# Virus Help Needed. IEmonster.b and others.



## justin52493x2

My computer is being bogged down and getting taken ahold of by IEmonster.b and other viruses. Its in my OS and freezing it up every other Bootup I do. I need urgent help, please.

This is my Hijackthis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:24 AM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {DAB46A0D-8939-4056-B80C-028DCE8999EF} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: King Kong - {2E6F4C13-49FB-4DF3-B601-030D1D470E32} - D:\PROGRA~1\KINGKO~1\Capture\KKBROW~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM23dfefbc] Rundll32.exe "C:\WINDOWS\system32\odeukfio.dll",s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [20ecdc20] rundll32.exe "C:\WINDOWS\system32\mycdhidd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor]  (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor]  (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.7.0.32/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.31/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.0.7.14/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.4.21/cascade/cascade-en_US.cab
O16 - DPF: Canasta by pogo - http://game3.pogo.com/v/9.0.5.4/applet/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.0.1.7/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/domino2/domino2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/golfsolitaire/golfsolitaire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.7.0.32/greenback/greenback-en_US.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.7.0.32/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.6.4.29/keno/keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.40/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/mahjong/mahjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.7.0.40/penguins/penguins-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.31/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.4.29/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.29/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.4.29/squares/squares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.4.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/spades2/spades2-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.29/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.4.21/sweeper/sweeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.4.29/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.4.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {60ECEA0D-8234-0B46-14D1-383A6753C250} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191634729640
O20 - AppInit_DLLs: ixhdpc.dll efqkwy.dll blievp.dll hjhuto.dll
O23 - Service: McAfee Application Installer Cleanup (0118631206836189) (0118631206836189mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\011863~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14443 bytes


----------



## ceewi1

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.


----------



## justin52493x2

Im having trouble downloading the recovery data from the web. The virus wont let me visit the page and there is no cached version of the page I can veiw, Do I need the recovery software? Im afraid if I don't get this done today my computer will be lost. The problems are getting pretty serious; taking me almost a half an hour to get back on after the whole PC locks up. This is just terrible. Im truely fighting against time.


----------



## chibicitiberiu

I have a solution, but you'll need to erase your entire HDD.

*If you need to save important data that you have on your hdd:*
First download a distribution of linux (like ubuntu or other). 
Here is a list where you can choose from: http://www.linux.com/download_linux/
If you have trouble viewing this page, I can give you links to torrent files (don't worry, they are safe, official torrents, not from torrent websites).
I recommend Ubuntu because I am sure that it has NTFS support. Here is the download page: http://www.ubuntu.com/getubuntu/download.
Download the image and burn it to a cd. Put the cd in the infected computer and restart it. It should boot from the cd. Save your important data on a portable device (flash drives, dvds/cds (if you have two drives)) but is very important that you don't save infected data.

*Else:*
You have to wipe your entire HDD. I recommend you using a partition manager like Partition Magic (because with the windows installer you can only format the drive you're installing on). There are bootable disks with partition magic so you don't have to install an OS to make it work.
Format your entire HDD, but not just a partition, THE ENTIRE HDD.

Install then your preferred OS (windows xp/vista / linux or any other OS you want).


----------



## justin52493x2

Is there not a torrent I can dl the rocovery infromation and combofix from? Or If I find my XP disk, what about the combfix from there? I have a 320Gig drive, also awaiting to be transferred, but I need those HD USB cartridges to swap everything. I also have a D drive and Portable F drive. are there any other options?


----------



## chibicitiberiu

Can you access an e-mail client? If you give me your e-mail address I could send you combofix via e-mail.


----------



## justin52493x2

Im scrambling to buy myself some time, not knowing when it will decide to freeze, I downloaded AVG ontop of this damn McAfee hoping it might pick up a piece of the virus. Not being able to use Mizilla since its a popup disaster, and I havent been able to use Iexplorer, Im using MSN and K-melon. They arent very helpful when every helpful page I find Its getting jumped to a fake website.


----------



## justin52493x2

I will remove your email address now that this problem has been fixed, as spam bots do operate on these forums.  Thanks for the assistance
-ceewi1


----------



## chibicitiberiu

I have just sent it to you. I used my yahoo account to send it.


----------



## justin52493x2

I accidentally hit open, and it sences rootkit activity and needs to reboot, and if I close that, do I still need the recovery data?


----------



## cohen

Download combo fix on another PC, and then put it on a USB and transfer it over, run it, and then post the log, with a new hijackthis log.


----------



## justin52493x2

This is my Combofix log Part 1:
ComboFix 08-08-18.05 - Justin Barna 2008-08-19 17:17:29.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2593 [GMT -4:00]
Running from: C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\Rar$EX00.985\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Alfred Barna\Application Data\macromedia\Flash Player\#SharedObjects\5DGVBSS4\interclick.com
C:\Documents and Settings\Alfred Barna\Application Data\macromedia\Flash Player\#SharedObjects\5DGVBSS4\interclick.com\ud.sol
C:\Documents and Settings\Alfred Barna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Alfred Barna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Alfred Barna\Application Data\ShoppingReport
C:\Documents and Settings\Alfred Barna\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Alfred Barna\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Alfred Barna\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Alfred Barna\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Alfred Barna\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Alfred Barna\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Alfred Barna\Application Data\WeatherDPA
C:\Documents and Settings\Alfred Barna\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Alfred Barna\Application Data\Zango
C:\Documents and Settings\Alfred Barna\Cookies\alfred_barna@winanonymous[1].txt
C:\Documents and Settings\Alfred Barna\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Alfred Barna\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\#SharedObjects\W8FRYFTP\interclick.com
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\#SharedObjects\W8FRYFTP\interclick.com\ud.sol
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Justin Barna\Application Data\ShoppingReport
C:\Documents and Settings\Justin Barna\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Justin Barna\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Justin Barna\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Justin Barna\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Justin Barna\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Justin Barna\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Justin Barna\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Justin Barna\UserData
C:\Documents and Settings\Justin Barna\UserData\index.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\ShoppingReport
C:\Program Files\winvi
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
C:\Program Files\winvi\dsktp\desktop.html
C:\Program Files\winvi\dsktp\internetDetection.swf
C:\Program Files\winvi\dsktp\settings.sol
C:\Program Files\winvi\Uninst.exe
C:\Program Files\winvi\version.ini
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\temp\tn3
C:\WINDOWS\adaway.lic
C:\WINDOWS\BM23dfefbc.txt
C:\WINDOWS\BM23dfefbc.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png


----------



## justin52493x2

Combofix Part 2:


C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acahklcv.ini
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\aejvgodl.ini
C:\WINDOWS\system32\aengcgpx.ini
C:\WINDOWS\system32\agbuyxlh.ini
C:\WINDOWS\system32\apwrcpxn.ini
C:\WINDOWS\system32\aqVreo18
C:\WINDOWS\system32\awnuirpm.ini
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\bhcpqvmc.ini
C:\WINDOWS\system32\bhdvgmvb.ini
C:\WINDOWS\system32\bkkndghw.ini
C:\WINDOWS\system32\blievp.dll
C:\WINDOWS\system32\blvvlkad.ini
C:\WINDOWS\system32\bnmuuuej.ini
C:\WINDOWS\system32\busohdvu.ini
C:\WINDOWS\system32\bvdsqwuf.ini
C:\WINDOWS\system32\bwdxrrhv.ini
C:\WINDOWS\system32\bwurigkr.ini
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\cjogqfci.ini
C:\WINDOWS\system32\cmmhfcdl.ini
C:\WINDOWS\system32\coowcchu.ini
C:\WINDOWS\system32\coulupeh.ini
C:\WINDOWS\system32\cqwcxtwj.ini
C:\WINDOWS\system32\csvohijq.ini
C:\WINDOWS\system32\cwoalrlm.ini
C:\WINDOWS\system32\dcmnlnys.ini
C:\WINDOWS\system32\dcxyomrq.ini
C:\WINDOWS\system32\ddihdcym.ini
C:\WINDOWS\system32\ddsxjkxa.ini
C:\WINDOWS\system32\djtsifsr.ini
C:\WINDOWS\system32\doxgncyt.ini
C:\WINDOWS\system32\dqcpvmdy.ini
C:\WINDOWS\system32\dqilomha.ini
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\dtanueoq.ini
C:\WINDOWS\system32\dxqjerup.ini
C:\WINDOWS\system32\eawsskit.ini
C:\WINDOWS\system32\efqkwy.dll
C:\WINDOWS\system32\efttfuin.ini
C:\WINDOWS\system32\egxbdcff.ini
C:\WINDOWS\system32\ehxqcphl.ini
C:\WINDOWS\system32\ekfyernh.ini
C:\WINDOWS\system32\epslqgoy.ini
C:\WINDOWS\system32\eqxvbifx.ini
C:\WINDOWS\system32\eslrurxy.ini
C:\WINDOWS\system32\euiponbn.ini
C:\WINDOWS\system32\eujdxgay.ini
C:\WINDOWS\system32\eWebControl.dll
C:\WINDOWS\system32\fdubcrcn.ini
C:\WINDOWS\system32\feanyjdh.ini
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fjimfedb.ini
C:\WINDOWS\system32\fnlmihpj.ini
C:\WINDOWS\system32\fsktqaei.ini
C:\WINDOWS\system32\gaoftt.dll
C:\WINDOWS\system32\gdieocwt.ini
C:\WINDOWS\system32\gecsurwq.ini
C:\WINDOWS\system32\gfejeuib.ini
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ggqboloy.ini
C:\WINDOWS\system32\ggqqkdjg.ini
C:\WINDOWS\system32\ghdduepv.dll
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini2
C:\WINDOWS\system32\glxkikwq.ini
C:\WINDOWS\system32\glyqgrfr.ini
C:\WINDOWS\system32\gmegpukm.ini
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\gskpvujp.ini
C:\WINDOWS\system32\gyhogbom.ini
C:\WINDOWS\system32\hbvhygxj.ini
C:\WINDOWS\system32\hemympom.ini
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hjhuto.dll
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hkhjifok.dll
C:\WINDOWS\system32\hlylvpjw.ini
C:\WINDOWS\system32\holpwlme.ini
C:\WINDOWS\system32\homfqnpy.ini
C:\WINDOWS\system32\hpojdsms.ini
C:\WINDOWS\system32\hsqmlocd.ini
C:\WINDOWS\system32\hxesgfhc.ini
C:\WINDOWS\system32\hykaodap.ini
C:\WINDOWS\system32\icermliu.ini
C:\WINDOWS\system32\iifggFXQ.dll
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\iqmdxbhm.ini
C:\WINDOWS\system32\itcolpux.ini
C:\WINDOWS\system32\itkrhfrp.ini
C:\WINDOWS\system32\ixhdpc.dll
C:\WINDOWS\system32\jaoyahdd.ini
C:\WINDOWS\system32\jbkymqxv.ini
C:\WINDOWS\system32\jdwuorhn.ini
C:\WINDOWS\system32\jeuksxfq.ini
C:\WINDOWS\system32\jhsvskiv.ini
C:\WINDOWS\system32\jitgkofu.ini
C:\WINDOWS\system32\jiuoxacn.ini
C:\WINDOWS\system32\jjbfwbtw.ini
C:\WINDOWS\system32\jjmnsaul.ini
C:\WINDOWS\system32\jmahiswf.ini
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\jwcgepre.ini
C:\WINDOWS\system32\kacytoqt.ini
C:\WINDOWS\system32\kfwvlavc.ini
C:\WINDOWS\system32\kinyexii.ini
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\kkumqkoa.dll
C:\WINDOWS\system32\klytnenm.ini
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\kopwbckj.ini
C:\WINDOWS\system32\krtuwyyg.ini
C:\WINDOWS\system32\kvsgwcje.ini
C:\WINDOWS\system32\kyojshhs.ini
C:\WINDOWS\system32\lamwfwyc.ini
C:\WINDOWS\system32\lhqasich.ini
C:\WINDOWS\system32\libcgssm.ini
C:\WINDOWS\system32\ljrgnppe.ini
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\lovlnvil.ini
C:\WINDOWS\system32\lsftwaxv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfdhynoc.ini
C:\WINDOWS\system32\mgjglwna.ini
C:\WINDOWS\system32\mhjghihy.ini
C:\WINDOWS\system32\mhqbcmin.ini
C:\WINDOWS\system32\mivwyqxb.ini
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mqprbvna.dll
C:\WINDOWS\system32\msimcqtp.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvfppqko.ini
C:\WINDOWS\system32\mycdhidd.dll
C:\WINDOWS\system32\myhngmuk.ini
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\nbuopgon.ini
C:\WINDOWS\system32\ncgsatjf.ini
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\nnnyiorf.ini
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\nrnrhxgx.ini
C:\WINDOWS\system32\nsdmcuux.ini
C:\WINDOWS\system32\ntccvpbj.ini
C:\WINDOWS\system32\nvldnffb.ini
C:\WINDOWS\system32\oaakvbaq.ini
C:\WINDOWS\system32\ojfsspte.ini
C:\WINDOWS\system32\okdfmien.ini
C:\WINDOWS\system32\olnkbovf.ini
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\otqgwian.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pcwuqdbv.ini
C:\WINDOWS\system32\pdnblpgh.ini
C:\WINDOWS\system32\pklcbnmn.ini
C:\WINDOWS\system32\poxojtkl.ini
C:\WINDOWS\system32\pppuxwvb.ini
C:\WINDOWS\system32\pqjusgki.ini
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\purwqtaf.ini
C:\WINDOWS\system32\pwjsnpji.ini
C:\WINDOWS\system32\qdmwigca.ini
C:\WINDOWS\system32\qgfnbugh.ini
C:\WINDOWS\system32\qhwkmtos.ini
C:\WINDOWS\system32\qjbeeqch.ini
C:\WINDOWS\system32\qjihrkkj.ini
C:\WINDOWS\system32\qlbgnmer.ini
C:\WINDOWS\system32\qmjkcnpy.ini
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini2
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qvfcpyxu.ini
C:\WINDOWS\system32\QXFggfii.ini
C:\WINDOWS\system32\QXFggfii.ini2
C:\WINDOWS\system32\ratbpnbb.ini
C:\WINDOWS\system32\rdpygsfb.ini
C:\WINDOWS\system32\rkpeogut.ini
C:\WINDOWS\system32\rvkimjcg.ini
C:\WINDOWS\system32\saqcowef.ini
C:\WINDOWS\system32\seijmxke.ini
C:\WINDOWS\system32\sevccqjt.ini
C:\WINDOWS\system32\shnvbqlr.ini
C:\WINDOWS\system32\sjykqgkq.ini
C:\WINDOWS\system32\slclkwbv.ini
C:\WINDOWS\system32\sljbkxqp.ini
C:\WINDOWS\system32\slqauvhc.ini
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini2
C:\WINDOWS\system32\swrmljhl.ini
C:\WINDOWS\system32\sxghihrh.ini
C:\WINDOWS\system32\tckvckgk.ini
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\terynxie.ini
C:\WINDOWS\system32\thghhoxo.ini
C:\WINDOWS\system32\tlkqyhfm.dll
C:\WINDOWS\system32\tpchjbov.ini
C:\WINDOWS\system32\tqbfqnrh.ini
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttswctso.ini
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\tuvSjkJY.dll
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\ualelwci.ini
C:\WINDOWS\system32\ueixhnre.ini
C:\WINDOWS\system32\ufdinqvf.ini
C:\WINDOWS\system32\uhkjakpc.ini
C:\WINDOWS\system32\uievnkxv.ini
C:\WINDOWS\system32\upoerssu.ini
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vdkmyhnm.ini
C:\WINDOWS\system32\vgthbuiu.ini
C:\WINDOWS\system32\viuvmbxw.ini
C:\WINDOWS\system32\vkokrbin.ini
C:\WINDOWS\system32\vrhinhsd.ini
C:\WINDOWS\system32\vvxaugao.ini
C:\WINDOWS\system32\vxnadfwf.ini
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\wfcmivdw.ini
C:\WINDOWS\system32\whwoqiqx.ini
C:\WINDOWS\system32\wjrblmnr.ini
C:\WINDOWS\system32\wkxrdtxr.ini
C:\WINDOWS\system32\wwywxetl.ini
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\xcpdngru.ini
C:\WINDOWS\system32\xeypocqn.ini
C:\WINDOWS\system32\xghmncrl.ini
C:\WINDOWS\system32\xhkxuukg.ini
C:\WINDOWS\system32\xkyjdpci.ini
C:\WINDOWS\system32\xwequfqj.ini
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyyfgtsp.ini
C:\WINDOWS\system32\yaecqvfm.ini
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\ybadd.ini2
C:\WINDOWS\system32\ybljtmdu.ini
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycocpnyu.ini
C:\WINDOWS\system32\ycxtmyqq.ini
C:\WINDOWS\system32\yeqnajai.ini
C:\WINDOWS\system32\ypmsplxa.ini
C:\WINDOWS\system32\yqohuuqh.ini
C:\WINDOWS\system32\yrughwdm.ini
C:\WINDOWS\system32\yubtqasy.ini
C:\WINDOWS\system32\yvrtkdau.ini
C:\WINDOWS\system32\ywbkobpr.ini
C:\WINDOWS\system32\ywsuwujm.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


(((((((((((((((((((((((((   Files Created from 2008-07-19 to 2008-08-19  )))))))))))))))))))))))))))))))
.

2008-08-19 18:09 . 2008-08-19 18:09	<DIR>	d--------	C:\WINDOWS\LastGood
2008-08-19 14:54 . 2008-08-19 16:03	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-08-19 14:49 . 2008-08-19 14:49	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
2008-08-19 14:49 . 2008-08-19 14:49	<DIR>	d--------	C:\Program Files\AVG
2008-08-19 14:49 . 2008-08-19 14:49	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\AVGTOOLBAR
2008-08-19 14:49 . 2008-08-19 14:53	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\avg8
2008-08-19 14:49 . 2008-08-19 14:49	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-19 14:49 . 2008-08-19 14:49	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
2008-08-19 00:29 . 2008-08-19 00:29	<DIR>	d--------	C:\Program Files\Trend Micro
2008-08-14 08:46 . 2008-08-14 08:46	<DIR>	d--------	C:\Documents and Settings\Alfred Barna\Application Data\My Battle for Middle-earth Files
2008-08-11 13:01 . 2008-08-19 17:59	<DIR>	d---s----	C:\Documents and Settings\Guest\Temporary Internet Files
2008-08-11 13:01 . 2008-08-11 13:01	<DIR>	d---s----	C:\Documents and Settings\Guest\History
2008-08-11 13:01 . 2008-08-11 13:01	<DIR>	d--------	C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-08-11 13:01 . 2008-08-19 14:49	<DIR>	d--------	C:\Documents and Settings\Guest
2008-08-10 22:02 . 2008-08-10 22:02	<DIR>	d--------	C:\Program Files\Intel Desktop Board Audio Driver
2008-08-10 21:50 . 2008-08-10 21:50	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-08-10 21:50 . 2008-08-10 21:50	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\SystemRequirementsLab
2008-07-29 21:37 . 2008-08-02 20:23	145	--a------	C:\WINDOWS\game.INI
2008-07-28 15:41 . 2008-07-28 15:41	<DIR>	d--------	C:\Program Files\SeeToo
2008-07-28 14:33 . 2008-07-28 15:22	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\Webcammax
2008-07-28 14:33 . 2008-07-28 14:33	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\WebcamMax
2008-07-28 14:33 . 2008-03-11 09:14	941,784	--a------	C:\WINDOWS\system32\drivers\CAMTHWDM.sys
2008-07-24 22:13 . 2008-07-24 22:13	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\acccore
2008-07-24 22:13 . 2008-07-24 22:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\acccore
2008-07-24 22:10 . 2008-07-24 22:13	<DIR>	d--------	C:\Program Files\AIM6
2008-07-22 07:09 . 2008-06-13 09:10	272,128	--a------	C:\WINDOWS\system32\drivers\bthport.sys
2008-07-22 07:09 . 2008-06-13 09:10	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-20 12:57 . 2008-07-20 12:57	230	--a------	C:\WINDOWS\system32\spupdsvc.inf

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 22:12	---------	d-----w	C:\Program Files\Steam
2008-08-19 21:04	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\MSN6
2008-08-19 01:17	---------	d-----w	C:\Program Files\Common Files\YourPrivacyGuard
2008-08-16 18:23	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\SiteAdvisor
2008-08-16 17:32	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\MSN6
2008-08-12 02:56	---------	d-----w	C:\Program Files\Apple Software Update
2008-08-11 22:51	---------	d-----w	C:\Program Files\iPod
2008-08-11 02:03	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-10 16:27	---------	d-----w	C:\Program Files\Lx_cats
2008-07-29 14:07	---------	d-----w	C:\Program Files\Bonjour
2008-07-25 02:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-25 02:11	---------	d-----w	C:\Program Files\Common Files\AOL
2008-07-24 23:55	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL
2008-07-24 14:44	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-22 11:02	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-15 16:53	---------	d-----w	C:\Program Files\VideoLAN
2008-07-12 01:56	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\Hamachi
2008-07-11 17:38	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\BitDownload
2008-07-10 12:09	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\FrostWire
2008-07-09 20:50	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\FrostWire
2008-07-09 20:43	---------	d-----w	C:\Program Files\Java
2008-07-07 02:35	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 19:57	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\Ventrilo
2008-07-05 19:37	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\SiteAdvisor
2008-07-02 01:43	304,160	----a-w	C:\PA207.DAT
2008-07-02 01:34	---------	d-----w	C:\Program Files\PC VGA Camera
2008-07-02 01:34	---------	d-----w	C:\Program Files\Common Files\PCCamera
2008-07-02 00:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\PY_Software
2008-06-30 15:30	---------	d-----w	C:\Program Files\QuickTime
2008-06-30 15:26	---------	d-----w	C:\Program Files\Common Files\Apple
2008-06-28 04:46	---------	d-----w	C:\Program Files\iTunes
2008-06-27 13:23	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\BitTorrent
2008-06-25 04:25	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\IGN_DLM
2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2007-12-15 06:20	22,328	-c--a-w	C:\Documents and Settings\Justin Barna\Application Data\PnkBstrK.sys
2007-10-17 00:43	111,456	-c--a-w	C:\Documents and Settings\Justin Barna\Application Data\GDIPFONTCACHEV1.DAT
2006-09-14 12:08	774,144	----a-w	C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"igndlm.exe"="D:\Download Manager\DLM.exe" [2007-03-05 17:57 1103480]
"Steam"="c:\program files\steam\steam.exe" [2008-08-04 12:12 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-07-24 16:28 35992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 01:57 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 01:57 162584]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 10:21 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 12:48 185896]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2007-12-31 12:48 69632]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 22:36 50688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-19 14:49 1232152]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 05:33 16132608 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 04:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Justin Barna\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP31"= vp31vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 C:\WINDOWS\system32\iifggFXQ
path=
backup=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{CD-DC-C8-8F-DW}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2007-04-20 01:57 138008 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\WINDOWS\\system32\\lxcgcoms.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 2004\\System\\UT2004.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AluriaFilter;AluriaFilter;C:\WINDOWS\system32\DRIVERS\AlurFltr.sys [2005-05-17 09:23]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-19 14:49]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 14:49]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CAMTHWDM.sys [2008-03-11 09:14]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2006-02-28 08:00]
R3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-12 12:39]
S1 CCDECODEE;CCDECODEE;C:\WINDOWS\system32\drivers\CCDECODEE.sys []
S2 0118631206836189mcinstcleanup;McAfee Application Installer Cleanup (0118631206836189);C:\WINDOWS\TEMP\011863~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S2 LMIInfo;LogMeIn Kernel Information Provider;D:\x86\RaInfo.sys []
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\@BIOS\markfun.w32 [2007-08-21 11:49]
S3 SunkFilt32;Alcor Micro Corp - 3233;C:\WINDOWS\System32\Drivers\sunkfilt32.sys [2004-08-18 19:44]
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva042;XDva042;C:\WINDOWS\system32\XDva042.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2006-02-28 08:00]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-14 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-14 17:10]

2008-08-19 C:\WINDOWS\Tasks\Scan.job
- C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe []

2008-08-19 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe []

2008-08-19 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-BM23dfefbc - C:\WINDOWS\system32\odeukfio.dll
HKLM-Run-20ecdc20 - C:\WINDOWS\system32\mycdhidd.dll
HKU-Default-Run-Spyware Doctor - (no file)
Notify-nnnkjkh - nnnkjkh.dll
MSConfigStartUp-BM23dfefbc - C:\WINDOWS\system32\hyxfupsq.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Justin Barna\Application Data\Mozilla\Firefox\Profiles\d4hvaijv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
.
------- File Associations (Beta) -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 18:12:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


C:\WINDOWS\TEMP\a376d814-66d1-4072-ae94-047bef73fa1f.tmp 0 bytes
C:\WINDOWS\TEMP\a378b9e6-fb99-4cb1-8871-d8ea50fb517b.tmp 0 bytes


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\@BIOS\markfun.w32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-19 18:24:36 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-19 22:23:32

Pre-Run: 2,568,953,856 bytes free
Post-Run: 2,598,199,296 bytes free

900	--- E O F ---	2008-08-10 02:41:39


----------



## justin52493x2

HijackThis Log: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:13 PM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Justin Barna\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.7.0.32/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.31/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.0.7.14/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.4.21/cascade/cascade-en_US.cab
O16 - DPF: Canasta by pogo - http://game3.pogo.com/v/9.0.5.4/applet/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.0.1.7/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/domino2/domino2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/golfsolitaire/golfsolitaire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.7.0.32/greenback/greenback-en_US.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.7.0.32/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.6.4.29/keno/keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.40/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/mahjong/mahjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.7.0.40/penguins/penguins-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.31/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.4.29/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.29/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.4.29/squares/squares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.4.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/spades2/spades2-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.29/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.4.21/sweeper/sweeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.4.29/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.4.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {60ECEA0D-8234-0B46-14D1-383A6753C250} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191634729640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: McAfee Application Installer Cleanup (0118631206836189) (0118631206836189mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\011863~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 15096 bytes


----------



## justin52493x2

That took a while, Thanks for E-mailing me the Combofix, It made things alot easeir


----------



## cohen

Well it looks still pretty infected, but the combo fix did a lot of deletions, i'll leave this one to ceewi1.


----------



## chibicitiberiu

You're welcome.


----------



## justin52493x2

So what Do I do now to get rid of everything else? The File system changed back to NTSF from the RAW format the virus changed everything too. Performance is a little better but I think it still needs more work. Please continue with the good work.


----------



## cohen

justin52493x2 said:


> So what Do I do now to get rid of everything else? The File system changed back to NTSF from the RAW format the virus changed everything too. Performance is a little better but I think it still needs more work. Please continue with the good work.



as i said above, wait for a higher pro to come and fix anything else up.

Ceewi1 should be on soon... and he should / might post some instructions for you.


----------



## ceewi1

Yes, still a few more things.

Please run HijackThis and choose *Do a system scan only*.

Place a check next to the following entry:
*
[*]O16 - DPF: {60ECEA0D-8234-0B46-14D1-383A6753C250} - http://85.255.113.214/1/gdnUS2218.exe
*
Please close all open windows except for HijackThis and choose *Fix checked*


Open *Notepad* (Start -> Run -> type *notepad* in the Open field -> OK) and copy and paste the text present *inside* the code box below:



		Code:
	

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{CD-DC-C8-8F-DW}]

Driver::
CCDECODEE
0118631206836189mcinstcleanup
XDva039
XDva042

Rootkit::
C:\WINDOWS\TEMP\a376d814-66d1-4072-ae94-047bef73fa1f.tmp
C:\WINDOWS\TEMP\a378b9e6-fb99-4cb1-8871-d8ea50fb517b.tmp


Save this as *CFScript.txt* and change the *Save as type* to *All Files* and place it on your *desktop*.









Referring to the screenshot above, *drag CFScript.txt into ComboFix.exe*.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
*CAUTION*:
Do *NOT* mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do *NOT* adjust your time format while ComboFix is running.

Please do a scan with Kaspersky Online Scanner

Click on the *Accept* button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the *Scan* section select *My Computer*.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on *View scan report*
Now, click on the *Save Report as* button.
In the drop down box labeled *Files of type* change the type to *Text file*.
Save the file to your desktop.
Copy and paste that information in your next post.

Please post
The ComboFix log
A new HijackThis log
The Kaspersky online scanner report
An update on how your system is running now


----------



## justin52493x2

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:45 AM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Justin Barna\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.7.0.32/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.31/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.0.7.14/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.4.21/cascade/cascade-en_US.cab
O16 - DPF: Canasta by pogo - http://game3.pogo.com/v/9.0.5.4/applet/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.0.1.7/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/domino2/domino2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/golfsolitaire/golfsolitaire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.7.0.32/greenback/greenback-en_US.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.7.0.32/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.6.4.29/keno/keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.40/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/mahjong/mahjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.7.0.40/penguins/penguins-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.31/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.4.29/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.29/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.4.29/squares/squares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.4.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/spades2/spades2-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.29/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.4.21/sweeper/sweeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.4.29/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.4.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191634729640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14789 bytes


----------



## justin52493x2

ComboFix Log:

ComboFix 08-08-21.02 - Justin Barna 2008-08-21 22:34:47.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2665 [GMT -4:00]
Running from: C:\Documents and Settings\Justin Barna\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justin Barna\Desktop\CFScript.txt
 * Created a new restore point
 * Resident AV is active


*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0118631206836189MCINSTCLEANUP
-------\Legacy_CCDECODEE
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_XDVA039
-------\Legacy_XDVA042
-------\Service_0118631206836189mcinstcleanup
-------\Service_CCDECODEE
-------\Service_XDva039
-------\Service_XDva042


(((((((((((((((((((((((((   Files Created from 2008-07-22 to 2008-08-22  )))))))))))))))))))))))))))))))
.

2008-08-20 19:21 . 2008-08-20 19:21	<DIR>	d--------	C:\Documents and Settings\Alfred Barna\Application Data\AVGTOOLBAR
2008-08-19 14:54 . 2008-08-21 22:19	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-08-19 14:49 . 2008-08-21 20:06	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
2008-08-19 14:49 . 2008-08-19 14:49	<DIR>	d--------	C:\Program Files\AVG
2008-08-19 14:49 . 2008-08-19 14:49	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\AVGTOOLBAR
2008-08-19 14:49 . 2008-08-19 19:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\avg8
2008-08-19 14:49 . 2008-08-19 14:49	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-19 14:49 . 2008-08-19 14:49	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
2008-08-19 00:29 . 2008-08-19 00:29	<DIR>	d--------	C:\Program Files\Trend Micro
2008-08-14 08:46 . 2008-08-14 08:46	<DIR>	d--------	C:\Documents and Settings\Alfred Barna\Application Data\My Battle for Middle-earth Files
2008-08-11 13:01 . 2008-08-19 17:59	<DIR>	d---s----	C:\Documents and Settings\Guest\Temporary Internet Files
2008-08-11 13:01 . 2008-08-11 13:01	<DIR>	d---s----	C:\Documents and Settings\Guest\History
2008-08-11 13:01 . 2008-08-11 13:01	<DIR>	d--------	C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-08-11 13:01 . 2008-08-19 14:49	<DIR>	d--------	C:\Documents and Settings\Guest
2008-08-10 22:02 . 2008-08-10 22:02	<DIR>	d--------	C:\Program Files\Intel Desktop Board Audio Driver
2008-08-10 21:50 . 2008-08-10 21:50	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-08-10 21:50 . 2008-08-10 21:50	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\SystemRequirementsLab
2008-07-29 21:37 . 2008-08-02 20:23	145	--a------	C:\WINDOWS\game.INI
2008-07-28 15:41 . 2008-07-28 15:41	<DIR>	d--------	C:\Program Files\SeeToo
2008-07-28 14:33 . 2008-07-28 15:22	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\Webcammax
2008-07-28 14:33 . 2008-07-28 14:33	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\WebcamMax
2008-07-28 14:33 . 2008-03-11 09:14	941,784	--a------	C:\WINDOWS\system32\drivers\CAMTHWDM.sys
2008-07-24 22:13 . 2008-07-24 22:13	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\acccore
2008-07-24 22:13 . 2008-07-24 22:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\acccore
2008-07-24 22:10 . 2008-07-24 22:13	<DIR>	d--------	C:\Program Files\AIM6
2008-07-22 07:09 . 2008-06-13 09:10	272,128	--a------	C:\WINDOWS\system32\drivers\bthport.sys
2008-07-22 07:09 . 2008-06-13 09:10	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 02:47	---------	d-----w	C:\Program Files\Steam
2008-08-20 16:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-19 23:37	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\MSN6
2008-08-19 01:17	---------	d-----w	C:\Program Files\Common Files\YourPrivacyGuard
2008-08-16 18:23	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\SiteAdvisor
2008-08-16 17:32	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\MSN6
2008-08-12 02:56	---------	d-----w	C:\Program Files\Apple Software Update
2008-08-11 22:51	---------	d-----w	C:\Program Files\iPod
2008-08-11 02:03	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-10 16:27	---------	d-----w	C:\Program Files\Lx_cats
2008-07-29 14:07	---------	d-----w	C:\Program Files\Bonjour
2008-07-25 02:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-25 02:11	---------	d-----w	C:\Program Files\Common Files\AOL
2008-07-24 23:55	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL
2008-07-22 11:02	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-15 16:53	---------	d-----w	C:\Program Files\VideoLAN
2008-07-12 01:56	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\Hamachi
2008-07-11 17:38	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\BitDownload
2008-07-10 12:09	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\FrostWire
2008-07-09 20:50	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\FrostWire
2008-07-09 20:43	---------	d-----w	C:\Program Files\Java
2008-07-07 02:35	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 19:57	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\Ventrilo
2008-07-05 19:37	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\SiteAdvisor
2008-07-02 01:43	304,160	----a-w	C:\PA207.DAT
2008-07-02 01:34	---------	d-----w	C:\Program Files\PC VGA Camera
2008-07-02 01:34	---------	d-----w	C:\Program Files\Common Files\PCCamera
2008-07-02 00:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\PY_Software
2008-06-30 15:30	---------	d-----w	C:\Program Files\QuickTime
2008-06-30 15:26	---------	d-----w	C:\Program Files\Common Files\Apple
2008-06-28 04:46	---------	d-----w	C:\Program Files\iTunes
2008-06-27 13:23	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\BitTorrent
2008-06-25 04:25	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\IGN_DLM
2007-12-15 06:20	22,328	-c--a-w	C:\Documents and Settings\Justin Barna\Application Data\PnkBstrK.sys
2007-10-17 00:43	111,456	-c--a-w	C:\Documents and Settings\Justin Barna\Application Data\GDIPFONTCACHEV1.DAT
2006-09-14 12:08	774,144	----a-w	C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"igndlm.exe"="D:\Download Manager\DLM.exe" [2007-03-05 17:57 1103480]
"Steam"="c:\program files\steam\steam.exe" [2008-08-04 12:12 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-07-24 16:28 35992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 01:57 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 01:57 162584]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 10:21 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 12:48 185896]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2007-12-31 12:48 69632]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 22:36 50688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-19 14:49 1232152]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 05:33 16132608 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 04:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Justin Barna\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP31"= vp31vfw.dll
"VIDC.XFR1"= xfcodec.dll
path=
backup=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2007-04-20 01:57 138008 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\WINDOWS\\system32\\lxcgcoms.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 2004\\System\\UT2004.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\BitLord\\BitLord.exe"=

R1 AluriaFilter;AluriaFilter;C:\WINDOWS\system32\DRIVERS\AlurFltr.sys [2005-05-17 09:23]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-19 14:49]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 14:49]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CAMTHWDM.sys [2008-03-11 09:14]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2006-02-28 08:00]
R3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-12 12:39]
S2 LMIInfo;LogMeIn Kernel Information Provider;D:\x86\RaInfo.sys []
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\@BIOS\markfun.w32 [2007-08-21 11:49]
S3 SunkFilt32;Alcor Micro Corp - 3233;C:\WINDOWS\System32\Drivers\sunkfilt32.sys [2004-08-18 19:44]
.
Contents of the 'Scheduled Tasks' folder

2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2006-02-28 08:00]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-21 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-14 17:10]

2008-08-21 C:\WINDOWS\Tasks\Scan.job
- C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe []

2008-08-22 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe []

2008-08-19 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe []
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 22:44:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\@BIOS\markfun.w32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-21 22:58:03 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-22 02:56:58
ComboFix2.txt  2008-08-19 22:24:37

Pre-Run: 1,657,434,112 bytes free
Post-Run: 2,340,368,384 bytes free

230	--- E O F ---	2008-08-20 16:06:26


----------



## justin52493x2

KasperSky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Friday, August 22, 2008
 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Friday, August 22, 2008 03:25:05
 Records in database: 1122684
--------------------------------------------------------------------------------

Scan settings:
	Scan using the following database: extended
	Scan archives: yes
	Scan mail databases: yes

Scan area - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\

Scan statistics:
	Files scanned: 530039
	Threat name: 39
	Infected objects: 80
	Suspicious objects: 0
	Duration of the scan: 06:06:01


File name / Threat name / Threats count
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0004306.DLL.bac_a04012	Infected: not-a-virus:AdTool.Win32.MyWebSearch	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0004324.DLL.bac_a04012	Infected: not-a-virus:AdTool.Win32.MyWebSearch.i	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0025030.exe.bac_a04012	Infected: Trojan.Win32.DNSChanger.qs	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0025031.exe.bac_a04012	Infected: Trojan.Win32.DNSChanger.qs	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0025032.exe.bac_a04012	Infected: Trojan.Win32.DNSChanger.qs	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0108417.dll.bac_a03072	Infected: Trojan.Win32.Monder.aa	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0108418.dll.bac_a03072	Infected: Trojan.Win32.Monder.gen	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0108419.dll.bac_a03072	Infected: Trojan.Win32.Monder.w	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0109779.dll.bac_a03072	Infected: Trojan.Win32.Monder.w	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0111043.dll.bac_a03072	Infected: not-a-virus:AdWare.Win32.Virtumonde.lry	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\awtst.dll.bac_a03072	Infected: Trojan.Win32.Monder.gen	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\axlpsmpy.dll.bac_a03072	Infected: Trojan.Win32.Monder.cx	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\b153.exe.bac_a03072	Infected: not-a-virus:AdWare.Win32.Insider.d	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\b155.exe.bac_a03072	Infected: Trojan.Win32.BHO.bfl	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\bfsgypdr.dll.bac_a03072	Infected: Trojan.Win32.Monder.aa	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\blackwind, fire, and steel 15.wma.bac_a04012	Infected: Trojan-Downloader.WMA.Wimad.d	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\btdfqmvt.dll.bac_a03072	Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\CAAXONWI.bac_a03072	Infected: Trojan.Win32.Monder.gen	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\daklvvlb.dll.bac_a03072	Infected: Trojan.Win32.Monder.gen	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\eldppqeo.dll.bac_a03072	Infected: not-a-virus:AdWare.Win32.Virtumonde.lsa	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\fgfqoqgr.dll.bac_a03072	Infected: Trojan.Win32.Monder.gen	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\gnmdjqic.dll.bac_a03072	Infected: Trojan.Win32.Monder.bb	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\hcqeebjq.dll.bac_a03072	Infected: Trojan.Win32.Monder.aa	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\hefxouom.dll.bac_a03072	Infected: Trojan.Win32.Monder.az	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\hvatemlo.dll.bac_a03072	Infected: not-a-virus:AdWare.Win32.Virtumonde.quf	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\jefjncex.dll.bac_a03072	Infected: Trojan.Win32.Monder.ac	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\laf16.tmp.bac_a04012	Infected: Trojan-Downloader.Win32.Agent.bkd	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\llyrwhne.dll.bac_a03072	Infected: Trojan.Win32.Monder.v	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\lvqmbqgi.dll.bac_a03072	Infected: Trojan.Win32.Monder.bn	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\mkupgemg.dll.bac_a03072	Infected: Trojan.Win32.Monder.cr	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\mllmm.dll.bac_a03072	Infected: Trojan.Win32.Monder.gen	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\mwxkgdye.dll.bac_a03072	Infected: Trojan.Win32.Monder.bp	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\ppvgbhns.dll.bac_a03072	Infected: Trojan.Win32.Monder.gen	1
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\riched20.dll.bac_a04012	Infected: not-a-virus:AdTool.Win32.MyWebSearch	1
C:\Documents and Settings\Alfred Barna\Desktop\FreeFLVPlayerSetup.exe	Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g	1
C:\Documents and Settings\Alfred Barna\Local Settings\Application Data\Mozilla\Firefox\Profiles\nanruy28.default\Cache(4)\B955DE07d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Alfred Barna\Local Settings\Application Data\Mozilla\Firefox\Profiles\nanruy28.default\Cache(4)\F3043699d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Alfred Barna\Local Settings\Application Data\Mozilla\Firefox\Profiles\nanruy28.default\Cache(4)\F3064699d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\0830D731d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\0FFC1A07d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\1EBDF364d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\30D75781d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\385182AFd01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\3CC97676d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\47A12005d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\515B7147d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\65C21427d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\783B44E0d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\BFA06D47d01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\C44F4D4Dd01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Documents and Settings\Justin Barna\Local Settings\Application Data\K-Meleon\default\Cache\D940D75Fd01	Infected: Trojan-Downloader.JS.Agent.cnn	1
C:\Program Files\FLV Player\flv2video_converter-trial.exe	Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g	1
C:\QooBox\Quarantine\C\WINDOWS\system32\blievp.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.cqt	1
C:\QooBox\Quarantine\C\WINDOWS\system32\gaoftt.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.cps	1
C:\QooBox\Quarantine\C\WINDOWS\system32\ghdduepv.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.cry	1
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir	Infected: not-a-virus:AdWare.Win32.BHO.cdk	1
C:\QooBox\Quarantine\C\WINDOWS\system32\hjhuto.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.cry	1
C:\QooBox\Quarantine\C\WINDOWS\system32\hkhjifok.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.cps	1
C:\QooBox\Quarantine\C\WINDOWS\system32\mqprbvna.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.cqt	1
C:\QooBox\Quarantine\C\WINDOWS\system32\mycdhidd.dll.vir	Infected: Trojan.Win32.Monder.fxf	1
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir	Infected: Rootkit.Win32.Clbd.iv	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP497\A0199108.sys	Infected: Backdoor.Win32.Agent.piv	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199123.exe	Infected: not-a-virus:AdWare.Win32.BHO.cdk	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199130.dll	Infected: not-a-virus:AdWare.Win32.Shopper.v	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199141.dll	Infected: not-a-virus:AdWare.Win32.SuperJuan.cqt	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199143.dll	Infected: not-a-virus:AdWare.Win32.SuperJuan.cps	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199144.dll	Infected: not-a-virus:AdWare.Win32.SuperJuan.cry	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199145.dll	Infected: not-a-virus:AdWare.Win32.SuperJuan.cry	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199146.dll	Infected: not-a-virus:AdWare.Win32.SuperJuan.cps	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199149.dll	Infected: not-a-virus:AdWare.Win32.SuperJuan.cqt	1
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP498\A0199150.dll	Infected: Trojan.Win32.Monder.fxf	1
C:\WINDOWS\system32\iifebccd.dll	Infected: Trojan.Win32.Mondera.gen	1
C:\WINDOWS\system32\nnnonopq.dll	Infected: Trojan.Win32.Mondera.gen	1
D:\Documents and Settings\Cassie Barna\Music\little russian symphony.wm	Infected: Trojan-Downloader.WMA.Wimad.m	1
F:\Kazaa\poop\Eighties classic.wma	Infected: Trojan-Downloader.WMA.Wimad.k	1
F:\Kazaa\poop\Rare Recording.wma	Infected: Trojan-Downloader.WMA.Wimad.k	1
F:\My Downloads\kissgirl.exe	Infected: not-a-virus:AdTool.Win32.WhenU.a	1
F:\My Downloads\kissgirl.exe	Infected: not-a-virus:AdWare.Win32.NewDotNet	1
F:\My Downloads\kissgirl.exe	Infected: not-a-virus:AdWare.Win32.Accoona.b	1
F:\Documents and Settings\Valerie Barna\Local Settings\Temporary Internet Files\Content.IE5\GT0N43W3\WinFixer2005ScannerInstall[1].exe	Infected: not-a-virusownloader.Win32.Agent.e	1

The selected area was scanned.


----------



## justin52493x2

My computer is running alot better but still not really near its normal performance, the internet is mostly fixed but still locks up, and going from user to user also gets locked up.
Thank you for all your help so far.


----------



## cohen

Well that last log is showing a lot.

Pls wait for ceewi1 to come and he will help you.

Then (hopefully) your system should be back to what it was.


----------



## ceewi1

Please download *ATF Cleaner* by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please *download* the *OTMoveIt2 by OldTimer*.

 *Save* it to your *desktop*.
 Please double-click *OTMoveIt2.exe* to run it.
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):

*


		Code:
	

C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\*.*
C:\Documents and Settings\Alfred Barna\Desktop\FreeFLVPlayerSetup.exe
C:\Program Files\FLV Player\flv2video_converter-trial.exe
C:\WINDOWS\system32\iifebccd.dll 
C:\WINDOWS\system32\nnnonopq.dll
D:\Documents and Settings\Cassie Barna\Music\little russian symphony.wm
F:\Kazaa\poop\Eighties classic.wma
F:\Kazaa\poop\Rare Recording.wma
F:\My Downloads\kissgirl.exe

*
 Return to OTMoveIt2, right click in the *Paste List of Files/Folders to Move* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button.
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.  These results are also located at *C:\_OTMoveIt\MovedFiles\Date_Time.log*, where Date_Time is the date and time you ran OTMoveIt.
Close *OTMoveIt2*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

Please download *Malwarebytes' Anti-Malware* to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*

then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform full scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
You can also access the log in the *Logs* tab of Malwarebytes' Anti-Malware.

Please post
The OTMoveIt2 report
The Malwarebytes Anti-Malware report
A new HijackThis log
An update on how your system is running now


----------



## justin52493x2

OTMoveit it Log:

< C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\*.* >
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0004306.DLL.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0004324.DLL.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0025030.exe.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0025031.exe.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0025032.exe.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0108417.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0108418.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0108419.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0109779.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\A0111043.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\awtst.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\axlpsmpy.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\b153.exe.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\b155.exe.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\bfsgypdr.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\blackwind, fire, and steel 15.wma.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\btdfqmvt.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\CAAXONWI.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\daklvvlb.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\eldppqeo.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\fgfqoqgr.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\gnmdjqic.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\hcqeebjq.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\hefxouom.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\hvatemlo.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\jefjncex.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\laf16.tmp.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\llyrwhne.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\lvqmbqgi.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\mkupgemg.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\mllmm.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\mwxkgdye.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\ppvgbhns.dll.bac_a03072 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\riched20.dll.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\uninst.exe.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\.housecall6.6\Quarantine\Yazzle1281OinUninstaller.exe.bac_a04012 moved successfully.
C:\Documents and Settings\Alfred Barna\Desktop\FreeFLVPlayerSetup.exe moved successfully.
C:\Program Files\FLV Player\flv2video_converter-trial.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iifebccd.dll
C:\WINDOWS\system32\iifebccd.dll NOT unregistered.
C:\WINDOWS\system32\iifebccd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnonopq.dll
C:\WINDOWS\system32\nnnonopq.dll NOT unregistered.
C:\WINDOWS\system32\nnnonopq.dll moved successfully.
D:\Documents and Settings\Cassie Barna\Music\little russian symphony.wm moved successfully.
F:\Kazaa\poop\Eighties classic.wma moved successfully.
F:\Kazaa\poop\Rare Recording.wma moved successfully.
F:\My Downloads\kissgirl.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08232008_174023


----------



## justin52493x2

Malwarebytes Log Part 1:

Malwarebytes' Anti-Malware 1.25
Database version: 1078
Windows 5.1.2600 Service Pack 2

10:10:27 PM 8/23/2008
mbam-log-08-23-2008 (22-10-27).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 612858
Time elapsed: 4 hour(s), 19 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 24
Files Infected: 174

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Alfred Barna\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\Yourprivacyguard\Logs (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnVes18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\polX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GUI2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\binR (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3036a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\blievp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gaoftt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ghdduepv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hjhuto.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hkhjifok.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifggFXQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mqprbvna.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mycdhidd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvSjkJY.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\08232008_174023\WINDOWS\system32\iifebccd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\08232008_174023\WINDOWS\system32\nnnonopq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valerie Barna\Valerie\Application Data\WinTouch\WTUninstaller.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-370030131-3186773635-3883207141-1009\Dc85.exe (Adware.Webdir) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\Yourprivacyguard\Logs\update.log (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.


----------



## justin52493x2

Malwarebytes Log part 2:

C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alfred Barna\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\prod_code (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{a0f18a0c-2eb7-f82e-9592-2644c645c6ae}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


----------



## justin52493x2

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:35 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Justin Barna\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-370030131-3186773635-3883207141-1011\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Alfred Barna')
O4 - HKUS\S-1-5-21-370030131-3186773635-3883207141-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Alfred Barna')
O4 - HKUS\S-1-5-21-370030131-3186773635-3883207141-1011\..\Run: [Aim6]  (User 'Alfred Barna')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.7.0.32/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.31/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.0.7.14/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.4.21/cascade/cascade-en_US.cab
O16 - DPF: Canasta by pogo - http://game3.pogo.com/v/9.0.5.4/applet/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.0.1.7/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/domino2/domino2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/golfsolitaire/golfsolitaire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.7.0.32/greenback/greenback-en_US.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.7.0.32/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.6.4.29/keno/keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.40/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/mahjong/mahjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.7.0.40/penguins/penguins-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.31/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.4.29/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.29/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.4.29/squares/squares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.4.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/spades2/spades2-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.29/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.4.21/sweeper/sweeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.4.29/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.4.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191634729640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 15164 bytes


----------



## justin52493x2

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:35 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Justin Barna\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-370030131-3186773635-3883207141-1011\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Alfred Barna')
O4 - HKUS\S-1-5-21-370030131-3186773635-3883207141-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Alfred Barna')
O4 - HKUS\S-1-5-21-370030131-3186773635-3883207141-1011\..\Run: [Aim6]  (User 'Alfred Barna')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.7.0.32/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.31/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.0.7.14/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.4.21/cascade/cascade-en_US.cab
O16 - DPF: Canasta by pogo - http://game3.pogo.com/v/9.0.5.4/applet/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.0.1.7/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/domino2/domino2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/golfsolitaire/golfsolitaire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.7.0.32/greenback/greenback-en_US.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.7.0.32/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.6.4.29/keno/keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.40/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/mahjong/mahjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.7.0.40/penguins/penguins-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.31/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.4.29/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.29/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.4.29/squares/squares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.4.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/spades2/spades2-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.29/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.4.21/sweeper/sweeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.4.29/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.4.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191634729640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 15164 bytes


----------



## justin52493x2

My system is slowly getting better, It looks pretty promising, please let me know if theres anything left, and what I can do to prevent it. All of this mess obviously slipped past McAfee...


----------



## ceewi1

Great, that's removed a number of infections.  I will give you some prevention advice, but I'd first like to be sure that there are no remaining infections. 

Your logfile also indicates that you are running both AVG Antivirus and McAfee. Two antivirus programs running in resident mode can conflict, actually making you less safe. I suggest you either remove one, or disable the real time protection on one and just use it as an on-demand scanner.

Please run HijackThis and choose *Do a system scan only*.

Place a check next to the following entry:
*
[*]O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
*

If you or a System Administrator did not set any restrictions on Internet Explorer, please also check the following entry:

*O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present*
Please close all open windows except for HijackThis and choose *Fix checked*

I would also like to see one more log with ComboFix, to be sure that nothing is remaining.  Please delete your version of ComboFix and download a new one from http://download.bleepingcomputer.com/sUBs/ComboFix.exe.  Double click on it and post the log it generates.


----------



## justin52493x2

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:11 AM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Justin Barna\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.7.0.32/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.31/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.0.7.14/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.4.21/cascade/cascade-en_US.cab
O16 - DPF: Canasta by pogo - http://game3.pogo.com/v/9.0.5.4/applet/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.0.1.7/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/domino2/domino2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/golfsolitaire/golfsolitaire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.7.0.32/greenback/greenback-en_US.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.7.0.32/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.6.4.29/keno/keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.40/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/mahjong/mahjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.7.0.40/penguins/penguins-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.31/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.8.20/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.4.29/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.29/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.4.29/squares/squares-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.4.29/slots/showbiz2-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.com/v/9.0.8.20/applet/spades2/spades2-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.29/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.6.4.21/sweeper/sweeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.4.29/memories/memories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.4.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191634729640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14375 bytes


----------



## justin52493x2

ComboFix Log Part 1:

ComboFix 08-08-24.03 - Justin Barna 2008-08-25 10:16:20.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2578 [GMT -4:00]
Running from: C:\Documents and Settings\Justin Barna\Desktop\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\#SharedObjects\W8FRYFTP\interclick.com
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\#SharedObjects\W8FRYFTP\interclick.com\ud.sol
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
(((((((((((((((((((((((((   Files Created from 2008-07-25 to 2008-08-25  )))))))))))))))))))))))))))))))
.

2008-08-23 17:42 . 2008-08-23 17:42	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 17:42 . 2008-08-23 17:42	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\Malwarebytes
2008-08-23 17:42 . 2008-08-23 17:42	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 17:42 . 2008-08-17 15:01	38,472	--a------	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-23 17:42 . 2008-08-17 15:01	17,144	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 17:40 . 2008-08-23 17:40	<DIR>	d--------	C:\_OTMoveIt
2008-08-22 10:52 . 2008-08-22 10:52	15,452,536	--a------	C:\IE7-WindowsXP-x86-enu.exe
2008-08-20 19:21 . 2008-08-22 10:31	<DIR>	d--------	C:\Documents and Settings\Alfred Barna\Application Data\AVGTOOLBAR
2008-08-19 14:54 . 2008-08-24 18:18	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-08-19 14:49 . 2008-08-24 10:37	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
2008-08-19 14:49 . 2008-08-19 14:49	<DIR>	d--------	C:\Program Files\AVG
2008-08-19 14:49 . 2008-08-23 18:21	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\AVGTOOLBAR
2008-08-19 14:49 . 2008-08-19 19:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\avg8
2008-08-19 14:49 . 2008-08-19 14:49	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-19 14:49 . 2008-08-19 14:49	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
2008-08-19 00:29 . 2008-08-19 00:29	<DIR>	d--------	C:\Program Files\Trend Micro
2008-08-14 08:46 . 2008-08-14 08:46	<DIR>	d--------	C:\Documents and Settings\Alfred Barna\Application Data\My Battle for Middle-earth Files
2008-08-10 22:02 . 2008-08-10 22:02	<DIR>	d--------	C:\Program Files\Intel Desktop Board Audio Driver
2008-08-10 21:50 . 2008-08-10 21:50	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-08-10 21:50 . 2008-08-10 21:50	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\SystemRequirementsLab
2008-07-29 21:37 . 2008-08-02 20:23	145	--a------	C:\WINDOWS\game.INI
2008-07-28 15:41 . 2008-07-28 15:41	<DIR>	d--------	C:\Program Files\SeeToo
2008-07-28 14:33 . 2008-07-28 15:22	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\Webcammax
2008-07-28 14:33 . 2008-07-28 14:33	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\WebcamMax
2008-07-28 14:33 . 2008-03-11 09:14	941,784	--a------	C:\WINDOWS\system32\drivers\CAMTHWDM.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 14:12	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\MSN6
2008-08-25 14:08	---------	d-----w	C:\Program Files\Steam
2008-08-23 21:40	---------	d-----w	C:\Program Files\FLV Player
2008-08-20 16:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-16 18:23	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\SiteAdvisor
2008-08-16 17:32	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\MSN6
2008-08-12 02:56	---------	d-----w	C:\Program Files\Apple Software Update
2008-08-11 22:51	---------	d-----w	C:\Program Files\iPod
2008-08-11 02:03	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-10 16:27	---------	d-----w	C:\Program Files\Lx_cats
2008-07-29 14:07	---------	d-----w	C:\Program Files\Bonjour
2008-07-25 02:13	---------	d-----w	C:\Program Files\AIM6
2008-07-25 02:13	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\acccore
2008-07-25 02:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-25 02:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\acccore
2008-07-25 02:11	---------	d-----w	C:\Program Files\Common Files\AOL
2008-07-24 23:55	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL
2008-07-22 11:02	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-16 00:19	1,882,818	----a-w	C:\WINDOWS\java\Packages\ZN1ZLVRP.ZIP
2008-07-16 00:11	2,368,858	----a-w	C:\WINDOWS\java\Packages\2E7Z7N35.ZIP
2008-07-15 23:06	2,482,117	----a-w	C:\WINDOWS\java\Packages\CNDBZ3Z7.ZIP
2008-07-15 16:53	---------	d-----w	C:\Program Files\VideoLAN
2008-07-12 01:56	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\Hamachi
2008-07-11 17:38	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\BitDownload
2008-07-10 12:09	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\FrostWire
2008-07-09 20:50	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\FrostWire
2008-07-09 20:43	---------	d-----w	C:\Program Files\Java
2008-07-07 20:32	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-07-07 02:35	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 02:36	1,567,288	----a-w	C:\WINDOWS\java\Packages\GX7BPBL3.ZIP
2008-07-06 02:19	2,937,054	----a-w	C:\WINDOWS\java\Packages\LVHVZT3F.ZIP
2008-07-05 19:57	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\Ventrilo
2008-07-05 19:37	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\SiteAdvisor
2008-07-04 01:21	2,771,334	----a-w	C:\WINDOWS\java\Packages\EYE064EE.ZIP
2008-07-02 01:43	304,160	----a-w	C:\PA207.DAT
2008-07-02 01:34	---------	d-----w	C:\Program Files\PC VGA Camera
2008-07-02 01:34	---------	d-----w	C:\Program Files\Common Files\PCCamera
2008-07-02 00:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\PY_Software
2008-06-30 15:30	---------	d-----w	C:\Program Files\QuickTime
2008-06-30 15:26	---------	d-----w	C:\Program Files\Common Files\Apple
2008-06-29 15:44	1,465,947	----a-w	C:\WINDOWS\java\Packages\J9NTZTBD.ZIP
2008-06-28 04:46	---------	d-----w	C:\Program Files\iTunes
2008-06-27 22:17	992,604	--sha-w	C:\WINDOWS\system32\dqilomha.tmp
2008-06-27 13:23	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\BitTorrent
2008-06-26 20:10	42,320	----a-w	C:\WINDOWS\system32\xfcodec.dll
2008-06-25 04:25	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\IGN_DLM
2008-06-24 16:23	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-21 22:03	2,078,946	----a-w	C:\WINDOWS\java\Packages\YLBTVRL3.ZIP
2008-06-20 17:41	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-06-06 23:31	2,018,486	----a-w	C:\WINDOWS\java\Packages\CIEUXB1B.ZIP
2008-05-26 16:47	1,686,525	----a-w	C:\WINDOWS\java\Packages\VJD777VV.ZIP
2007-12-15 06:20	22,328	-c--a-w	C:\Documents and Settings\Justin Barna\Application Data\PnkBstrK.sys
2007-10-17 00:43	111,456	-c--a-w	C:\Documents and Settings\Justin Barna\Application Data\GDIPFONTCACHEV1.DAT
2006-09-14 12:08	774,144	----a-w	C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-08-21_22.56.21.43   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-28 12:00:00	61,440	-c--a-w	C:\WINDOWS\ie7\admparse.dll
+ 2006-02-28 12:00:00	99,840	-c--a-w	C:\WINDOWS\ie7\advpack.dll
+ 2006-02-28 12:00:00	35,328	-c--a-w	C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49	33,792	-c--a-w	C:\WINDOWS\ie7\custsat.dll
+ 2008-06-23 16:11:43	357,888	-c--a-w	C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-06-23 16:11:43	205,312	-c--a-w	C:\WINDOWS\ie7\dxtrans.dll
+ 2008-06-23 16:11:43	55,808	-c--a-w	C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 07:00:00	38,912	-c--a-w	C:\WINDOWS\ie7\hmmapi.dll
+ 2006-10-17 16:58:20	61,952	-c--a-w	C:\WINDOWS\ie7\icardie.dll
+ 2006-02-28 12:00:00	34,304	-c--a-w	C:\WINDOWS\ie7\ie4uinit.exe
+ 2006-02-28 12:00:00	139,264	-c--a-w	C:\WINDOWS\ie7\ieakeng.dll
+ 2006-02-28 12:00:00	216,576	-c--a-w	C:\WINDOWS\ie7\ieaksie.dll
+ 2006-02-28 12:00:00	221,184	-c--a-w	C:\WINDOWS\ie7\ieakui.dll
+ 2006-09-06 04:01:26	2,451,824	-c--a-w	C:\WINDOWS\ie7\ieapfltr.dat
+ 2006-10-17 16:27:56	380,928	-c--a-w	C:\WINDOWS\ie7\ieapfltr.dll
+ 2006-02-28 12:00:00	323,584	-c--a-w	C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-06-23 09:53:58	18,432	-c--a-w	C:\WINDOWS\ie7\iedw.exe
+ 2006-02-28 12:00:00	81,920	-c--a-w	C:\WINDOWS\ie7\ieencode.dll
+ 2006-10-17 17:33:42	6,049,280	-c--a-w	C:\WINDOWS\ie7\ieframe.dll
+ 2008-06-23 16:11:52	251,904	-c--a-w	C:\WINDOWS\ie7\iepeers.dll
+ 2006-02-28 12:00:00	48,640	-c--a-w	C:\WINDOWS\ie7\iernonce.dll
+ 2006-10-17 16:57:20	266,752	-c--a-w	C:\WINDOWS\ie7\iertutil.dll
+ 2006-02-28 12:00:00	62,976	-c--a-w	C:\WINDOWS\ie7\iesetup.dll
+ 2006-10-17 17:33:40	180,736	-c--a-w	C:\WINDOWS\ie7\ieui.dll
+ 2004-08-04 07:00:00	93,184	-c--a-w	C:\WINDOWS\ie7\iexplore.exe
+ 2006-02-28 12:00:00	35,840	-c--a-w	C:\WINDOWS\ie7\imgutil.dll
+ 2008-06-23 16:11:52	96,256	-c--a-w	C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58	450,560	-c--a-w	C:\WINDOWS\ie7\jscript.dll
+ 2008-06-23 16:11:52	16,384	-c--a-w	C:\WINDOWS\ie7\jsproxy.dll
+ 2006-02-28 12:00:00	22,016	-c--a-w	C:\WINDOWS\ie7\licmgr10.dll
+ 2006-10-17 17:33:40	458,752	-c--a-w	C:\WINDOWS\ie7\msfeeds.dll
+ 2006-10-17 17:33:40	50,688	-c--a-w	C:\WINDOWS\ie7\msfeedsbs.dll
+ 2006-10-17 16:58:32	12,288	-c--a-w	C:\WINDOWS\ie7\msfeedssync.exe
+ 2006-02-28 12:00:00	29,184	-c--a-w	C:\WINDOWS\ie7\mshta.exe
+ 2008-06-23 16:11:58	3,067,392	-c--a-w	C:\WINDOWS\ie7\mshtml.dll
+ 2008-06-23 16:12:00	449,024	-c--a-w	C:\WINDOWS\ie7\mshtmled.dll
+ 2006-02-28 12:00:00	56,832	-c--a-w	C:\WINDOWS\ie7\mshtmler.dll
+ 2006-02-28 12:00:00	146,432	-c--a-w	C:\WINDOWS\ie7\msls31.dll
+ 2008-06-23 16:12:02	146,432	-c--a-w	C:\WINDOWS\ie7\msrating.dll
+ 2008-06-23 16:12:02	532,480	-c--a-w	C:\WINDOWS\ie7\mstime.dll
+ 2006-02-28 12:00:00	96,256	-c--a-w	C:\WINDOWS\ie7\occache.dll
+ 2008-06-23 16:12:02	39,424	-c--a-w	C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 22:54:42	32,960	-c--a-w	C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:52:06	66,048	-c--a-w	C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 21:43:16	213,216	-c--a-w	C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:43:18	371,424	-c--a-w	C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-02-28 12:00:00	37,888	-c--a-w	C:\WINDOWS\ie7\url.dll
+ 2008-06-23 16:12:06	618,496	-c--a-w	C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:40:58	417,792	-c--a-w	C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22	851,968	-c--a-w	C:\WINDOWS\ie7\vgx.dll
+ 2006-02-28 12:00:00	276,480	-c--a-w	C:\WINDOWS\ie7\webcheck.dll
+ 2006-10-17 17:05:58	206,336	-c--a-w	C:\WINDOWS\ie7\winfxdocobj.exe
+ 2008-06-23 16:12:08	667,136	-c--a-w	C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:34	22,752	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spcustom.dll
+ 2007-03-06 01:22:36	14,048	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41	213,216	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:41	213,216	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51	371,424	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:59	716,000	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
+ 2007-03-06 01:23:51	371,424	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\updspapi.dll
+ 2007-08-13 22:54:10	765,952	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 22:39:00	123,904	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2007-08-13 22:35:46	346,624	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2007-08-13 22:35:38	214,528	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2007-08-13 22:54:10	131,584	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2007-08-13 22:36:26	61,952	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2007-08-13 22:39:06	54,784	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2007-08-13 22:39:26	152,064	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2007-08-13 22:39:54	229,376	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2007-08-13 21:56:54	161,792	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2007-02-12 20:10:12	2,451,312	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dat
+ 2007-07-11 16:27:48	383,488	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2007-08-13 22:39:50	382,976	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2007-08-13 22:54:10	6,049,280	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2007-08-13 22:39:10	43,008	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2007-08-13 22:34:04	266,752	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2007-08-13 22:39:10	13,312	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2007-08-13 22:43:56	622,080	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2007-08-13 22:54:10	27,136	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2007-08-13 22:54:10	458,752	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2007-08-13 22:54:10	50,688	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2007-08-13 22:54:12	3,578,368	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2007-08-13 22:54:10	475,648	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2007-08-13 22:44:26	192,000	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2007-08-13 22:54:10	670,720	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2007-08-13 22:44:06	101,376	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2007-08-13 22:36:12	44,544	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39	213,216	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51	371,424	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:44:30	105,984	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2007-08-13 22:54:10	1,162,240	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2007-08-13 22:54:10	231,424	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2007-08-13 22:54:10	818,688	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2006-02-28 12:00:00	61,440	----a-w	C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 22:39:20	71,680	----a-w	C:\WINDOWS\system32\admparse.dll
- 2006-02-28 12:00:00	99,840	----a-w	C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27	124,928	----a-w	C:\WINDOWS\system32\advpack.dll
- 2008-08-22 02:36:58	32,768	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-25 13:28:43	32,768	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-22 02:36:58	32,768	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-25 13:28:43	32,768	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-22 02:42:16	180,224	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 13:23:25	180,224	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-28 12:00:00	35,328	----a-w	C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 22:42:54	17,408	----a-w	C:\WINDOWS\system32\corpol.dll
- 2006-02-28 12:00:00	61,440	-c--a-w	C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 22:39:20	71,680	-c--a-w	C:\WINDOWS\system32\dllcache\admparse.dll
- 2006-02-28 12:00:00	99,840	-c--a-w	C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27	124,928	-c--a-w	C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-02-28 12:00:00	35,328	-c--a-w	C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 22:42:54	17,408	-c--a-w	C:\WINDOWS\system32\dllcache\corpol.dll
- 2006-06-03 11:40:49	33,792	-c--a-w	C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 22:54:10	33,792	-c--a-w	C:\WINDOWS\system32\dllcache\custsat.dll
- 2008-06-23 16:11:43	357,888	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27	347,136	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:11:43	205,312	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27	214,528	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:11:43	55,808	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27	133,120	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 07:00:00	38,912	-c--a-w	C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 22:18:02	60,416	-c--a-w	C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2007-08-20 10:04:34	63,488	-c----w	C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28	63,488	-c----w	C:\WINDOWS\system32\dllcache\icardie.dll
- 2006-02-28 12:00:00	34,304	-c--a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25	70,656	-c--a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00:00	139,264	-c--a-w	C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29	153,088	-c--a-w	C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2006-02-28 12:00:00	216,576	-c--a-w	C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29	230,400	-c--a-w	C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00:00	221,184	-c--a-w	C:\WINDOWS\system32\dllcache\ieakui.dll


----------



## justin52493x2

ComboFix Log Part 1:

ComboFix 08-08-24.03 - Justin Barna 2008-08-25 10:16:20.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2578 [GMT -4:00]
Running from: C:\Documents and Settings\Justin Barna\Desktop\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\#SharedObjects\W8FRYFTP\interclick.com
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\#SharedObjects\W8FRYFTP\interclick.com\ud.sol
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Justin Barna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
(((((((((((((((((((((((((   Files Created from 2008-07-25 to 2008-08-25  )))))))))))))))))))))))))))))))
.

2008-08-23 17:42 . 2008-08-23 17:42	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 17:42 . 2008-08-23 17:42	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\Malwarebytes
2008-08-23 17:42 . 2008-08-23 17:42	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 17:42 . 2008-08-17 15:01	38,472	--a------	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-23 17:42 . 2008-08-17 15:01	17,144	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 17:40 . 2008-08-23 17:40	<DIR>	d--------	C:\_OTMoveIt
2008-08-22 10:52 . 2008-08-22 10:52	15,452,536	--a------	C:\IE7-WindowsXP-x86-enu.exe
2008-08-20 19:21 . 2008-08-22 10:31	<DIR>	d--------	C:\Documents and Settings\Alfred Barna\Application Data\AVGTOOLBAR
2008-08-19 14:54 . 2008-08-24 18:18	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-08-19 14:49 . 2008-08-24 10:37	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
2008-08-19 14:49 . 2008-08-19 14:49	<DIR>	d--------	C:\Program Files\AVG
2008-08-19 14:49 . 2008-08-23 18:21	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\AVGTOOLBAR
2008-08-19 14:49 . 2008-08-19 19:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\avg8
2008-08-19 14:49 . 2008-08-19 14:49	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-19 14:49 . 2008-08-19 14:49	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
2008-08-19 00:29 . 2008-08-19 00:29	<DIR>	d--------	C:\Program Files\Trend Micro
2008-08-14 08:46 . 2008-08-14 08:46	<DIR>	d--------	C:\Documents and Settings\Alfred Barna\Application Data\My Battle for Middle-earth Files
2008-08-10 22:02 . 2008-08-10 22:02	<DIR>	d--------	C:\Program Files\Intel Desktop Board Audio Driver
2008-08-10 21:50 . 2008-08-10 21:50	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-08-10 21:50 . 2008-08-10 21:50	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\SystemRequirementsLab
2008-07-29 21:37 . 2008-08-02 20:23	145	--a------	C:\WINDOWS\game.INI
2008-07-28 15:41 . 2008-07-28 15:41	<DIR>	d--------	C:\Program Files\SeeToo
2008-07-28 14:33 . 2008-07-28 15:22	<DIR>	d--------	C:\Documents and Settings\Justin Barna\Application Data\Webcammax
2008-07-28 14:33 . 2008-07-28 14:33	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\WebcamMax
2008-07-28 14:33 . 2008-03-11 09:14	941,784	--a------	C:\WINDOWS\system32\drivers\CAMTHWDM.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 14:12	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\MSN6
2008-08-25 14:08	---------	d-----w	C:\Program Files\Steam
2008-08-23 21:40	---------	d-----w	C:\Program Files\FLV Player
2008-08-20 16:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-16 18:23	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\SiteAdvisor
2008-08-16 17:32	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\MSN6
2008-08-12 02:56	---------	d-----w	C:\Program Files\Apple Software Update
2008-08-11 22:51	---------	d-----w	C:\Program Files\iPod
2008-08-11 02:03	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-10 16:27	---------	d-----w	C:\Program Files\Lx_cats
2008-07-29 14:07	---------	d-----w	C:\Program Files\Bonjour
2008-07-25 02:13	---------	d-----w	C:\Program Files\AIM6
2008-07-25 02:13	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\acccore
2008-07-25 02:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-25 02:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\acccore
2008-07-25 02:11	---------	d-----w	C:\Program Files\Common Files\AOL
2008-07-24 23:55	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL
2008-07-22 11:02	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-16 00:19	1,882,818	----a-w	C:\WINDOWS\java\Packages\ZN1ZLVRP.ZIP
2008-07-16 00:11	2,368,858	----a-w	C:\WINDOWS\java\Packages\2E7Z7N35.ZIP
2008-07-15 23:06	2,482,117	----a-w	C:\WINDOWS\java\Packages\CNDBZ3Z7.ZIP
2008-07-15 16:53	---------	d-----w	C:\Program Files\VideoLAN
2008-07-12 01:56	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\Hamachi
2008-07-11 17:38	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\BitDownload
2008-07-10 12:09	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\FrostWire
2008-07-09 20:50	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\FrostWire
2008-07-09 20:43	---------	d-----w	C:\Program Files\Java
2008-07-07 20:32	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-07-07 02:35	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 02:36	1,567,288	----a-w	C:\WINDOWS\java\Packages\GX7BPBL3.ZIP
2008-07-06 02:19	2,937,054	----a-w	C:\WINDOWS\java\Packages\LVHVZT3F.ZIP
2008-07-05 19:57	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\Ventrilo
2008-07-05 19:37	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\SiteAdvisor
2008-07-04 01:21	2,771,334	----a-w	C:\WINDOWS\java\Packages\EYE064EE.ZIP
2008-07-02 01:43	304,160	----a-w	C:\PA207.DAT
2008-07-02 01:34	---------	d-----w	C:\Program Files\PC VGA Camera
2008-07-02 01:34	---------	d-----w	C:\Program Files\Common Files\PCCamera
2008-07-02 00:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\PY_Software
2008-06-30 15:30	---------	d-----w	C:\Program Files\QuickTime
2008-06-30 15:26	---------	d-----w	C:\Program Files\Common Files\Apple
2008-06-29 15:44	1,465,947	----a-w	C:\WINDOWS\java\Packages\J9NTZTBD.ZIP
2008-06-28 04:46	---------	d-----w	C:\Program Files\iTunes
2008-06-27 22:17	992,604	--sha-w	C:\WINDOWS\system32\dqilomha.tmp
2008-06-27 13:23	---------	d-----w	C:\Documents and Settings\Alfred Barna\Application Data\BitTorrent
2008-06-26 20:10	42,320	----a-w	C:\WINDOWS\system32\xfcodec.dll
2008-06-25 04:25	---------	d-----w	C:\Documents and Settings\Justin Barna\Application Data\IGN_DLM
2008-06-24 16:23	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-21 22:03	2,078,946	----a-w	C:\WINDOWS\java\Packages\YLBTVRL3.ZIP
2008-06-20 17:41	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-06-06 23:31	2,018,486	----a-w	C:\WINDOWS\java\Packages\CIEUXB1B.ZIP
2008-05-26 16:47	1,686,525	----a-w	C:\WINDOWS\java\Packages\VJD777VV.ZIP
2007-12-15 06:20	22,328	-c--a-w	C:\Documents and Settings\Justin Barna\Application Data\PnkBstrK.sys
2007-10-17 00:43	111,456	-c--a-w	C:\Documents and Settings\Justin Barna\Application Data\GDIPFONTCACHEV1.DAT
2006-09-14 12:08	774,144	----a-w	C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-08-21_22.56.21.43   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-28 12:00:00	61,440	-c--a-w	C:\WINDOWS\ie7\admparse.dll
+ 2006-02-28 12:00:00	99,840	-c--a-w	C:\WINDOWS\ie7\advpack.dll
+ 2006-02-28 12:00:00	35,328	-c--a-w	C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49	33,792	-c--a-w	C:\WINDOWS\ie7\custsat.dll
+ 2008-06-23 16:11:43	357,888	-c--a-w	C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-06-23 16:11:43	205,312	-c--a-w	C:\WINDOWS\ie7\dxtrans.dll
+ 2008-06-23 16:11:43	55,808	-c--a-w	C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 07:00:00	38,912	-c--a-w	C:\WINDOWS\ie7\hmmapi.dll
+ 2006-10-17 16:58:20	61,952	-c--a-w	C:\WINDOWS\ie7\icardie.dll
+ 2006-02-28 12:00:00	34,304	-c--a-w	C:\WINDOWS\ie7\ie4uinit.exe
+ 2006-02-28 12:00:00	139,264	-c--a-w	C:\WINDOWS\ie7\ieakeng.dll
+ 2006-02-28 12:00:00	216,576	-c--a-w	C:\WINDOWS\ie7\ieaksie.dll
+ 2006-02-28 12:00:00	221,184	-c--a-w	C:\WINDOWS\ie7\ieakui.dll
+ 2006-09-06 04:01:26	2,451,824	-c--a-w	C:\WINDOWS\ie7\ieapfltr.dat
+ 2006-10-17 16:27:56	380,928	-c--a-w	C:\WINDOWS\ie7\ieapfltr.dll
+ 2006-02-28 12:00:00	323,584	-c--a-w	C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-06-23 09:53:58	18,432	-c--a-w	C:\WINDOWS\ie7\iedw.exe
+ 2006-02-28 12:00:00	81,920	-c--a-w	C:\WINDOWS\ie7\ieencode.dll
+ 2006-10-17 17:33:42	6,049,280	-c--a-w	C:\WINDOWS\ie7\ieframe.dll
+ 2008-06-23 16:11:52	251,904	-c--a-w	C:\WINDOWS\ie7\iepeers.dll
+ 2006-02-28 12:00:00	48,640	-c--a-w	C:\WINDOWS\ie7\iernonce.dll
+ 2006-10-17 16:57:20	266,752	-c--a-w	C:\WINDOWS\ie7\iertutil.dll
+ 2006-02-28 12:00:00	62,976	-c--a-w	C:\WINDOWS\ie7\iesetup.dll
+ 2006-10-17 17:33:40	180,736	-c--a-w	C:\WINDOWS\ie7\ieui.dll
+ 2004-08-04 07:00:00	93,184	-c--a-w	C:\WINDOWS\ie7\iexplore.exe
+ 2006-02-28 12:00:00	35,840	-c--a-w	C:\WINDOWS\ie7\imgutil.dll
+ 2008-06-23 16:11:52	96,256	-c--a-w	C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58	450,560	-c--a-w	C:\WINDOWS\ie7\jscript.dll
+ 2008-06-23 16:11:52	16,384	-c--a-w	C:\WINDOWS\ie7\jsproxy.dll
+ 2006-02-28 12:00:00	22,016	-c--a-w	C:\WINDOWS\ie7\licmgr10.dll
+ 2006-10-17 17:33:40	458,752	-c--a-w	C:\WINDOWS\ie7\msfeeds.dll
+ 2006-10-17 17:33:40	50,688	-c--a-w	C:\WINDOWS\ie7\msfeedsbs.dll
+ 2006-10-17 16:58:32	12,288	-c--a-w	C:\WINDOWS\ie7\msfeedssync.exe
+ 2006-02-28 12:00:00	29,184	-c--a-w	C:\WINDOWS\ie7\mshta.exe
+ 2008-06-23 16:11:58	3,067,392	-c--a-w	C:\WINDOWS\ie7\mshtml.dll
+ 2008-06-23 16:12:00	449,024	-c--a-w	C:\WINDOWS\ie7\mshtmled.dll
+ 2006-02-28 12:00:00	56,832	-c--a-w	C:\WINDOWS\ie7\mshtmler.dll
+ 2006-02-28 12:00:00	146,432	-c--a-w	C:\WINDOWS\ie7\msls31.dll
+ 2008-06-23 16:12:02	146,432	-c--a-w	C:\WINDOWS\ie7\msrating.dll
+ 2008-06-23 16:12:02	532,480	-c--a-w	C:\WINDOWS\ie7\mstime.dll
+ 2006-02-28 12:00:00	96,256	-c--a-w	C:\WINDOWS\ie7\occache.dll
+ 2008-06-23 16:12:02	39,424	-c--a-w	C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 22:54:42	32,960	-c--a-w	C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:52:06	66,048	-c--a-w	C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 21:43:16	213,216	-c--a-w	C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:43:18	371,424	-c--a-w	C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-02-28 12:00:00	37,888	-c--a-w	C:\WINDOWS\ie7\url.dll
+ 2008-06-23 16:12:06	618,496	-c--a-w	C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:40:58	417,792	-c--a-w	C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22	851,968	-c--a-w	C:\WINDOWS\ie7\vgx.dll
+ 2006-02-28 12:00:00	276,480	-c--a-w	C:\WINDOWS\ie7\webcheck.dll
+ 2006-10-17 17:05:58	206,336	-c--a-w	C:\WINDOWS\ie7\winfxdocobj.exe
+ 2008-06-23 16:12:08	667,136	-c--a-w	C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:34	22,752	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spcustom.dll
+ 2007-03-06 01:22:36	14,048	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41	213,216	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:41	213,216	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51	371,424	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:59	716,000	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
+ 2007-03-06 01:23:51	371,424	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\updspapi.dll
+ 2007-08-13 22:54:10	765,952	-c----w	C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 22:39:00	123,904	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2007-08-13 22:35:46	346,624	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2007-08-13 22:35:38	214,528	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2007-08-13 22:54:10	131,584	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2007-08-13 22:36:26	61,952	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2007-08-13 22:39:06	54,784	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2007-08-13 22:39:26	152,064	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2007-08-13 22:39:54	229,376	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2007-08-13 21:56:54	161,792	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2007-02-12 20:10:12	2,451,312	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dat
+ 2007-07-11 16:27:48	383,488	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2007-08-13 22:39:50	382,976	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2007-08-13 22:54:10	6,049,280	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2007-08-13 22:39:10	43,008	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2007-08-13 22:34:04	266,752	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2007-08-13 22:39:10	13,312	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2007-08-13 22:43:56	622,080	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2007-08-13 22:54:10	27,136	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2007-08-13 22:54:10	458,752	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2007-08-13 22:54:10	50,688	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2007-08-13 22:54:12	3,578,368	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2007-08-13 22:54:10	475,648	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2007-08-13 22:44:26	192,000	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2007-08-13 22:54:10	670,720	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2007-08-13 22:44:06	101,376	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2007-08-13 22:36:12	44,544	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39	213,216	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51	371,424	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:44:30	105,984	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2007-08-13 22:54:10	1,162,240	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2007-08-13 22:54:10	231,424	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2007-08-13 22:54:10	818,688	-c----w	C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2006-02-28 12:00:00	61,440	----a-w	C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 22:39:20	71,680	----a-w	C:\WINDOWS\system32\admparse.dll
- 2006-02-28 12:00:00	99,840	----a-w	C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27	124,928	----a-w	C:\WINDOWS\system32\advpack.dll
- 2008-08-22 02:36:58	32,768	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-25 13:28:43	32,768	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-22 02:36:58	32,768	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-25 13:28:43	32,768	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-22 02:42:16	180,224	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 13:23:25	180,224	-c--a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-28 12:00:00	35,328	----a-w	C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 22:42:54	17,408	----a-w	C:\WINDOWS\system32\corpol.dll
- 2006-02-28 12:00:00	61,440	-c--a-w	C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 22:39:20	71,680	-c--a-w	C:\WINDOWS\system32\dllcache\admparse.dll
- 2006-02-28 12:00:00	99,840	-c--a-w	C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27	124,928	-c--a-w	C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-02-28 12:00:00	35,328	-c--a-w	C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 22:42:54	17,408	-c--a-w	C:\WINDOWS\system32\dllcache\corpol.dll
- 2006-06-03 11:40:49	33,792	-c--a-w	C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 22:54:10	33,792	-c--a-w	C:\WINDOWS\system32\dllcache\custsat.dll
- 2008-06-23 16:11:43	357,888	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27	347,136	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:11:43	205,312	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27	214,528	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:11:43	55,808	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27	133,120	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 07:00:00	38,912	-c--a-w	C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 22:18:02	60,416	-c--a-w	C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2007-08-20 10:04:34	63,488	-c----w	C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28	63,488	-c----w	C:\WINDOWS\system32\dllcache\icardie.dll
- 2006-02-28 12:00:00	34,304	-c--a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25	70,656	-c--a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00:00	139,264	-c--a-w	C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29	153,088	-c--a-w	C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2006-02-28 12:00:00	216,576	-c--a-w	C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29	230,400	-c--a-w	C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00:00	221,184	-c--a-w	C:\WINDOWS\system32\dllcache\ieakui.dll


----------



## justin52493x2

ComboFix Log Part 2:

+ 2008-06-21 05:23:54	161,792	-c--a-w	C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-20 10:04:35	383,488	-c----w	C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29	383,488	-c----w	C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2006-02-28 12:00:00	323,584	-c--a-w	C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29	384,512	-c--a-w	C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 09:53:58	18,432	-c--a-w	C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:44:02	69,120	-c--a-w	C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-02-28 12:00:00	81,920	-c--a-w	C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 22:45:18	78,336	-c--a-w	C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-08-20 10:04:37	6,058,496	-c----w	C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33	6,066,176	-c----w	C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:11:52	251,904	-c--a-w	C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54:10	191,488	-c--a-w	C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-02-28 12:00:00	48,640	-c--a-w	C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33	44,544	-c--a-w	C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-20 10:04:38	267,776	-c----w	C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34	267,776	-c----w	C:\WINDOWS\system32\dllcache\iertutil.dll
- 2006-02-28 12:00:00	62,976	-c--a-w	C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 22:39:12	55,296	-c--a-w	C:\WINDOWS\system32\dllcache\iesetup.dll
- 2007-08-17 10:20:54	13,824	-c----w	C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-06-23 09:20:26	13,824	-c----w	C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2004-08-04 07:00:00	93,184	-c--a-w	C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52	625,664	-c--a-w	C:\WINDOWS\system32\dllcache\iexplore.exe
- 2006-02-28 12:00:00	35,840	-c--a-w	C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 22:36:06	36,352	-c--a-w	C:\WINDOWS\system32\dllcache\imgutil.dll
- 2008-06-23 16:11:52	96,256	-c--a-w	C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 22:39:02	92,672	-c--a-w	C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-12-18 14:40:58	450,560	-c--a-w	C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 22:38:04	491,520	-c--a-w	C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-06-23 16:11:52	16,384	-c--a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35	27,648	-c--a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00:00	22,016	-c--a-w	C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:44:18	40,960	-c--a-w	C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2006-02-28 12:00:00	294,400	-c--a-w	C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50	294,912	-c--a-w	C:\WINDOWS\system32\dllcache\msctf.dll
- 2007-08-20 10:04:39	459,264	-c----w	C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36	459,264	-c----w	C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-08-20 10:04:39	52,224	-c----w	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36	52,224	-c----w	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2006-02-28 12:00:00	29,184	-c--a-w	C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 22:32:30	45,568	-c--a-w	C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-06-23 16:11:58	3,067,392	-c--a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 14:57:40	3,592,192	-c--a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:12:00	449,024	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39	477,696	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00:00	56,832	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:01:12	48,128	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2006-02-28 12:00:00	146,432	-c--a-w	C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 22:54:10	156,160	-c--a-w	C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-06-23 16:12:02	146,432	-c--a-w	C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39	193,024	-c--a-w	C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:12:02	532,480	-c--a-w	C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40	671,232	-c--a-w	C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-02-28 12:00:00	96,256	-c--a-w	C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40	102,912	-c--a-w	C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:12:02	39,424	-c--a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40	44,544	-c--a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00:00	37,888	-c--a-w	C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40	105,984	-c--a-w	C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:12:06	618,496	-c--a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40	1,159,680	-c--a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-18 14:40:58	417,792	-c--a-w	C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 22:54:10	413,696	-c--a-w	C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22	851,968	-c--a-w	C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54	765,952	-c--a-w	C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-02-28 12:00:00	276,480	-c--a-w	C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41	233,472	-c--a-w	C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:12:08	667,136	-c--a-w	C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41	826,368	-c--a-w	C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-23 16:11:43	357,888	----a-w	C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27	347,136	----a-w	C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:11:43	205,312	----a-w	C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27	214,528	----a-w	C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:11:43	55,808	----a-w	C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27	133,120	----a-w	C:\WINDOWS\system32\extmgr.dll
- 2006-10-17 16:58:20	61,952	----a-w	C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28	63,488	----a-w	C:\WINDOWS\system32\icardie.dll
- 2006-02-28 12:00:00	34,304	----a-w	C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25	70,656	----a-w	C:\WINDOWS\system32\ie4uinit.exe
- 2006-02-28 12:00:00	139,264	----a-w	C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29	153,088	----a-w	C:\WINDOWS\system32\ieakeng.dll
- 2006-02-28 12:00:00	216,576	----a-w	C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29	230,400	----a-w	C:\WINDOWS\system32\ieaksie.dll
- 2006-02-28 12:00:00	221,184	----a-w	C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54	161,792	----a-w	C:\WINDOWS\system32\ieakui.dll
- 2006-09-06 04:01:26	2,451,824	----a-w	C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38	2,455,488	----a-w	C:\WINDOWS\system32\ieapfltr.dat
- 2006-10-17 16:27:56	380,928	----a-w	C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29	383,488	----a-w	C:\WINDOWS\system32\ieapfltr.dll
- 2006-02-28 12:00:00	323,584	----a-w	C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29	384,512	----a-w	C:\WINDOWS\system32\iedkcs32.dll
- 2006-02-28 12:00:00	81,920	----a-w	C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 22:45:18	78,336	----a-w	C:\WINDOWS\system32\ieencode.dll
- 2006-10-17 17:33:42	6,049,280	----a-w	C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33	6,066,176	----a-w	C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:11:52	251,904	----a-w	C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 22:54:10	191,488	----a-w	C:\WINDOWS\system32\iepeers.dll
- 2006-02-28 12:00:00	48,640	----a-w	C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33	44,544	----a-w	C:\WINDOWS\system32\iernonce.dll
- 2006-10-17 16:57:20	266,752	----a-w	C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34	267,776	----a-w	C:\WINDOWS\system32\iertutil.dll
- 2006-02-28 12:00:00	62,976	----a-w	C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 22:39:12	55,296	----a-w	C:\WINDOWS\system32\iesetup.dll
- 2007-08-13 22:39:10	13,312	----a-w	C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26	13,824	----a-w	C:\WINDOWS\system32\ieudinit.exe
- 2006-10-17 17:33:40	180,736	----a-w	C:\WINDOWS\system32\ieui.dll
+ 2007-08-13 22:54:10	180,736	----a-w	C:\WINDOWS\system32\ieui.dll
- 2006-02-28 12:00:00	35,840	----a-w	C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 22:36:06	36,352	----a-w	C:\WINDOWS\system32\imgutil.dll
- 2008-06-23 16:11:52	96,256	----a-w	C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 22:39:02	92,672	----a-w	C:\WINDOWS\system32\inseng.dll
- 2007-12-18 14:40:58	450,560	----a-w	C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 22:38:04	491,520	----a-w	C:\WINDOWS\system32\jscript.dll
- 2008-06-23 16:11:52	16,384	----a-w	C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35	27,648	----a-w	C:\WINDOWS\system32\jsproxy.dll
- 2006-02-28 12:00:00	22,016	----a-w	C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 22:44:18	40,960	----a-w	C:\WINDOWS\system32\licmgr10.dll
- 2006-02-28 12:00:00	294,400	----a-w	C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50	294,912	----a-w	C:\WINDOWS\system32\msctf.dll
- 2006-10-17 17:33:40	458,752	----a-w	C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36	459,264	----a-w	C:\WINDOWS\system32\msfeeds.dll
- 2006-10-17 17:33:40	50,688	----a-w	C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36	52,224	----a-w	C:\WINDOWS\system32\msfeedsbs.dll
- 2006-10-17 16:58:32	12,288	----a-w	C:\WINDOWS\system32\msfeedssync.exe
+ 2007-08-13 22:36:40	12,288	----a-w	C:\WINDOWS\system32\msfeedssync.exe
- 2006-02-28 12:00:00	29,184	----a-w	C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 22:32:30	45,568	----a-w	C:\WINDOWS\system32\mshta.exe
- 2008-06-23 16:11:58	3,067,392	----a-w	C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 14:57:40	3,592,192	----a-w	C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:12:00	449,024	----a-w	C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39	477,696	----a-w	C:\WINDOWS\system32\mshtmled.dll
- 2006-02-28 12:00:00	56,832	----a-w	C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 22:01:12	48,128	----a-w	C:\WINDOWS\system32\mshtmler.dll
- 2006-02-28 12:00:00	146,432	----a-w	C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 22:54:10	156,160	----a-w	C:\WINDOWS\system32\msls31.dll
- 2008-06-23 16:12:02	146,432	----a-w	C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39	193,024	----a-w	C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:12:02	532,480	----a-w	C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40	671,232	----a-w	C:\WINDOWS\system32\mstime.dll
- 2006-02-28 12:00:00	96,256	----a-w	C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40	102,912	----a-w	C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:12:02	39,424	----a-w	C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40	44,544	----a-w	C:\WINDOWS\system32\pngfilt.dll
- 2006-02-28 12:00:00	37,888	----a-w	C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40	105,984	----a-w	C:\WINDOWS\system32\url.dll
- 2008-06-23 16:12:06	618,496	----a-w	C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40	1,159,680	----a-w	C:\WINDOWS\system32\urlmon.dll
- 2007-12-18 14:40:58	417,792	----a-w	C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 22:54:10	413,696	----a-w	C:\WINDOWS\system32\vbscript.dll
- 2006-02-28 12:00:00	276,480	----a-w	C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41	233,472	----a-w	C:\WINDOWS\system32\webcheck.dll
- 2006-10-17 17:05:58	206,336	----a-w	C:\WINDOWS\system32\winfxdocobj.exe
+ 2007-08-13 22:45:16	206,336	----a-w	C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-08-22 02:42:28	16,384	-csha-w	C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-08-25 13:23:24	16,384	-csha-w	C:\WINDOWS\Temp\Cookies\index.dat
- 2008-08-22 02:42:28	32,768	-csha-w	C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-08-25 13:23:24	32,768	-csha-w	C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-08-25 13:23:49	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_1c4.dat
- 2008-08-22 02:42:28	32,768	-csha-w	C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 13:23:24	32,768	-csha-w	C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"igndlm.exe"="D:\Download Manager\DLM.exe" [2007-03-05 17:57 1103480]
"Steam"="c:\program files\steam\steam.exe" [2008-08-04 12:12 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-07-24 16:28 35992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 01:57 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 01:57 162584]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 10:21 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 12:48 185896]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2007-12-31 12:48 69632]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 22:36 50688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-19 14:49 1232152]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 05:33 16132608 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 04:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Justin Barna\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP31"= vp31vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
path=
backup=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2007-04-20 01:57 138008 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\WINDOWS\\system32\\lxcgcoms.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 2004\\System\\UT2004.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Steam\\steamapps\\georg777\\counter-strike source\\hl2.exe"=

R1 AluriaFilter;AluriaFilter;C:\WINDOWS\system32\DRIVERS\AlurFltr.sys [2005-05-17 09:23]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-19 14:49]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 14:49]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CAMTHWDM.sys [2008-03-11 09:14]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-12 12:39]
S2 LMIInfo;LogMeIn Kernel Information Provider;D:\x86\RaInfo.sys []
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\@BIOS\markfun.w32 [2007-08-21 11:49]
S3 SunkFilt32;Alcor Micro Corp - 3233;C:\WINDOWS\System32\Drivers\sunkfilt32.sys [2004-08-18 19:44]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2006-02-28 08:00]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-21 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-14 17:10]

2008-08-22 C:\WINDOWS\Tasks\Scan.job
- C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe []

2008-08-25 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe []

2008-08-19 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Justin Barna\Application Data\Mozilla\Firefox\Profiles\d4hvaijv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
.
------- File Associations (Beta) -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 10:21:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\@BIOS\markfun.w32"
.
Completion time: 2008-08-25 10:25:17
ComboFix-quarantined-files.txt  2008-08-25 14:24:14
ComboFix2.txt  2008-08-22 02:58:04
ComboFix3.txt  2008-08-19 22:24:37

Pre-Run: 3,810,078,720 bytes free
Post-Run: 3,855,663,104 bytes free

522	--- E O F ---	2008-08-23 16:37:58


----------



## justin52493x2

My computer is running a lot smoother, thanks for asking. I know that I have two anti-virus's running and I shouldn't. I recently downloaded AVG to see if it would pick anything up. I am either going to keep it closed and only use it from time to time for scans; or delete it. But they are currently not running side by side. And I did remove policies from IE because all I get from there is pop-ups, and for quite some time. The restrictions are set through McAfee. Do you think I should remove the restrictions now that a lot of the malicious bugs are gone?


----------



## ceewi1

If you are going to keep AVG make sure that the *Resident Shield* is disabled.  Even with it disabled, however, AVG is still using system resources and possibly slowing down your system.  My advice would be to uninstall it completely and use an online scanner if you want an alternative to McAfee.

Those Restrictions on Internet Explorer will prevent you from doing certain things with the program (the log isn't specific enough to say exactly what has been restricted).  As you set them yourself, there is no need to remove them unless they become irritating.

Your log is showing no further signs of malware.

Please click on *Start* -> *Run*.  Type *ComboFix /u* and click *OK*.
Note the space between the ComboFix and the /u
This will remove the backups that ComboFix has created as well as the program itself.

You can keep Malwarebytes Anti-Malware, if you like, and use it to run on-demand scans since it is one of the best malware scanners available. 

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer.  While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection.  While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer. 

Please either enable *Automatic Updates* under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly.  They usually have security updates every month.  You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed.   *This is a crucial security measure.*

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here.  Please also remember to enable Spybot's 
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.  

Please *keep these programs up-to-date* and run them whenever you suspect a problem to prevent malware problems.  A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection.  However, it is important to run only one resident program of each type since they can conflict and become less effective.  That means only one antivirus, firewall and scanning anti-spyware program at a time.  Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.  

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs.  If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately.  It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information.  Ask in a security forum that you trust if you are not sure.  If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Hopefully these steps will help to keep you error free.  If you run into more difficulty, we will certainly do what we can to help.


----------



## justin52493x2

I cannot seem to remove AVG from my system, are there any tips or tricks for removing it? It wont let me remove it at all. I've done it through the program files list, and by trying to delete the file manually. I just come up with squat bupkiss. Thanks for everything.


----------



## ceewi1

Try downloading the AVG installer from http://free.avg.com/download?prd=afe.  Run it, and try its uninstall option.  If that fails, try using the installer to reinstall AVG and then try removing it.


----------

