I've caught something on my pc that causes Internet Explorer to have popups to random sites that include media2.mediafileshost.com, smacchat.com, and some others... it also has popups for some sort of adware/malware cleaning software ads. And finally, when looking at some websites, some of the pictures or ads are hijacked with an ad that says Warning-Spyware (your computer may be infected with spyware) Free Scan! Also, computer is running much slower than it used to.


Can anybody help?

Here is my Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:52 AM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe" dm=http://drivecleaner.com ad=http://drivecleaner.com sd=http://log.drivecleaner.com
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BM5b133926] Rundll32.exe "C:\WINDOWS\system32\vwgpqvev.dll",s
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\LJORA7LW\IG_080~4.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\FM93GIRD\47CD14~1.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\FM93GIRD\47CD09~1.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\LJORA7LW\47CD17~2.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\LJORA7LW\47B99B~4.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\7ELYBQRD\47CD19~3.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\FM93GIRD\47CD12~2.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\7ELYBQRD\47B99B~3.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\LJORA7LW\47CD14~2.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\7ELYBQRD\US_120~2.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\7ELYBQRD\47B4F3~3.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\9MZR450J\473A9C~1.SH! C:\DOCUME~1\donerite\LOCALS~1\TEMPOR~1\Content.IE5\7ELYBQRD\47B99B~4.SH! C:\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\donerite\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\donerite\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: ejepxc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 8195 bytes

This post has been edited by RonnieD: Aug 17 2008, 05:55 PM

Hi, and Welcome to WhatTheTech

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

A. Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.

Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.

B. Now we must disable some of your security programs so that they do not interfere with the running of our tools:

MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

• right-click it -> chose "Exit."
• a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

You succesfully disabled the McAfee Guard.

C.Go to -> Run -> copy/paste the following single line command in the runbox & click OK

"%userprofile%\desktop\combofix.exe" /killall

• DO NOT USE your computer for any other purpose while ComboFix is running.
• ComboFix may restart your computer, this is normal.
• When finished, it will produce a log, ComboFix.txt.
• Please post ComboFix.txt in your next reply along with a new HijackThis log.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

This post has been edited by Tomk: Aug 17 2008, 07:32 PM

After downloading ComboFix I seemed to have lost my entire Start bar as well as all desktop icons. I shut down using the task manager. Restart and everything is fine (icons & start bar have returned).



When I right click on the 'M' in the lower right-hand corner "Exit" is not an option.

Only options:

-Open SecurityCenter
-Updates
-Scan
-QuickLinks
-Change Settings
-Verify Subscription
-Customer Support

RonnieD,

Unfortunately, those are some severe symptoms of one of the infections you have. Go ahead and run ComboFix.

Here they are...

ComboFix.txt:

ComboFix 08-08-17.03 - donerite 2008-08-17 21:42:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.340 [GMT -6:00]
Running from: C:\Documents and Settings\donerite\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\donerite\Application Data\DriveCleaner Freeware
C:\Documents and Settings\donerite\Application Data\DriveCleaner Freeware\Logs\update.log
C:\Documents and Settings\donerite\Application Data\macromedia\Flash Player\#SharedObjects\BKG86LBZ\interclick.com
C:\Documents and Settings\donerite\Application Data\macromedia\Flash Player\#SharedObjects\BKG86LBZ\interclick.com\ud.sol
C:\Documents and Settings\donerite\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\donerite\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\donerite\Application Data\SpamBlockerUtility
C:\Documents and Settings\donerite\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf
C:\Documents and Settings\donerite\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\3707.dat
C:\Documents and Settings\donerite\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\donerite\Application Data\SpamBlockerUtility_Icons\Repair+System+Registry.ico
C:\Documents and Settings\donerite\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\donerite\Application Data\WeatherDPA
C:\Documents and Settings\donerite\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\donerite\UserData
C:\Documents and Settings\donerite\UserData\index.dat
C:\Documents and Settings\donerite\UserData\M1Y3WPCH\YL[1].xml
C:\Documents and Settings\donerite\UserData\QDQ96103\IsOnIE6tbPromo[1].xml
C:\Documents and Settings\donerite\winlogo.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1389807.sdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3428586.sdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3855009.sdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17025
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\18391
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\211683
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25424
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27503
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\28383
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29115
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29425
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\33201
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\33697
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\390259
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\39897
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54189
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61837
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64517
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\72748
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\73119
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83216
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\3707.dat
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\cursors.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\editblbuttons.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hb_ie_menu.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ie_games_icon.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ie_video.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sbu_icon.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sdfmodifier.xml
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\weathericon.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\cursors.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hb_ie_menu.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ie_video.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sbu_icon.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\weathericon.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility_Icons\Repair+System+Registry.ico
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Program Files\network monitor
C:\Program Files\PCPrivacyCleaner
C:\Program Files\spamblockerutility
C:\Program Files\VirusRemover2008
C:\Program Files\XP Antivirus
C:\Redemption.ECF
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM5b133926.txt
C:\WINDOWS\BM5b133926.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AdeNnUvw.ini
C:\WINDOWS\system32\AdeNnUvw.ini2
C:\WINDOWS\system32\alcsmhxg.dll
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\bhgsdrld.dll
C:\WINDOWS\system32\bpjdgljy.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\ejepxc.dll
C:\WINDOWS\system32\geBrqqRi.dll
C:\WINDOWS\system32\gxhmscla.ini
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\jaazzz.dll
C:\WINDOWS\system32\ksxmwp.dll
C:\WINDOWS\system32\kvxwjeny.dll
C:\WINDOWS\system32\kwtwcujo.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkadjpad.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nyxnfdkw.ini
C:\WINDOWS\system32\ojucwtwk.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tudyvtnh.dll
C:\WINDOWS\system32\ugbguhts.ini
C:\WINDOWS\system32\urqPgdeC.dll
C:\WINDOWS\system32\vwgpqvev.dll
C:\WINDOWS\system32\winlogo.exe
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\winsrc.dll.tmp
C:\WINDOWS\system32\wvUnNedA.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor


((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-16 11:51 . 2008-08-16 11:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-15 23:12 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-15 23:07 . 2004-08-04 00:56 239,616 --a------ C:\WINDOWS\system32\wstrenderer.ax
2008-08-15 23:07 . 2004-08-04 00:56 164,352 --a------ C:\WINDOWS\system32\wstpager.ax
2008-08-15 23:07 . 2004-08-04 00:56 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-08-15 23:07 . 2004-08-04 00:56 53,248 --a------ C:\WINDOWS\system32\vbicodec.ax
2008-08-15 23:07 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-08-15 23:07 . 2004-08-03 22:59 9,728 --a------ C:\WINDOWS\system32\comsdupd.exe
2008-08-15 23:01 . 2008-08-15 23:01 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-15 22:57 . 2004-08-04 00:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-08-15 22:54 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002443_.tmp
2008-08-15 22:46 . 2008-08-15 22:46 <DIR> d-------- C:\WINDOWS\EHome
2008-08-08 22:52 . 2008-08-08 22:52 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files
2008-08-08 22:52 . 2008-08-08 22:52 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-08 22:47 . 2008-08-08 22:54 4,407 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-08-08 22:08 . 2008-08-08 22:08 <DIR> d-------- C:\Program Files\AML Products
2008-08-08 22:08 . 2000-05-22 16:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-08-05 21:08 . 2008-08-05 21:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-05 20:06 . 2008-08-05 20:06 <DIR> d-------- C:\Documents and Settings\donerite\Application Data\McAfee
2008-07-27 13:46 . 2008-08-17 22:11 6,757 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-27 13:45 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-27 13:36 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-27 13:36 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-27 13:36 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-27 13:36 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-27 13:36 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-27 13:36 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-27 13:34 . 2008-07-27 13:34 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-27 13:34 . 2008-08-05 20:25 <DIR> d-------- C:\Program Files\McAfee
2008-07-27 13:34 . 2008-07-27 13:36 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-27 13:26 . 2008-07-27 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-27 13:25 . 2008-07-27 13:25 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Freeware
2008-07-27 13:25 . 2008-07-27 13:25 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-07-27 13:25 . 2003-03-19 09:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-07-27 13:25 . 2003-03-19 06:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-07-27 13:15 . 2008-07-27 13:15 167 --a------ C:\Documents and Settings\donerite\4308.bat
2008-07-27 13:12 . 2008-07-27 13:12 167 --a------ C:\Documents and Settings\donerite\5638.bat
2008-07-27 12:49 . 2008-07-27 12:49 167 --a------ C:\Documents and Settings\donerite\1988.bat
2008-07-27 12:24 . 2008-07-27 13:52 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-07-27 12:03 . 2008-07-27 12:03 167 --a------ C:\WINDOWS\system32\8580.bat
2008-07-27 11:14 . 2008-07-27 12:21 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
2008-07-27 11:14 . 2008-07-27 11:14 1,270 --a------ C:\Repair System Registry.lnk
2008-07-27 10:59 . 2008-07-27 19:39 <DIR> d--hs---- C:\WINDOWS\ZG9uZXJpdGU
2008-07-27 10:59 . 2008-07-27 10:59 167 --a------ C:\WINDOWS\system32\2441.bat
2008-07-27 10:58 . 2008-07-27 19:31 <DIR> d-------- C:\WINDOWS\system32\sem
2008-07-27 10:58 . 2008-07-27 19:31 <DIR> d-------- C:\WINDOWS\system32\kBin13
2008-07-27 10:58 . 2008-07-27 19:39 <DIR> d-------- C:\WINDOWS\system32\fonts
2008-07-27 10:58 . 2008-07-27 10:58 <DIR> d-------- C:\WINDOWS\system32\bosh
2008-07-27 10:58 . 2008-07-27 10:58 <DIR> d-------- C:\Temp\epr1
2008-07-27 10:58 . 2008-08-17 21:43 <DIR> d-------- C:\Temp
2008-07-27 10:58 . 2008-07-27 10:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-07-23 16:46 . 2008-07-23 16:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-23 16:46 . 2008-07-23 16:46 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-23 16:45 . 2008-07-23 16:45 <DIR> d-------- C:\WINDOWS\ShellNew

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 17:21 --------- d-----w C:\Documents and Settings\donerite\Application Data\ComcastToolbar
2008-08-16 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-16 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 02:27 --------- d-----w C:\Documents and Settings\donerite\Application Data\Creative
2008-08-16 02:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-08 02:01 --------- d-----w C:\Program Files\Google
2008-08-06 02:41 --------- d-----w C:\Program Files\PokerStars
2008-08-06 02:23 --------- d-----w C:\Program Files\Absolute Poker
2008-07-27 18:02 --------- d-----w C:\Program Files\LimeWire
2008-07-27 18:02 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-27 17:05 --------- d-----w C:\Documents and Settings\donerite\Application Data\LimeWire
2008-07-27 06:03 --------- d-----w C:\Program Files\Full Tilt Poker
2008-07-26 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBUSA
2008-06-21 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comcast
2008-06-01 15:15 9,047,768 ----a-w C:\Program Files\AbsolutePoker8_3_0.exe
2003-10-22 18:36 9,592,832 ----a-w C:\Program Files\CS-80V.dll
2003-10-17 22:52 467,039 ----a-w C:\Program Files\CS-80V.dpm
2003-09-25 16:57 765,815 ----a-w C:\Program Files\CS-80V.dpm.rsr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2003-09-02 00:00 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 03:50 155648]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 13:25 202560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"CTHelper"="CTHELPER.EXE" [2003-04-10 02:36 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="CTASIO.DLL" [2003-04-10 23:33 118784 C:\WINDOWS\system32\CTASIO.DLL]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ejepxc.dll ksxmwp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= rddv1009.dll
"MIDI2"= diomidi.dll
"wave2"= Digi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFi~1.sys [2003-06-16 00:00]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
R3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 06:11]
R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2003-09-02 00:00]
S1 nikedrvv;nikedrvv;C:\WINDOWS\system32\drivers\nikedrvv.sys []
S3 RD1009;EDIROL UM-1 USB Driver;C:\WINDOWS\system32\Drivers\rdwm1009.sys [2002-05-21 18:14]
.
Contents of the 'Scheduled Tasks' folder

2008-07-27 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-07-27 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-58200aba - C:\WINDOWS\system32\alcsmhxg.dll
HKLM-Run-BM5b133926 - C:\WINDOWS\system32\mkadjpad.dll
HKLM-Run-NWEReboot - (no file)
HKLM-Run-p2p networking - p2pnetworking.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\donerite\Application Data\Mozilla\Firefox\Profiles\4fuvkvj4.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 22:11:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\donerite\LOCALS~1\Temp\_tf5.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-17 22:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 04:14:26

Pre-Run: 47,140,663,296 bytes free
Post-Run: 47,094,333,440 bytes free

405 --- E O F --- 2008-06-15 17:17:18




And New HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26, on 2008-08-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\donerite\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\donerite\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: ejepxc.dll ksxmwp.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 6736 bytes

RonnieD,

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we felt we needed to change our policy on the use of P2P file sharing programs.

You have the following P-2-P program(s) installed
Limewire

This is how you uninstall it/them:

• Click Start
• Go to Control Panel
• Go to Add/Remove Programs
• Find and click Remove for the following (if present):

Limewire


Disable your protection programs as we did before.

• Please open HijackThis and run Do a system scan only
• Check the boxes next to ONLY the entries listed below(if present):
  
  O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
  O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
  O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\donerite\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
  O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\donerite\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
  O20 - AppInit_DLLs: ejepxc.dll ksxmwp.dll
  
  
  
• Close all programs except for HijackThis.
• Click on Fix checked
• A box will pop up asking you if you wish to fix the selected items. Please choose YES.
• Once it has fixed them, please exit/close HijackThis.

Next

COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  CODE
  KILLALL::
  
  File::
  C:\WINDOWS\002443_.tmp
  
  Folder::
  C:\WINDOWS\msdownld.tmp
  C:\Program Files\Common Files\DriveCleaner Freeware
  C:\Documents and Settings\All Users\Application Data\SalesMon
  C:\Program Files\PokerStars
  C:\Program Files\Full Tilt Poker
  C:\Program Files\Absolute Poker
  
  Rootkit::
  C:\DOCUME~1\donerite\LOCALS~1\Temp\_tf5.tmp
  
  Driver::
  nikedrvv
  
  
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Then

Please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

In your next reply please provide:

• ComboFix.txt
• Kaspersky report
• New HijackThis log taken after everything else completed