== Event Viewer Messages From Past Week ========

7/06/2009 1:03:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec

Core LC service.
6/06/2009 9:38:21 PM, Error: Microsoft-Windows-TBS [516] - An error occurred while communicating with the TPM. The driver returned 0x8007001f.
6/06/2009 9:38:21 PM, Error: Microsoft-Windows-TBS [16385] - An internal TBS error was detected. The error code was 0x8007001f. This is usually caused by

unexpected TPM or driver behavior and may be transient.
31/05/2009 6:03:46 PM, Error: Service Control Manager [7031] - The Logon Session Broker service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 0 milliseconds: Restart the service.
31/05/2009 6:03:46 PM, Error: Service Control Manager [7031] - The Local Communication Channel service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 0 milliseconds: Restart the service.
31/05/2009 10:53:18 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0016EAC8A9A8 has

been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
31/05/2009 10:52:53 AM, Error: PlugPlayManager [12] - The device 'Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)'

(PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_02\684CE00000) disappeared from the system without first being prepared for removal.
3/06/2009 6:04:01 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is

configured to not allow interactive services. This service may not function properly.
3/06/2009 3:23:33 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
2/06/2009 2:17:42 PM, Error: Microsoft-Windows-TBS [516] - An error occurred while communicating with the TPM. The driver returned 0x800703e3.
2/06/2009 2:17:42 PM, Error: Microsoft-Windows-TBS [16385] - An internal TBS error was detected. The error code was 0x800703e3. This is usually caused by

unexpected TPM or driver behavior and may be transient.

==== End Of File ===========================





GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-07 19:36:30
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 8FDF4DE0 ZwAlertResumeThread
SSDT 8FDF4EC0 ZwAlertThread
SSDT 8FDF3928 ZwAllocateVirtualMemory
SSDT 8FD87EE0 ZwAlpcConnectPort
SSDT 8FDF4B30 ZwCreateMutant
SSDT 8FDF2060 ZwCreateThread
SSDT 8FDF47B0 ZwDebugActiveProcess
SSDT 8FDF3728 ZwFreeVirtualMemory
SSDT 8FDF4C20 ZwImpersonateAnonymousToken
SSDT 8FDF4D00 ZwImpersonateThread
SSDT 8FDF3648 ZwMapViewOfSection
SSDT 8FDF4A50 ZwOpenEvent
SSDT 8FDF39F8 ZwOpenProcessToken
SSDT 8FDF4890 ZwOpenSection
SSDT 8FDF33A8 ZwOpenThreadToken
SSDT 8FDF6338 ZwResumeThread
SSDT 8FDF32C8 ZwSetContextThread
SSDT 8FDF3498 ZwSetInformationProcess
SSDT 8FDF31D8 ZwSetInformationThread
SSDT 8FDF4970 ZwSuspendProcess
SSDT 8FDF4008 ZwSuspendThread
SSDT 8FDF1720 ZwTerminateProcess
SSDT 8FDF30F8 ZwTerminateThread
SSDT 8FDF3588 ZwUnmapViewOfSection
SSDT 8FDF3858 ZwWriteVirtualMemory

INT 0x51 ? 85531BF8
INT 0x51 ? 86FA3F00
INT 0x51 ? 86FA3F00
INT 0x51 ? 85531BF8
INT 0x72 ? 86FA3F00
INT 0x82 ? 86FA3F00
INT 0x92 ? 86FA3F00
INT 0xA2 ? 86FA3F00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855341F8
Device \FileSystem\fastfat \FatCdrom 92DFB1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84BAA1F8
Device \Driver\usbuhci \Device\USBPDO-0 8702B500
Device \Driver\usbuhci \Device\USBPDO-1 8702B500
Device \Driver\usbuhci \Device\USBPDO-2 8702B500
Device \Driver\usbehci \Device\USBPDO-3 86FE0500
Device \Driver\netbt \Device\NetBT_Tcpip_{69915733-9C10-4693-A528-598EF8D1CEA7} 8FD851F8
Device \Driver\usbuhci \Device\USBPDO-4 8702B500

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 8702B500
Device \Driver\usbuhci \Device\USBPDO-6 8702B500
Device \Driver\volmgr \Device\HarddiskVolume1 84BAA1F8
Device \Driver\usbehci \Device\USBPDO-7 86FE0500
Device \Driver\volmgr \Device\HarddiskVolume2 84BAA1F8
Device \Driver\cdrom \Device\CdRom0 870381F8
Device \Driver\netbt \Device\NetBT_Tcpip_{FD7CCAFC-9CF0-4AEC-AC7D-234E3C880C26} 8FD851F8
Device \Driver\volmgr \Device\HarddiskVolume3 84BAA1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8FD851F8
Device \Driver\Smb \Device\NetbiosSmb 8FD861F8
Device \Driver\iScsiPrt \Device\RaidPort0 8709A1F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8702B500
Device \Driver\usbuhci \Device\USBFDO-1 8702B500
Device \Driver\usbuhci \Device\USBFDO-2 8702B500
Device \Driver\usbehci \Device\USBFDO-3 86FE0500
Device \Driver\usbuhci \Device\USBFDO-4 8702B500
Device \Driver\usbuhci \Device\USBFDO-5 8702B500
Device \Driver\usbuhci \Device\USBFDO-6 8702B500
Device \Driver\usbehci \Device\USBFDO-7 86FE0500
Device \FileSystem\fastfat \Fat 92DFB1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 84F541F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243a30a0e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243a30a0e@0018133b1140 0x23 0x26 0xC4 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243a30a0e@001060a36907 0x66 0x85 0x85 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243a30a0e@002215f7817c 0x28 0x9A 0xC2 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243a30a0e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243a30a0e@0018133b1140 0x23 0x26 0xC4 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243a30a0e@001060a36907 0x66 0x85 0x85 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243a30a0e@002215f7817c 0x28 0x9A 0xC2 0x86 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @DisplayName SUPER ?Version 2007.bld.23 (July 4, 2007)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @UninstallString D:\PROGRA~1\SUPER\Setup.exe /remove /q0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @InstallDate 2009-04-05 00:11:10
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @InstallLocation D:\Program Files\SUPER
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @InstallSource C:\Users\Jess\Downloads
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @DisplayIcon D:\Program Files\SUPER\SUPER.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @DisplayVersion Version 2007.bld.23 (July 4, 2007)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @VersionMajor 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @VersionMinor 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @Publisher eRightSoft
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @HelpLink http://www.eRightSoft.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @URLInfoAbout http://www.eRightSoft.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @URLUpdateInfo http://www.eRightSoft.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @Contact support@eRightSoft.com

---- EOF - GMER 1.0.15 ----
jessl
Active Member
 
Posts: 6
Joined: June 3rd, 2009, 4:46 am

Re: IE pop-ups and re-direction

Unread postby jmw3 » June 7th, 2009, 11:51 am

Hi

Multiple Anti-Spyware Programs
You are operating your computer with multiple Anti-Spyware programs running in memory at once:
SP: AVG Anti-Virus Free *enabled* (Updated) | SP: Windows Defender *enabled* (Updated)
Anti-virus & Anti-spyware programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-spyware programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please disable/remove one of them NOW.
I also noticed that you have Spybot Search & Destroy (disabled & outdated) & Norton 360 in your list of Installed Programs. The 'More is Better' principle does not work with security programs. These should really be removed if you are not using them as they appear to be still running in memory.

I see that you have Messenger Plus! Live installed. As long as you chose not to install the sponsor program (Circle Development Ltd. or CiD) this should be OK. The sponsor program is quite aggressive adware & should not be installed. Personally I would get rid of Messenger Live Plus! altogether. You can do that by going to Start>Control Panel>Programs and Features, right-click on Messenger Live Plus! & choose uninstall.

Combofix
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
Combofix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE pop-ups and re-direction

Unread postby jessl » June 8th, 2009, 12:37 am

Hello,

I've removed AVG Anti-virus free as I have a paid subscription to Norton 360.
I have a few questions though: I notice that Norton 360 wasn't listed as enabled or in use in the logs even though I do use it - it's in my system tray and the scheduled scans do run. Is there a problem with it?
And I never knew Windows Defender was enabled - when I click it in my Programs list a pop-up comes up telling me it's turned off. How do I properly turn it off or disable it otherwise?

I didn't remove Windows Plus! Live as I didn't install the sponsor program, so I've kept it for now if that's okay.

As for how the computer is running now, it seems okay. Before receiving your help I was getting the pop-ups often when browsing and every time I opened a browser, and my internet was often stalling and getting page re-directions out of the blue. Using the computer today, so far I haven't noticed the much pop-ups and the internet seems stable.

Below is the Combofix log.
Thank you very much!

J.



ComboFix 09-06-07.05 - Jess 08/06/2009 14:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3070.2033 [GMT 10:00]
Running from: c:\users\Jess\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jess\AppData\Roaming\02000000d05f2d6c603C.manifest
c:\users\Jess\AppData\Roaming\02000000d05f2d6c603O.manifest
c:\users\Jess\AppData\Roaming\02000000d05f2d6c603P.manifest
c:\users\Jess\AppData\Roaming\02000000d05f2d6c603S.manifest
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 04:27 . 2009-06-08 04:28 -------- d-----w- c:\users\Jess\AppData\Local\temp
2009-06-08 04:27 . 2009-06-08 04:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-08 04:23 . 2009-06-08 04:28 -------- d-s---w- \ComboFix
2009-06-08 04:12 . 2009-06-08 04:12 -------- d-----w- \Qoobox
2009-06-08 03:03 . 2009-03-09 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\NAVENG.SYS
2009-06-08 03:03 . 2009-03-09 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\NAVEX15.SYS
2009-06-08 03:03 . 2009-03-09 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\EECTRL.SYS
2009-06-08 03:03 . 2009-03-09 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\CCERASER.DLL
2009-06-08 03:03 . 2009-03-09 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\NAVENG32.DLL
2009-06-08 03:03 . 2009-03-09 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\NAVEX32A.DLL
2009-06-08 03:03 . 2009-03-09 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\ERASER.SYS
2009-06-08 03:03 . 2009-02-16 23:07 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\ECMSVR32.DLL
2009-06-07 09:11 . 2009-03-09 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\NAVENG.SYS
2009-06-07 09:11 . 2009-03-09 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\NAVEX15.SYS
2009-06-07 09:11 . 2009-03-09 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\EECTRL.SYS
2009-06-07 09:11 . 2009-03-09 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\CCERASER.DLL
2009-06-07 09:11 . 2009-03-09 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\NAVENG32.DLL
2009-06-07 09:11 . 2009-03-09 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\NAVEX32A.DLL
2009-06-07 09:11 . 2009-03-09 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\ERASER.SYS
2009-06-07 09:11 . 2009-02-16 23:07 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\ECMSVR32.DLL
2009-06-04 09:38 . 2009-06-07 13:52 -------- d-sh--w- \Config.Msi
2009-06-03 11:01 . 2009-06-03 11:01 -------- d-----w- c:\programdata\FLEXnet
2009-06-03 08:43 . 2009-06-03 08:43 -------- d-----w- c:\program files\Trend Micro
2009-06-03 08:05 . 2009-06-08 03:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-03 08:03 . 2009-06-03 10:59 -------- d-----w- c:\programdata\Lavasoft
2009-06-03 08:03 . 2009-06-03 10:59 -------- d-----w- c:\program files\Lavasoft
2009-06-03 07:14 . 2009-06-03 07:16 -------- d-----w- c:\users\Jess\AppData\Roaming\Lavasoft
2009-06-02 10:45 . 2009-06-02 10:49 -------- d-----w- c:\users\Jess\AppData\Local\Two Notes
2009-06-02 10:40 . 2009-06-02 10:40 1372 ----a-w- c:\windows\system32\Oq8sxtp1wN2o6.vbs
2009-06-02 10:39 . 2009-06-02 10:39 1372 ----a-w- c:\windows\system32\VA1xlsdPkgVmtbW.vbs
2009-06-02 10:39 . 2009-06-02 10:39 1372 ----a-w- c:\windows\system32\5GnA3n8Cu4Oda.vbs
2009-06-02 10:34 . 2009-06-02 10:34 1372 ----a-w- c:\windows\system32\6AmcCozB28cW4.vbs
2009-06-02 10:33 . 2009-06-02 10:33 1372 ----a-w- c:\windows\system32\eWc86ZdeEHFhx.vbs
2009-06-02 10:33 . 2009-06-02 10:33 1372 ----a-w- c:\windows\system32\NH2B76UXhGZwr.vbs
2009-06-02 10:20 . 2009-06-02 10:20 1372 ----a-w- c:\windows\system32\IA5Jw.vbs
2009-06-02 10:20 . 2009-06-02 10:20 1372 ----a-w- c:\windows\system32\XMfpQZUKqGDU9.vbs
2009-06-02 10:19 . 2009-06-02 10:19 1372 ----a-w- c:\windows\system32\FYHWW.vbs
2009-06-02 10:02 . 2009-06-03 11:19 -------- d-----w- c:\users\Jess\AppData\Roaming\EssentialPIM Pro
2009-06-02 09:59 . 2009-06-02 09:59 -------- d-----w- c:\windows\system32\tnt
2009-06-02 09:59 . 2009-06-02 09:59 -------- d-----w- c:\users\Jess\AppData\Local\Note Thing
2009-06-02 09:38 . 2009-06-02 09:38 -------- d-----w- c:\users\Jess\AppData\Roaming\Konrad Papala
2009-06-02 09:15 . 2009-06-02 09:15 -------- d-----w- c:\users\Jess\AppData\Roaming\M8 Software
2009-06-02 09:15 . 2009-06-02 09:15 -------- d-----w- c:\programdata\M8 Software
2009-06-02 09:12 . 1998-11-26 09:00 1347344 ----a-w- c:\windows\system32\Msvbvm50.dll
2009-06-02 09:12 . 1997-11-05 11:17 64000 ----a-w- c:\windows\system32\Apigid32.dll
2009-05-29 22:28 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\Scxpx86.dll
2009-05-29 22:28 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSco.sys
2009-05-29 22:28 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSxpx86.dll
2009-05-29 22:28 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSI.dll
2009-05-29 22:28 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys
2009-05-29 22:28 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSviA64.sys
2009-05-29 22:28 . 2009-02-05 13:55 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDS9xx86.dll
2009-05-21 10:00 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\Scxpx86.dll
2009-05-21 10:00 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSvix86.sys
2009-05-21 10:00 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSco.sys
2009-05-21 10:00 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSxpx86.dll
2009-05-21 10:00 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSI.dll
2009-05-21 10:00 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSviA64.sys
2009-05-21 10:00 . 2009-02-05 13:55 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDS9xx86.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 04:16 . 2008-12-02 06:40 104904 ----a-w- c:\users\Jess\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-08 04:14 . 2008-12-02 21:29 3220295680 --sha-w- \hiberfil.sys
2009-06-08 04:14 . 2008-12-02 21:29 3534073856 --sha-w- \pagefile.sys
2009-06-08 04:13 . 2008-09-02 02:55 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 08:00 . 2009-05-08 04:48 -------- d-----w- c:\program files\Norton Security Scan
2009-06-04 09:50 . 2008-12-02 06:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 04:46 . 2009-02-04 09:47 -------- d-----w- c:\program files\Common Files\Real
2009-06-02 10:09 . 2008-12-04 13:21 -------- d-----w- c:\users\Jess\AppData\Roaming\Azureus
2009-06-02 08:06 . 2009-01-26 09:36 -------- d-----w- c:\programdata\DVD Shrink
2009-05-24 13:55 . 2008-12-19 11:59 -------- d-----w- c:\programdata\Yahoo!
2009-05-21 07:54 . 2009-04-07 09:04 -------- d-----w- c:\users\Jess\AppData\Roaming\Winamp
2009-05-15 09:51 . 2008-12-06 13:27 -------- d-----w- c:\users\Jess\AppData\Roaming\Skype
2009-05-15 09:49 . 2008-12-06 13:29 -------- d-----w- c:\users\Jess\AppData\Roaming\skypePM
2009-05-13 17:04 . 2008-09-02 03:01 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 17:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 12:42 . 2009-05-08 12:42 -------- d-----w- c:\program files\Conduit
2009-05-08 12:31 . 2009-05-08 12:31 -------- d-----w- c:\users\Jess\AppData\Roaming\EleFun Games
2009-05-08 04:48 . 2008-09-02 03:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-08 03:09 . 2009-05-08 03:08 -------- d-----w- c:\programdata\Phenomedia
2009-05-07 10:19 . 2009-05-07 10:19 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-03 13:23 . 2008-09-02 03:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-29 10:33 . 2009-01-26 10:52 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-27 10:53 . 2008-12-15 07:49 -------- d-----w- c:\program files\EA GAMES
2009-04-22 05:07 . 2009-05-08 12:24 51200 ----a-w- c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\gcuj6yju.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\FFExternalAlert.dll
2009-04-22 05:07 . 2009-05-08 12:24 114688 ----a-w- c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\gcuj6yju.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\npmozax.dll
2009-04-21 06:53 . 2008-09-02 03:16 -------- d-----w- c:\programdata\Symantec
2009-04-15 12:41 . 2009-04-15 12:41 -------- d-----w- c:\program files\ReflexiveArcade
2009-04-13 06:26 . 2009-03-10 05:50 -------- d-----w- c:\program files\Norton 360
2009-04-07 09:26 . 2009-04-07 09:26 25 ----a-w- c:\windows\system32\sysfsaver.dat
2009-03-31 12:46 . 2008-02-24 02:07 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-20 02:14 . 2009-03-10 05:48 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-17 03:38 . 2009-04-15 10:26 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:26 24064 ----a-w- c:\windows\system32\amxread.dll
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 16:35 . 2008-05-22 16:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 17:34 . 2007-06-12 17:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-03-31 12:47 . 2009-03-10 08:09 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-05-03 09:06 . 2009-04-04 14:12 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-04-04 14:12 31232 --sh--r- c:\windows\System32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-25 677144]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-02 39480]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-02 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-13 4915200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-11 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "d:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E4C66816-7194-4CC6-8803-C43D5AD449CF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5966BAA-CAFD-49BC-AAC2-C3F10726548A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{75974510-BD41-4FAF-A074-6374C4D14F72}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B116827D-0E70-4764-A063-47218087C707}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{68E87E42-4533-4528-B557-B205C68BB26F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6CB55A4A-E799-4F77-98F7-EED51447BA6C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{35E98BE9-538D-4637-A0C5-D9BC5E7ADD64}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DCD29CE5-A430-488B-B16E-D39C77CCC5B2}"= UDP:d:\program files\LimeWire\LimeWire.exe:LimeWire
"{543515A1-F6DB-4962-9EF1-C2BC17647A0F}"= TCP:d:\program files\LimeWire\LimeWire.exe:LimeWire
"{B56DFDCF-EDD5-44D9-A803-662D6C09FCF1}"= UDP:d:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E4144E95-332A-4E52-9114-86B78ABDD402}"= TCP:d:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EE98CA63-33A6-44D3-8F17-AB3C740A5E5B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{54B06833-48F5-4F64-BC3A-CF6900630AC0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E66D5560-947D-4F43-A1B8-CB25F6A8261F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2/09/2008 2:34 PM 15416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090528.001\IDSvix86.sys [30/05/2009 8:28 AM 272432]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [24/07/2007 9:59 AM 38816]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 12:23 PM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 12:23 PM 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [19/02/2008 5:37 AM 149352]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 12:32 PM 23888]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [6/09/2007 6:43 PM 474624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/03/2009 3:43 PM 101936]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [5/02/2008 5:52 PM 206464]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2/09/2008 2:30 PM 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 8:29 AM 3658752]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [31/01/2008 9:18 PM 6528]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 11:31 AM 41008]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2/09/2008 2:20 PM 29736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\Norton Security Scan for Jess.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-12 09:04]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-NoteThingStartup - d:\program files\Note Thing\NoteThing.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\gcuj6yju.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 14:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\System32\APSHook.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\System32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
Completion time: 2009-06-08 14:29
ComboFix-quarantined-files.txt 2009-06-08 04:29

Pre-Run: 74,719,002,624 bytes free
Post-Run: 74,633,011,200 bytes free

269 --- E O F --- 2009-05-30 10:00
jessl
Active Member
 
Posts: 6
Joined: June 3rd, 2009, 4:46 am

Re: IE pop-ups and re-direction

Unread postby jmw3 » June 8th, 2009, 10:11 am

Hi
I have a few questions though: I notice that Norton 360 wasn't listed as enabled or in use in the logs even though I do use it - it's in my system tray and the scheduled scans do run. Is there a problem with it?
So long as Norton360 is running & giving you real time protection I wouldn't worry too much about it. DDS takes that information from the WMI. It's possible that Norton360 may not be registered in the WMI hence it not showing in the log.
And I never knew Windows Defender was enabled - when I click it in my Programs list a pop-up comes up telling me it's turned off. How do I properly turn it off or disable it otherwise?
  • Open Windows Defender
  • Select Tools then Options
  • Scroll down to Real Time Protection Options & uncheck Use real-time protection (recommended)
  • Select Save
I didn't remove Windows Plus! Live as I didn't install the sponsor program, so I've kept it for now if that's okay.
No problem. It's your choice ultimately.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=43353
Collect::
c:\windows\system32\Oq8sxtp1wN2o6.vbs
c:\windows\system32\VA1xlsdPkgVmtbW.vbs
c:\windows\system32\5GnA3n8Cu4Oda.vbs
c:\windows\system32\6AmcCozB28cW4.vbs
c:\windows\system32\eWc86ZdeEHFhx.vbs
c:\windows\system32\NH2B76UXhGZwr.vbs
c:\windows\system32\IA5Jw.vbs
c:\windows\system32\XMfpQZUKqGDU9.vbs
c:\windows\system32\FYHWW.vbs
c:\windows\system32\dmscript32.dll
File::
c:\windows\system32\sysfsaver.dat
Folder::
c:\users\Jess\AppData\Roaming\Azureus
DirLook::
c:\windows\system32\tnt
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B116827D-0E70-4764-A063-47218087C707}"=-
"{68E87E42-4533-4528-B557-B205C68BB26F}"=-
"{DCD29CE5-A430-488B-B16E-D39C77CCC5B2}"=-
"{543515A1-F6DB-4962-9EF1-C2BC17647A0F}"=-
DDS::
uStart Page = about:blank
FireFox::
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\gcuj6yju.default\
FF - prefs.js: browser.startup.homepage - 
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the Download button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel
ATF Cleaner
Download ATF Cleaner here by Atribune.
    Double-click ATF-Cleaner.exe to run the program
    Under Main choose: Select All
    Click the Empty Selected button
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
Click Exit on the Main menu to close the program.

Kaspersky Online Scan
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
Go to Kaspersky website and perform an online antivirus scan
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
To post in next reply:
Combofix log
Kaspersky Scan log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE pop-ups and re-direction

Unread postby jessl » June 9th, 2009, 2:56 am

Hello,

The computer seems to be running a lot better: the initial problem seems to be gone, I've definitely noticed less junk and some applications that had somehow gone haywire before have been reverted. And everything is running smoother and faster!

I have completed your instructions for Combofix, Updating Java, ATF Cleaner and Kaspersky scanner.

Below is the Combofix log. I wasn't able to save the Kaspersky log (nothing appears after I've saved it), but the Scan Report comes up empty and at the top it says "No Malware has been detected" so I hope that the lack of the scan log is okay.

Thank you very much for your quick responses.

J.



ComboFix 09-06-07.05 - Jess 09/06/2009 14:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3070.1727 [GMT 10:00]
Running from: c:\users\Jess\Desktop\ComboFix.exe
Command switches used :: c:\users\Jess\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\sysfsaver.dat"

file zipped: c:\windows\system32\5GnA3n8Cu4Oda.vbs
file zipped: c:\windows\system32\6AmcCozB28cW4.vbs
file zipped: c:\windows\system32\eWc86ZdeEHFhx.vbs
file zipped: c:\windows\system32\FYHWW.vbs
file zipped: c:\windows\system32\IA5Jw.vbs
file zipped: c:\windows\system32\NH2B76UXhGZwr.vbs
file zipped: c:\windows\system32\Oq8sxtp1wN2o6.vbs
file zipped: c:\windows\system32\VA1xlsdPkgVmtbW.vbs
file zipped: c:\windows\system32\XMfpQZUKqGDU9.vbs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jess\AppData\Roaming\Azureus
c:\users\Jess\AppData\Roaming\Azureus\.certs
c:\users\Jess\AppData\Roaming\Azureus\.keystore
c:\users\Jess\AppData\Roaming\Azureus\.lock
c:\users\Jess\AppData\Roaming\Azureus\active\17F18F9B13D01AC9CEE6272545CA5510DD903D4C.dat
c:\users\Jess\AppData\Roaming\Azureus\active\17F18F9B13D01AC9CEE6272545CA5510DD903D4C.dat.bak
c:\users\Jess\AppData\Roaming\Azureus\active\470D6BB1B29B29AC041863C588E9DBFF19F00FD1.dat
c:\users\Jess\AppData\Roaming\Azureus\active\470D6BB1B29B29AC041863C588E9DBFF19F00FD1.dat.bak
c:\users\Jess\AppData\Roaming\Azureus\active\cache.dat
c:\users\Jess\AppData\Roaming\Azureus\azureus.config
c:\users\Jess\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Jess\AppData\Roaming\Azureus\azureus.statistics
c:\users\Jess\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Jess\AppData\Roaming\Azureus\banips.config
c:\users\Jess\AppData\Roaming\Azureus\banips.config.bak
c:\users\Jess\AppData\Roaming\Azureus\cache\1191085919.ico
c:\users\Jess\AppData\Roaming\Azureus\cnetworks.config
c:\users\Jess\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Jess\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Jess\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Jess\AppData\Roaming\Azureus\dht\general.dat
c:\users\Jess\AppData\Roaming\Azureus\dht\net3\addresses.dat
c:\users\Jess\AppData\Roaming\Azureus\dht\net3\contacts.dat
c:\users\Jess\AppData\Roaming\Azureus\dht\net3\diverse.dat
c:\users\Jess\AppData\Roaming\Azureus\dht\net3\version.dat
c:\users\Jess\AppData\Roaming\Azureus\dht\version.dat
c:\users\Jess\AppData\Roaming\Azureus\downloads.config
c:\users\Jess\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Jess\AppData\Roaming\Azureus\filters.config
c:\users\Jess\AppData\Roaming\Azureus\friends.config
c:\users\Jess\AppData\Roaming\Azureus\friends.config.bak
c:\users\Jess\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Jess\AppData\Roaming\Azureus\logs\alerts_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\clientid_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\CNetworks_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\debug_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\Friends_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\Friends_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\MetaSearch_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\MetaSearch_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\MetaSearch_Engine_3.txt
c:\users\Jess\AppData\Roaming\Azureus\logs\MetaSearch_Engine_4.txt
c:\users\Jess\AppData\Roaming\Azureus\logs\MetaSearch_Engine_5.txt
c:\users\Jess\AppData\Roaming\Azureus\logs\MetaSearch_Engine_9.txt
c:\users\Jess\AppData\Roaming\Azureus\logs\NetStatus_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_alerts_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_AutoSpeedSearchHistory_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_clientid_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_CNetworks_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_debug_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_debug_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_Friends_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_Friends_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_MetaSearch_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_MetaSearch_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_MetaSearch_Engine_3.txt
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_MetaSearch_Engine_4.txt
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_MetaSearch_Engine_5.txt
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_MetaSearch_Engine_9.txt
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_NetStatus_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_seltrace_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_seltrace_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_Subscriptions_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_Subscriptions_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_thread_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_thread_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.ads_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.CMsgr_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.CMsgr_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.emp_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.Friends_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.Friends_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.MD_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.PMsgr_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.PMsgr_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\save\1243170184838_v3.Stream_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\seltrace_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\seltrace_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\Subscriptions_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\Subscriptions_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\thread_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\thread_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.ads_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.CMsgr_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.CMsgr_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.emp_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.Friends_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.Friends_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.MD_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.PMsgr_1.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.PMsgr_2.log
c:\users\Jess\AppData\Roaming\Azureus\logs\v3.Stream_1.log
c:\users\Jess\AppData\Roaming\Azureus\media\azpd\S64BBTPHKJDVIZZKMFM47RJ46EAAVUQ4.azpd
c:\users\Jess\AppData\Roaming\Azureus\metasearch.config
c:\users\Jess\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Jess\AppData\Roaming\Azureus\net\pm_18429.dat
c:\users\Jess\AppData\Roaming\Azureus\net\pm_3462.dat
c:\users\Jess\AppData\Roaming\Azureus\net\pm_4804.dat
c:\users\Jess\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Jess\AppData\Roaming\Azureus\restart.bat
c:\users\Jess\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Jess\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\Jess\AppData\Roaming\Azureus\subs\00C60E73A94959D3C5D4.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\01C36840FB41C06968B6.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\01D7FB72F0883670E7C6.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\065BC7FC173B034D8ED1.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\0C3A4F79A18F8B0EC2FC.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\0F193C9F601B15C4EFFE.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\13CCCA643B4D4185F7D8.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\19E94E9B501CB8B21D6F.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\1A39AE9C67A67F1E6C2E.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\232E059D82033345DD27.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\23874448F3148CDD35E7.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\23C07FC046663EDB38E5.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\24A583F459EAC4B4E499.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\24B8E9AC78200A71D3DA.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\2DD34BCB85CDDCB979F0.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\2DF43E7396E6157D8CE5.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\32E8D1849848B7F51127.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\33530FDDF16802582E1D.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\33CF1BCC1A5689A6F75C.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\3581EA9A4256F6F1409F.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\38F14939A1ADE522383C.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\3E24F687E39E7E06433B.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\400B09C6BFC041C77125.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\428870FB845DFB86BDFF.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\439520EE94DCF25CB930.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\447229A3A371779E8871.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\475A6FF4074864929368.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\49D0477CAD9099C40114.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\4E52720D295BF1A3277A.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\4FB713647C7980B06C08.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\51A2E99917A2ED165FA9.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\581765478D3517627C73.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\5A4946D476CB61EF9301.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\5F03B593A0F31F389FE4.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\632A20E73961F1C133F2.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\65D85767A5BC1B1B8F08.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\6633B2F0BA2BDFCA7731.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\665FF0562B56B49EB83D.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\6824755C86CF5244EBB4.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\687B5D8D87F188977E5D.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\6DC923D86BDF474F5654.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\708C5D9333EC9E54E297.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\722FEC9BA057A883FE52.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\7909F5B40DC4D75BFD4D.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\7AA8A97E28F65BEDAE80.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\7E32D607DDE5A5304A3A.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\7EB198584F3721914E9D.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\83F9D7CFBA5E7496ACC5.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\8604680C6C0217A05619.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\87E23B1872099785E348.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\88A288B21FB4C7E7757D.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\8A46445E4EA74625FD55.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\8AD92A83030E6C676E32.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\A0565AF02148C6175EAA.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\A1BD49FD671E81BE8FEF.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\A265BD812AE2F7535588.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\A883B3B15E24550D1E5B.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\AA18A55630A89D766D85.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\AD8051E73A76B5270EC8.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\AF734186BA1B192A332E.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\BA41FA85DE7262460A0E.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\BABDBFFD626AE4925451.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\BEC51319F57960A5CA9D.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\BF97B5535ACA66F1D6CE.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\BFF8CA6650753157FB90.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\C2CA97BB53F50A950F22.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\C62174125045EDDE1A17.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\C732D6BA9C09C29B2FA3.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\C827885AD3B7AE392D83.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\C86772317913043FB715.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\C9EBC80E3E1D103634DB.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\CD49449BCD9A8C1C0F88.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\DAB125560CF8A3CEA4AC.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\DC10272782C80481871B.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\E06604853A0D65E6C436.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\E266827DB29C626A6055.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\E27E836A4572F6158628.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\E556000FE7C3C3E73760.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\E6AEACFA5544EAB6E688.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\E8139A68B1EC9E7A6DAD.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\ED7A4A68D27A7C72BABE.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\F14DB936646DBBA8A53E.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\F61DD2E5A0FFAA417F95.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\F9A9CE73407E48E0C632.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\FB842F38FBD17B46F780.vuze
c:\users\Jess\AppData\Roaming\Azureus\subs\FF0EBBE21CEC049A539D.vuze
c:\users\Jess\AppData\Roaming\Azureus\subscriptions.config
c:\users\Jess\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\Jess\AppData\Roaming\Azureus\tables.config
c:\users\Jess\AppData\Roaming\Azureus\tables.config.bak
c:\users\Jess\AppData\Roaming\Azureus\timingstats.dat
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37167.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37168.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37169.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37170.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37171.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37172.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37173.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37174.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37176.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37177.tmp
c:\users\Jess\AppData\Roaming\Azureus\tmp\AZU37178.tmp
c:\users\Jess\AppData\Roaming\Azureus\torrents\(Req) Akon - Konvicted [2006][gettorrents[1].org] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\[www.PornEvo.com]_Sorority Girl Shawnie Picks The Longest Straw During Pledge So She Gets Bones With The Bigged Thicke.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\___Complete_Studio_Ghibli_Collection[www.btmon.com].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\__Complete_Studio_Ghibli_Collection[www.btmon.com].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_10000 BC KLAXXON [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Adobe_Photoshop__CS3__Extended___Crack.3967056.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Aerosmith.Gold.Collection_[Rock][2008][Visit_pctrecords].4583092.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Beyonce_-_I_Am_Sasha_Fierce_-_(Deluxe_Edition)_-_2008..4524891.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Christina_Aguilera-Keeps_Gettin_Better_(A_Decade_of_Hits)-2008-ONe_[www.NewTorrents.info].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Complete_Studio_Ghibli_Collection[www.btmon.com].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Delta_Goodrem.Mistaken_Identity.(2004).4196849.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Delta_Goodrem_-_Delta_(2007)_-_Pop_.3848647.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Destiny's Child - #1's [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Destiny Fulfilled [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Jennifer_Lopez_-_Rebirth(2005).3292997.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Jennifer_Lopez_On_the_6_Album.3414333.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Kate Ceberano - Nine Lime Avenue [2007][CD+SkidVid+Cov] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Kate Ceberano - so much beauty [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_LoneStar PornStar [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Lonestar.Greatest.Hits.2003.EU.RETAiL-KRG(wizard1) [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Madonna_-_Greatest_Hits.3728720.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Madonna_-_Hard_Candy_(2008).4363723.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Mariah Carey - EMC2 [2008][CD+SkidVid_XviD+Cov]192Kbps [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Mariah Carey - Greatest Hits (Disc 2)(2001)[h33t][mattlb0619][english album] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Mya_-_Sugar_And_Spice_(2008)_-_R_B_.4562417.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Nelly Furtado - 3 Albums [CHANNEL NEO] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_No Doubt Discography.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Oasis By Actionwang [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Ocean's.12[2004]DvDrip[Eng]-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Ocean's.13[2007]DvDrip[Eng]-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Oceans.11[2001]DvDrip[Eng]-aXXo_[www.NewTorrents.info].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Placebo_All_Studio_Albums.3459046.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Pussycat_Dolls-2008-Doll_Domination_(Deluxe_Edition)-2CD.4549577.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Q-Unit__Greatest_Hits_(A_50_Cent___Queen_Mashup_Remix_Album).3417911.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Queen_-_Greatest_Hits_I_-_II_-_III_-_Platinum_Collection_-_3CD_-.3217690.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_R&B Collection Summer 2009 @2 cdrip by kidzcorner [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Rihanna_GOOd_Girl_Gone_Bad_(Reloaded_2008_album)_manhunter.4588804.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Seal - Best 1991-2004 [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Seal - Soul (2008)(hxxp://www.hispatorrents.net) [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Shakira_-_Oral_Fixation_Vol._2.3981521.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Soul_for_Real_-_Candy_Rain-Remastered-2008_READ_NFO-NBMP3 [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Step.Brothers[2008][Unrated.Edition]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_The_Verve_-_Forth-2008-FKK [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Timbaland-The_Beat_Is_Sick-2008[www.dutchdawn.com] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Timbaland_-_Shock_Value-2007.3654881.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_Usher-Confessions_(Special_Edition)-2004-CBM.3466351.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\_What.Happens.In.Vegas[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\10000 BC KLAXXON [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\260_Awesome_Songs__techno__trance__whatever_you_call_it.4451884.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\5_albums_by_darude.4552668.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Adobe_Photoshop__CS3__Extended___Crack.3967056.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Aeon.Flux[2005]DvDrip.AC3[Eng]-aXXo.4320538.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Aerosmith.Gold.Collection_[Rock][2008][Visit_pctrecords].4583092.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Akon-Freedom-2008-[NoFS].4535952.TPB [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Akon - Freedom [2008] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Alcohol.120.v1.9.8.7612.Retail.MultiLang.PatCh.v4.1.1.ChVL [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\AOS-Dirty_South_RnB_In_The_Mix-2007-TapeDown [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\AZU12131.tmp
c:\users\Jess\AppData\Roaming\Azureus\torrents\AZU17492.tmp
c:\users\Jess\AppData\Roaming\Azureus\torrents\AZU29476.tmp
c:\users\Jess\AppData\Roaming\Azureus\torrents\AZU43629.tmp
c:\users\Jess\AppData\Roaming\Azureus\torrents\AZU43634.tmp
c:\users\Jess\AppData\Roaming\Azureus\torrents\AZU45216.tmp
c:\users\Jess\AppData\Roaming\Azureus\torrents\Babylon.A.D.[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Basshunter-I_Miss_You-Retail_CDM-2008-VOiCE.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Beyonce_-_I_Am_Sasha_Fierce_-_(Deluxe_Edition)_-_2008..4524891.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Bigfish Games Restaurant Empire {Indianboy2007}.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Brian McFadden - Set In Stone (2008) [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Britney Spears - Circus [2008] 192kbps [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\cascada_perfect_day___everytime_we_touch_album_320Kbps.4435313.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Chris Isaak - Best Of [2006][CD+3Vids+Cov] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Christina_Aguilera-Keeps_Gettin_Better_(A_Decade_of_Hits)-2008-ONe_[www.NewTorrents.info].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Closer.avi [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Club Hits[2008][Best Of Dance House Electro Trance And Techno]MP3@256.NeRoZ [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Colby O'Donis - Colby O.[2008].[www.pctrecords.com] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Common_-_Be_[2005]_[Hip_Hop].3664949.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Common_-_Finding_Forever_(2007)_-_Hip_Hop.3755381.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Complete_Studio_Ghibli_Collection[www.btmon.com].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Counting Crows - Recovering the Satellites [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Counting Crows - This Desert Life [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Counting_Crows-Saturday_Nights_And_Sunday_Mornings-2008-COLORBLi.4082217.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Creed_-_Discography.4488433.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Criss Angel Tricks Explained (John-Vani-18) [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Danity Kane - Danity Kane.[2006] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Danity Kane Welcome To The Dollhouse 2008 oothe [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Darude - Before The Storm [FLAC] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Darude - Label This [Colombo Nordic Electronica][colombo-bt.org] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Darude_-_Before_The_Storm.3778055.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Data Recovery Wizard Professional 4 0 3 52 (Full License)(English).torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Dave_Chapelle_everything_is_better_in_slow_motion.3426189.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\dedication3-MIXFIEND [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Deja.Vu[2006]DvDrip[Eng]-aXXo_[www.NewTorrents.info].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Delta_Goodrem.Mistaken_Identity.(2004).4196849.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Delta_Goodrem_-_Delta_(2007)_-_Pop_.3848647.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Destiny's Child - #1's [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Destiny Fulfilled [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\DJ_Chuck_T-Sexxxplicit_Randb_26-2007-TapeDown [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Eagle.Eye[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\EASEUS Data Recovery Wizard Pro 4 3 6 Retail [h33t] [Original].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Extratorrent com 3 guys 1 girl.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Fall_Out_Boy_Folie_A_Deux__JP_Bonus_Tracks__2008_VAG.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Flo-Rida-Mail.On.Sunday-(2008)-[NoFS].4078891.TPB [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Forgetting.Sarah.Marshall[2008][Unrated.Edition]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Friends_-_Season_10 [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Green_Day-21st_Century_Breakdown-(Retail)-2009-H3X [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Hancock[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\He__s.Just.Not.That.Into.You.2009.Scr.DivX-LTT.4866014.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\hitch.dvdrip.xvid.avi[www.btmon.com].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Horton Hears a Who KLAXXON [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Ice.Age.2-The.Meltdown[2006]DvDrip.AC3[Eng]-aXXo.4321623.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Ice_Age_(2002)_[DVDRip.XviD].3571234.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Igor[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\ilovernb3 [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Iron.Man[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\JACK JOHNSON - DISCOGRAPHY [CHANNEL NEO] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Jacks Mannequin-The Glass Passenger (2008) [Mp3].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Jacks_Mannequin_-_Everything_In_Transit_[2005].3868943.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\James_Morrison-Songs_For_You_Truth_For_Me-2008-JAMESMORRiSON[www.dutchdawn.com] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Jason Mraz - We Sing We Dance We Steal Things (MP3) 2Lions [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Jennifer_Lopez_-_Rebirth(2005).3292997.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Jennifer_Lopez_On_the_6_Album.3414333.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Kanye West - 808s and Heartbreaks [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Kate Ceberano - Nine Lime Avenue [2007][CD+SkidVid+Cov] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Kate Ceberano - so much beauty [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Keri Hilson - In A Perfect World [2009][CD+3 SkidVid_XviD+Cov] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Kid_Cudi_-_A_Kid_Named_Cudi.4608206.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Kings_Of_Leon_-_Only_By_The_Night[2008][MP3_320kbps]-antecho.4386445.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Kung.Fu.Panda[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Kylie_Minogue_-_Boombox_(The_Remix_Album_2000-2009)-2009-MOD.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Lady_GaGa_-_The_Fame_[2008][CD_SkidVid_XviD_Cov]320Kbps.4391415.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Lara Croft-Tomb Radier[2001]DVDrip[AC-3(5.1)ENG][a UKB-Rg Xvid by]- keltz [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Lara Croft Tomb Raider-The Cradle of Life[2003]DVDrip[AC-3(5.1)ENG][a UKB-RG Xvid by]- keltz [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Lenny Kravitz - Greatest Hits [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Lenny Kravitz It Is Time For A Love Revolution 2008 oothe [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Leona_Lewis-Run-(CDS)-2008-WRE.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Lil.Wayne-The.Carter.III.[2008]-MP3-OT]-FLAWL3SS [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\LoneStar PornStar [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Lonestar.Greatest.Hits.2003.EU.RETAiL-KRG(wizard1) [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Louis Armstrong - Louis Armstrong's All Time Greatest Hits [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Madagascar-Escape.2.Africa[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Madonna_-_Greatest_Hits.3728720.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Madonna_-_Hard_Candy_(2008).4363723.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Mariah Carey - EMC2 [2008][CD+SkidVid_XviD+Cov]192Kbps [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Mariah Carey - Greatest Hits (Disc 2)(2001)[h33t][mattlb0619][english album] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Mr And Mrs Smith 2005 Xvid DVDRip [Eng] Multi Subs [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\MSDSOFT.MSD.Organizer.Multiuser.v8.20.Cracked-ARN.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Musiq Soulchild - Onmyradio [2008] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Musiq_Soulchild_-_Luvanmusiq_[2007]_[R_B].3640911.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Mya_-_Sugar_And_Spice_(2008)_-_R_B_.4562417.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Ne Yo - Miss Independent [2008][SkidVid_XviD] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Nelly Furtado - 3 Albums [CHANNEL NEO] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\No Doubt Discography.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Oasis By Actionwang [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Ocean's.12[2004]DvDrip[Eng]-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Ocean's.13[2007]DvDrip[Eng]-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Oceans.11[2001]DvDrip[Eng]-aXXo_[www.NewTorrents.info].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Omarion-Playlist-The_Very_Best_Of_Omarion-2008-[wWw.FiveMP3.CoM] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Omarion_-_21_[Retail_2006]_[R_B]_[www.file24ever.com].3582096.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Pink-Funhouse-2008-PiNK.4454590.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Pink - Funhouse [2008][CD+SkidVid_XviD+Cov]320Kbps [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Placebo_All_Studio_Albums.3459046.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Powderfinger - Dream Days At The Hotel Existence [2007] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Pussycat_Dolls-2008-Doll_Domination_(Deluxe_Edition)-2CD.4549577.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Q-Unit__Greatest_Hits_(A_50_Cent___Queen_Mashup_Remix_Album).3417911.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Queen_-_Greatest_Hits_I_-_II_-_III_-_Platinum_Collection_-_3CD_-.3217690.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\R&B Collection Summer 2009 @2 cdrip by kidzcorner [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Rihanna_GOOd_Girl_Gone_Bad_(Reloaded_2008_album)_manhunter.4588804.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Rollercoaster Tycoon 3 Incl Crack [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Sammie_-_Sammie_(2006)_-_R_B.3533049.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Santana-Supernatural-1999-FIH_iNT.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Seal - Best 1991-2004 [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Seal - Soul (2008)(hxxp://www.hispatorrents.net) [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Seven Pounds [2008][5.1 sound][Excelent Quality] DvDrip-aXXo.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Seven.Pounds[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Sex.And.The.City-The.Movie[2008][Extended.Cut]DvDrip-aXXo.4392219.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Shakira_-_Oral_Fixation_Vol._2.3981521.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Soul_for_Real_-_Candy_Rain-Remastered-2008_READ_NFO-NBMP3 [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Step.Brothers[2008][Unrated.Edition]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Steve Angello & Laidback Luke Ft. Robin S - Show Me Love [S64BBTPHKJDVIZZKMFM47RJ46EAAVUQ4].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\T.I.-Paper.Trail.(Explicit.Retail-2008)-[NoFS].4402888.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Taylor_Swift_-_Fearless.4502030.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The Killers [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The Pursuit Of Happiness - DVD RIP - tinyseed.avi [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The.Bucket.List[2007]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The.Da.Vinci.Code[2006]DvDrip[Eng]-aXXo.4321584.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The.Dark.Knight[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The.Devil.Wears.Prada[2006]DvDrip[Eng]-aXXo_[www.NewTorrents.info].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The.House.Bunny[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The.Little.Mermaid-Ariel's.Beginning[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The_Land_Before_Time_Complete_Collection_DVDRips_KA-VCD_-KingAnon[www.btmon.com] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\The_Verve_-_Forth-2008-FKK [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Timbaland-The_Beat_Is_Sick-2008[www.dutchdawn.com] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Timbaland_-_Shock_Value-2007.3654881.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Top 40 singles Uk 17 05 2009 KompletlyWyred DHZ Inc Release [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Top_100_Trance_and_Techno_Party_Songs_of_All_Time.2008..3972549.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\torrentdownloads net Transporter 32008DvDrip-aXXo.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Tropic.Thunder[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Usher-Confessions_(Special_Edition)-2004-CBM.3466351.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA-Funkymix_121-Proper-2008-USF.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA-New_Soul_Woman-2CD-2008-C4 [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA-Notorious-OST-2009-H3X.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA-RNB_Awards._All_West_Stars-2008-D2H[www.btmon.com].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA-The_Very_Best_of_Fusion_Jazz-2CD-2008-BnL[www.btmon.com].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA-Total_Club_Hits_Vol_2-2009-VAG.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA - Puissance Electro Dance (2008) - House [www.torrentazos.com] [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA.-.I.Love.House.&.Club.Music.Top.30.Of.February.(2009).LanzamientosMp3.es [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA.-.Oldschool.Rnb.(2009).LanzamientosMp3.es [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\VA_-_The_Best_Of_Hiphop_RnB_Pop_Vol.23-2008-Jontey [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Wall-E[2008]DvDrip-aXXo_[www.NewTorrents.info].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\What.Happens.In.Vegas[2008]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\Winrar_Corporate_(no_crack_or_key_needed)_Just_install_and_enjoy.4013597.TPB.torrent
c:\users\Jess\AppData\Roaming\Azureus\torrents\You.Don't.Mess.With.The.Zohan[2008][Unrated.Edition]DvDrip-aXXo [mininova].torrent
c:\users\Jess\AppData\Roaming\Azureus\tracker.config
c:\users\Jess\AppData\Roaming\Azureus\tracker.config.bak
c:\users\Jess\AppData\Roaming\Azureus\unsentdata.config
c:\users\Jess\AppData\Roaming\Azureus\unsentdata.config.bak
c:\users\Jess\AppData\Roaming\Azureus\update.log
c:\users\Jess\AppData\Roaming\Azureus\update.properties
c:\users\Jess\AppData\Roaming\Azureus\v3.Friends.dat
c:\users\Jess\AppData\Roaming\Azureus\v3.Friends.dat.bak
c:\users\Jess\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Jess\AppData\Roaming\Azureus\VuzeActivities.config.bak
c:\windows\system32\5GnA3n8Cu4Oda.vbs
c:\windows\system32\6AmcCozB28cW4.vbs
c:\windows\system32\eWc86ZdeEHFhx.vbs
c:\windows\system32\FYHWW.vbs
c:\windows\system32\IA5Jw.vbs
c:\windows\system32\NH2B76UXhGZwr.vbs
c:\windows\system32\Oq8sxtp1wN2o6.vbs
c:\windows\system32\sysfsaver.dat
c:\windows\system32\VA1xlsdPkgVmtbW.vbs
c:\windows\system32\XMfpQZUKqGDU9.vbs

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 04:26 . 2009-06-09 04:26 -------- d-----w- c:\users\Jess\AppData\Local\temp
2009-06-09 04:26 . 2009-06-09 04:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-09 04:26 . 2009-06-09 04:26 -------- d-----w- C:\temp
2009-06-09 04:26 . 2009-06-09 04:26 -------- d-----w- \temp
2009-06-09 04:21 . 2009-06-09 04:26 -------- d-s---w- \ComboFix
2009-06-08 04:12 . 2009-06-09 04:22 -------- d-----w- \Qoobox
2009-06-08 03:03 . 2009-03-09 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\NAVENG.SYS
2009-06-08 03:03 . 2009-03-09 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\NAVEX15.SYS
2009-06-08 03:03 . 2009-03-09 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\EECTRL.SYS
2009-06-08 03:03 . 2009-03-09 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\CCERASER.DLL
2009-06-08 03:03 . 2009-03-09 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\NAVENG32.DLL
2009-06-08 03:03 . 2009-03-09 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\NAVEX32A.DLL
2009-06-08 03:03 . 2009-03-09 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\ERASER.SYS
2009-06-08 03:03 . 2009-02-16 23:07 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.021\ECMSVR32.DLL
2009-06-07 09:11 . 2009-03-09 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\NAVENG.SYS
2009-06-07 09:11 . 2009-03-09 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\NAVEX15.SYS
2009-06-07 09:11 . 2009-03-09 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\EECTRL.SYS
2009-06-07 09:11 . 2009-03-09 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\CCERASER.DLL
2009-06-07 09:11 . 2009-03-09 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\NAVENG32.DLL
2009-06-07 09:11 . 2009-03-09 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\NAVEX32A.DLL
2009-06-07 09:11 . 2009-03-09 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\ERASER.SYS
2009-06-07 09:11 . 2009-02-16 23:07 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090606.039\ECMSVR32.DLL
2009-06-04 09:38 . 2009-06-07 13:52 -------- d-sh--w- \Config.Msi
2009-06-03 11:01 . 2009-06-03 11:01 -------- d-----w- c:\programdata\FLEXnet
2009-06-03 08:43 . 2009-06-03 08:43 -------- d-----w- c:\program files\Trend Micro
2009-06-03 08:05 . 2009-06-08 03:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-03 08:03 . 2009-06-03 10:59 -------- d-----w- c:\programdata\Lavasoft
2009-06-03 08:03 . 2009-06-03 10:59 -------- d-----w- c:\program files\Lavasoft
2009-06-03 07:14 . 2009-06-03 07:16 -------- d-----w- c:\users\Jess\AppData\Roaming\Lavasoft
2009-06-02 10:45 . 2009-06-02 10:49 -------- d-----w- c:\users\Jess\AppData\Local\Two Notes
2009-06-02 10:02 . 2009-06-03 11:19 -------- d-----w- c:\users\Jess\AppData\Roaming\EssentialPIM Pro
2009-06-02 09:59 . 2009-06-02 09:59 -------- d-----w- c:\windows\system32\tnt
2009-06-02 09:59 . 2009-06-02 09:59 -------- d-----w- c:\users\Jess\AppData\Local\Note Thing
2009-06-02 09:38 . 2009-06-02 09:38 -------- d-----w- c:\users\Jess\AppData\Roaming\Konrad Papala
2009-06-02 09:15 . 2009-06-02 09:15 -------- d-----w- c:\users\Jess\AppData\Roaming\M8 Software
2009-06-02 09:15 . 2009-06-02 09:15 -------- d-----w- c:\programdata\M8 Software
2009-06-02 09:12 . 1998-11-26 09:00 1347344 ----a-w- c:\windows\system32\Msvbvm50.dll
2009-06-02 09:12 . 1997-11-05 11:17 64000 ----a-w- c:\windows\system32\Apigid32.dll
2009-05-29 22:28 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\Scxpx86.dll
2009-05-29 22:28 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSco.sys
2009-05-29 22:28 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSxpx86.dll
2009-05-29 22:28 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSI.dll
2009-05-29 22:28 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys
2009-05-29 22:28 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSviA64.sys
2009-05-29 22:28 . 2009-02-05 13:55 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDS9xx86.dll
2009-05-21 10:00 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\Scxpx86.dll
2009-05-21 10:00 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSvix86.sys
2009-05-21 10:00 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSco.sys
2009-05-21 10:00 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSxpx86.dll
2009-05-21 10:00 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSI.dll
2009-05-21 10:00 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSviA64.sys
2009-05-21 10:00 . 2009-02-05 13:55 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDS9xx86.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 04:16 . 2008-12-02 06:40 104904 ----a-w- c:\users\Jess\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-08 04:14 . 2008-12-02 21:29 3220295680 --sha-w- \hiberfil.sys
2009-06-08 04:14 . 2008-12-02 21:29 3534073856 --sha-w- \pagefile.sys
2009-06-08 04:13 . 2008-09-02 02:55 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 08:00 . 2009-05-08 04:48 -------- d-----w- c:\program files\Norton Security Scan
2009-06-04 09:50 . 2008-12-02 06:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 04:46 . 2009-02-04 09:47 -------- d-----w- c:\program files\Common Files\Real
2009-06-02 08:06 . 2009-01-26 09:36 -------- d-----w- c:\programdata\DVD Shrink
2009-05-24 13:55 . 2008-12-19 11:59 -------- d-----w- c:\programdata\Yahoo!
2009-05-21 07:54 . 2009-04-07 09:04 -------- d-----w- c:\users\Jess\AppData\Roaming\Winamp
2009-05-15 09:51 . 2008-12-06 13:27 -------- d-----w- c:\users\Jess\AppData\Roaming\Skype
2009-05-15 09:49 . 2008-12-06 13:29 -------- d-----w- c:\users\Jess\AppData\Roaming\skypePM
2009-05-13 17:04 . 2008-09-02 03:01 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 17:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 12:42 . 2009-05-08 12:42 -------- d-----w- c:\program files\Conduit
2009-05-08 12:31 . 2009-05-08 12:31 -------- d-----w- c:\users\Jess\AppData\Roaming\EleFun Games
2009-05-08 04:48 . 2008-09-02 03:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-08 03:09 . 2009-05-08 03:08 -------- d-----w- c:\programdata\Phenomedia
2009-05-07 10:19 . 2009-05-07 10:19 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-03 13:23 . 2008-09-02 03:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-29 10:33 . 2009-01-26 10:52 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-27 10:53 . 2008-12-15 07:49 -------- d-----w- c:\program files\EA GAMES
2009-04-22 05:07 . 2009-05-08 12:24 51200 ----a-w- c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\gcuj6yju.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\FFExternalAlert.dll
2009-04-22 05:07 . 2009-05-08 12:24 114688 ----a-w- c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\gcuj6yju.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\npmozax.dll
2009-04-21 06:53 . 2008-09-02 03:16 -------- d-----w- c:\programdata\Symantec
2009-04-15 12:41 . 2009-04-15 12:41 -------- d-----w- c:\program files\ReflexiveArcade
2009-04-13 06:26 . 2009-03-10 05:50 -------- d-----w- c:\program files\Norton 360
2009-03-31 12:46 . 2008-02-24 02:07 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-20 02:14 . 2009-03-10 05:48 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-17 03:38 . 2009-04-15 10:26 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:26 24064 ----a-w- c:\windows\system32\amxread.dll
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 16:35 . 2008-05-22 16:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 17:34 . 2007-06-12 17:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-03-31 12:47 . 2009-03-10 08:09 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-05-03 09:06 . 2009-04-04 14:12 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-04-04 14:12 31232 --sh--r- c:\windows\System32\msfDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\tnt ----



((((((((((((((((((((((((((((( SnapShot@2009-06-08_04.28.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-02 02:58 . 2009-06-08 04:15 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-02 02:58 . 2009-06-08 14:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-02 02:58 . 2009-06-08 04:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-02 02:58 . 2009-06-08 14:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-02 06:43 . 2009-06-09 04:17 320572 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-12-02 08:07 . 2009-06-08 12:44 330226 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-09-02 02:58 . 2009-06-08 14:05 196608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-02 02:58 . 2009-06-08 04:15 196608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-25 677144]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-02 39480]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-02 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-13 4915200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-11 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "d:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E4C66816-7194-4CC6-8803-C43D5AD449CF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5966BAA-CAFD-49BC-AAC2-C3F10726548A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{75974510-BD41-4FAF-A074-6374C4D14F72}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6CB55A4A-E799-4F77-98F7-EED51447BA6C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{35E98BE9-538D-4637-A0C5-D9BC5E7ADD64}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B56DFDCF-EDD5-44D9-A803-662D6C09FCF1}"= UDP:d:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E4144E95-332A-4E52-9114-86B78ABDD402}"= TCP:d:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EE98CA63-33A6-44D3-8F17-AB3C740A5E5B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{54B06833-48F5-4F64-BC3A-CF6900630AC0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E66D5560-947D-4F43-A1B8-CB25F6A8261F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2/09/2008 2:34 PM 15416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090528.001\IDSvix86.sys [30/05/2009 8:28 AM 272432]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [24/07/2007 9:59 AM 38816]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 12:23 PM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 12:23 PM 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [19/02/2008 5:37 AM 149352]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [6/09/2007 6:43 PM 474624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/03/2009 3:43 PM 101936]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [5/02/2008 5:52 PM 206464]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2/09/2008 2:30 PM 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 8:29 AM 3658752]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [31/01/2008 9:18 PM 6528]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 11:31 AM 41008]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2/09/2008 2:20 PM 29736]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 12:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\Norton Security Scan for Jess.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-12 09:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\gcuj6yju.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 14:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\System32\APSHook.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\System32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
Completion time: 2009-06-09 14:27
ComboFix-quarantined-files.txt 2009-06-09 04:27
ComboFix2.txt 2009-06-08 04:29

Pre-Run: 74,399,088,640 bytes free
Post-Run: 74,195,075,072 bytes free

699 --- E O F --- 2009-05-30 10:00
Upload was successful
jessl
Active Member
 
Posts: 6
Joined: June 3rd, 2009, 4:46 am

Re: IE pop-ups and re-direction

Unread postby jmw3 » June 9th, 2009, 6:10 am

The computer seems to be running a lot better: the initial problem seems to be gone, I've definitely noticed less junk and some applications that had somehow gone haywire before have been reverted. And everything is running smoother and faster!
Good stuff... really good to hear :thumbleft:
but the Scan Report comes up empty and at the top it says "No Malware has been detected" so I hope that the lack of the scan log is okay.
Yep.. that's fine.

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove Combofix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /u
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
DDS.scr
Any logs that may have been saved to your desktop

You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis
  • Double click HijackThis.exe
  • From the Main menu click Open the Misc Tools section
  • Using the scroll bar, scroll down to Uninstall HijackThis
  • Click Uninstall HijackThis & exit then click Yes at the prompt
You can either keep or delete ATF-Cleaner. It's a handy tool for cleaning out temporary folders.

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version: Adobe Reader 9.1.1
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 3 instead from http://www.foxitsoftware.com/pdf/rd_intro.php

All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Update your Windows Vista to Service Pack 2!
It is CRITICAL that you keep your Windows updated. Otherwise you're open to dozens of security holes which WILL cause you to get reinfected.
Visit Windows Update NOW & download Service Pack 2 + ALL critical updates! (Click Start :arrow: All Programs :arrow: Windows Update to launch Windows Update)
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can download it here & find a tutorial here.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work):
  • A short distance down the page in the centre, click on the Download button
  • Agree to the license
  • On the next page, to the right side of where it says Download Estimates, right click on the underlined word Hosts Manager choose Save Target As and download the installer Hosts20setup.exe to your desktop
  • Double click the Installer on your desktop and let it Install the Hosts Manager
  • After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
  • When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
  • Click Disable DNS Service. This is important
  • In the Left Pane, click Download
  • It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE pop-ups and re-direction

Unread postby jessl » June 10th, 2009, 7:29 am

Hello,

I've removed the tools and updated my Adobe Reader. Looks like all is done!

Thank you very much for all your help! I appreciate all your time - I notice you've been replying late into your nights but you've still had great response times and given great service.
I will definitely be donating to the website, and pick up all those tools you've recommended so hopefully I won't be coming through here anytime soon =D

Thanks again!

J.
jessl
Active Member
 
Posts: 6
Joined: June 3rd, 2009, 4:46 am

Re: IE pop-ups and re-direction

Unread postby jmw3 » June 10th, 2009, 7:59 am

Thank you very much for all your help! I appreciate all your time
No problem at all jessl... glad I could help :thumbleft:
I notice you've been replying late into your nights
Nightshift worker with too much time on my hands & internet access at work :D
I will definitely be donating to the website
Thanks for that. The site appreciates all donations :)

Good luck & Safe Surfing
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE pop-ups and re-direction

Unread postby chryssi2001 » June 11th, 2009, 1:18 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware