Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Poblems with ad ware and Trojans
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 03-18-2008, 06:42 AM   #1 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Poblems with ad ware and Trojans
my anti malware programmes are reporting repeated problems which I seem to be unable to resolve.

Followed all 5 steps unable to run panda scan.

Note;my computer kept deleting extra.txt

Deckard's System Scanner v20071014.68
Run by Erica on 2008-03-18 12:11:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
18: 2008-03-17 21:20:54 UTC - RP96 - Installed Corel Paint Shop Pro Photo X2.
17: 2008-03-16 19:54:05 UTC - RP95 - Installed Ad-Aware 2007
16: 2008-03-14 16:26:08 UTC - RP94 - Installed Adobe Photoshop Elements 6.0.
15: 2008-03-14 09:28:31 UTC - RP93 - Windows Update
14: 2008-03-13 08:17:40 UTC - RP92 - Windows Update


-- First Restore Point --
1: 2008-02-22 10:21:22 UTC - RP78 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-18 12:13:40
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Erica\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Reminder_MUI] C:\Applications\oem\Reminder\Reminder_MUI.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Erica\AppData\Local\Temp\byxyw.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Erica\AppData\Local\Temp\urqrr.dll,c
O4 - HKCU\..\Run: [BM339dae72] Rundll32.exe "C:\Users\Erica\AppData\Local\Temp\dtdplsrl.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\System32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--
End of file - 9809 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-17 21:46:11 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{A91649C5-27C9-4339-BA30-9B5D8B441BE3}.job
2007-12-25 10:42:38 254 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-02-18 and 2008-03-18 -----------------------------

2008-03-18 12:02:29 0 d-------- C:\Program Files\SpywareBlaster
2008-03-16 19:54:40 0 d-------- C:\Program Files\Lavasoft
2008-03-16 19:53:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 20:43:03 0 dr-h----- C:\$VAULT$.AVG
2008-03-14 16:30:59 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-03 09:21:58 0 d-------- C:\Intel
2008-03-03 09:20:39 0 d-------- C:\Windows\system32\x64
2008-02-18 10:22:28 0 d-------- C:\Program Files\MSXML 4.0


-- Find3M Report ---------------------------------------------------------------

2008-03-18 10:18:43 0 d-------- C:\Users\Erica\AppData\Roaming\AVG7
2008-03-17 22:12:36 5642 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-03-17 22:12:34 168 -r-hs---- C:\Windows\system32\CC5AFB9271.sys
2008-03-17 21:36:55 29298 --a------ C:\Users\Erica\AppData\Roaming\UserTile.png
2008-03-17 21:36:50 0 d-------- C:\Users\Erica\AppData\Roaming\Corel Auto-Preserve
2008-03-17 21:30:40 0 d-------- C:\Users\Erica\AppData\Roaming\Corel
2008-03-17 21:25:50 0 d-------- C:\Program Files\Common Files\Corel
2008-03-17 21:25:13 0 d-------- C:\Program Files\Corel
2008-03-16 19:53:28 0 d-------- C:\Program Files\Common Files
2008-03-16 19:12:53 0 d-------- C:\Users\Erica\AppData\Roaming\PeerNetworking
2008-03-15 19:12:25 0 d-------- C:\Users\Erica\AppData\Roaming\Adobe
2008-03-14 16:30:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-13 08:31:34 0 d-------- C:\Program Files\Windows Mail
2008-02-18 17:25:11 0 d-------- C:\Users\Erica\AppData\Roaming\Intel
2008-02-16 19:59:44 0 d-------- C:\Users\Erica\AppData\Roaming\InstallShield
2008-01-30 19:26:58 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-30 19:25:56 0 d-------- C:\Program Files\Roxio
2008-01-30 19:25:51 0 d-------- C:\Program Files\directx
2008-01-30 19:25:47 57344 --a------ C:\Windows\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-01-30 19:25:47 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-01-25 14:41:16 0 d-------- C:\Program Files\Java
2008-01-25 14:39:03 0 d-------- C:\Program Files\Common Files\Java
2008-01-24 16:19:54 0 d-------- C:\Program Files\Microsoft Works
2008-01-24 16:18:59 0 d-------- C:\Program Files\Microsoft.NET
2007-12-26 11:38:40 0 --a------ C:\Windows\nsreg.dat
2007-12-25 11:14:57 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/05/2007 07:48]
"RtHDVCpl"="RtHDVCpl.exe" [10/04/2007 15:01 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [27/10/2006 12:50]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/02/2007 13:37]
"Keyboard Manager Utility"="C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [02/08/2007 14:33]
"UpdateP2GShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [26/07/2007 21:07]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/10/2007 20:08]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [29/10/2007 22:04]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [26/12/2007 11:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/01/2008 17:07]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/01/2008 17:06]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/01/2008 17:07]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [02/10/2007 14:45]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [28/08/2007 12:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 11:01]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Reminder_MUI"="C:\Applications\oem\Reminder\Reminder_MUI.exe" [20/07/2007 09:15]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"MSServer"="C:\Users\Erica\AppData\Local\Temp\byxyw.dll,#1" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"cmds"="C:\Users\Erica\AppData\Local\Temp\urqrr.dll,c" []
"BM339dae72"="C:\Users\Erica\AppData\Local\Temp\dtdplsrl.dll,s" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 25/12/2007 10:51 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec22836-b309-11dc-8805-001b24b8e31f}]
AutoRun\command- F:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8027 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-18 12:16:14 ------------
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-19-2008, 01:22 PM   #2 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,503
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Poblems with ad ware and Trojans
Hi and welcome to the Security Forum.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments.
  • When the tool is finished, it will produce a report for you.
  • Please post C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-19-2008, 01:40 PM   #3 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
many thanks..I will get started now
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-19-2008, 02:33 PM   #4 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
before I start..I am following the instructions on bleeping computer..but I am using windows vista which came pre installed without cds..my father says.."help!"
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-19-2008, 02:42 PM   #5 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,503
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Poblems with ad ware and Trojans
Ooops! Sorry - just skip that part. Vista has an RC within it's own discs.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-19-2008, 02:59 PM   #6 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
Hello..have run combofix

ComboFix 08-03-18.1 - Erica 2008-03-19 20:51:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.854 [GMT 0:00]
Running from: C:\Users\Erica\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-18 12:11 . 2008-03-18 12:11 <DIR> d-------- C:\Deckard
2008-03-18 12:02 . 2008-03-18 12:02 <DIR> d-------- C:\ProgramData\TEMP
2008-03-18 12:02 . 2008-03-18 12:02 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-18 12:02 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-03-17 21:36 . 2008-03-17 21:36 <DIR> d-------- C:\Users\Erica\AppData\Roaming\Corel Auto-Preserve
2008-03-16 19:54 . 2008-03-16 19:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-16 19:54 . 2008-03-16 19:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-16 19:53 . 2008-03-16 19:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 19:12 . 2008-03-16 19:12 <DIR> d-------- C:\Users\Erica\AppData\Roaming\PeerNetworking
2008-03-14 17:43 . 2008-03-14 17:43 <DIR> d-------- C:\ProgramData\FLEXnet
2008-03-14 16:30 . 2008-03-14 16:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-14 16:26 . 2008-03-14 16:26 209 --a------ C:\Windows\ODBCINST.INI
2008-03-12 09:34 . 2007-12-16 22:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 09:34 . 2007-12-16 09:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-03 09:21 . 2008-03-03 09:21 <DIR> d-------- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 18:27 5,694 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-03-19 10:06 --------- d-----w C:\Users\Erica\AppData\Roaming\AVG7
2008-03-17 21:30 --------- d-----w C:\Users\Erica\AppData\Roaming\Corel
2008-03-17 21:25 --------- d-----w C:\Program Files\Corel
2008-03-17 21:25 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-14 22:36 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-14 22:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-14 16:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:26 43,528 ------w C:\Windows\system32\drivers\PxHelp20.sys
2008-03-14 16:26 129,784 ------w C:\Windows\System32\pxafs.dll
2008-03-14 16:26 118,520 ------w C:\Windows\System32\pxinsi64.exe
2008-03-14 16:26 116,472 ------w C:\Windows\System32\pxcpyi64.exe
2008-03-13 09:20 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-13 08:31 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 08:23 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-18 17:25 --------- d-----w C:\Users\Erica\AppData\Roaming\Intel
2008-02-18 10:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-16 20:02 --------- d-----w C:\ProgramData\Corel
2008-02-16 20:01 456,008 ----a-w C:\ProgramData\pswi_preloaded.exe
2008-02-16 19:59 --------- d-----w C:\Users\Erica\AppData\Roaming\InstallShield
2008-02-14 10:52 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 10:52 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 10:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 10:49 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 10:49 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 10:49 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 10:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 10:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 10:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 10:49 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 10:49 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 10:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 10:49 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 10:49 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 10:48 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 10:48 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 10:48 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 10:48 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 10:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 10:48 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 10:46 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 10:46 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 10:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 10:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-30 19:26 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-30 19:25 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
2008-01-30 19:25 57,344 ----a-w C:\Windows\uneng.exe
2008-01-30 19:25 49,152 ----a-w C:\Windows\System32\cdrtc.dll
2008-01-30 19:25 45,056 ----a-w C:\Windows\System32\cdral.dll
2008-01-30 19:25 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
2008-01-30 19:25 --------- d-----w C:\Program Files\Roxio
2008-01-30 19:25 --------- d-----w C:\Program Files\directx
2008-01-30 19:25 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-01-25 14:41 --------- d-----w C:\Program Files\Java
2008-01-25 14:39 --------- d-----w C:\Program Files\Common Files\Java
2008-01-24 16:19 --------- d-----w C:\Program Files\Microsoft Works
2008-01-24 16:18 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-10 11:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-02 17:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 17:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 17:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 17:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 17:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 17:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 17:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 17:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 16:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 16:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 16:47 104,636 ----a-w C:\Windows\System32\igmedcompkrn.dll
2008-01-02 16:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
2008-01-02 16:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
2008-01-02 16:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 16:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 16:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 16:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 16:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 16:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 16:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 16:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 16:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 16:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 16:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-12-25 11:14 174 --sha-w C:\Program Files\desktop.ini
2007-12-25 11:02 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-25 11:02 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-25 11:02 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-25 11:02 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-25 11:02 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-25 11:02 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-25 11:02 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-25 11:02 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-25 11:02 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-25 11:02 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-25 11:00 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-25 11:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-25 11:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-25 11:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-25 10:59 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-25 10:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 11:01 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 2159104 C:\Windows\System32\oobefldr.dll]
"Reminder_MUI"="C:\Applications\oem\Reminder\Reminder_MUI.exe" [2007-07-20 09:15 1089536]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"cmds"="C:\Users\Erica\AppData\Local\Temp\urqrr.dll" [2008-03-18 11:31 297984]
"BM339dae72"="C:\Users\Erica\AppData\Local\Temp\udpqmald.dll" [2008-03-19 11:32 90688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-21 07:48 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 15:01 4431872 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 12:50 815104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872]
"Keyboard Manager Utility"="C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 14:33 4128768]
"UpdateP2GShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 21:07 202024]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-01 20:08 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-10-29 22:04 451896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-26 11:34 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 14:45 67488]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 10:51 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-25 10:51 9216 C:\Windows\System32\avgwlntf.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{86BF0581-A4DA-48D3-BA6A-D95A8AC8F3FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BB040AC2-C201-473D-91B7-3C2C275F081A}"= TCP:67:DHCP Discovery Service
"{EF606680-15EC-452C-9081-BBFFAA996141}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DA9D7BBF-2096-4DC5-842A-FDD48BD3AB31}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F134E217-8248-4867-A040-B3245A14BA0D}"= TCP:67:DHCP Discovery Service
"{A8E63A23-81D7-4DAF-80DC-5C6F6F64579B}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{C00C7FB3-EEE9-4E9E-9961-FD0420652DFC}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E0F258DF-A764-4169-A662-B5D969968C55}"= UDP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{0B86AB5A-574C-40FD-80E0-7ECC7989E26D}"= TCP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 09:20]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 qkbfiltr;Keyboard Filter Driver;C:\Windows\system32\DRIVERS\qkbfiltr.sys [2007-02-01 08:38]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-13 08:12]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-01-30 19:25]
S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-01-30 19:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec22836-b309-11dc-8805-001b24b8e31f}]
\shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 10:42:38 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-19 15:23:06 C:\Windows\Tasks\User_Feed_Synchronization-{A91649C5-27C9-4339-BA30-9B5D8B441BE3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 20:54:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\Erica\AppData\Local\Temp\udpqmald.dll
-> C:\Users\Erica\AppData\Local\Temp\urqrr.dll
.
Completion time: 2008-03-19 20:55:16
.
2008-03-19 10:08:22 --- E O F ---
__________________
Cymru am byth
Last edited by Kaleidoscope; 03-19-2008 at 03:01 PM.
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-19-2008, 03:23 PM   #7 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,503
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Poblems with ad ware and Trojans
It will take some time to review the log. Have a coffee (or something stronger) till I return.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-19-2008, 04:21 PM   #8 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,503
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Poblems with ad ware and Trojans
Hi again

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
File::
C:\Users\Erica\AppData\Local\Temp\urqrr.dll
C:\Users\Erica\AppData\Local\Temp\udpqmald.dll

Folder::
C:\Program Files\Windows Sidebar

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
"cmds"=-
"BM339dae72"=-
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review.




HijackThis
Please download HijackThis. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis.

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the HijackThis log file here. Do not fix anything in HijackThis as many entries are harmless.
Make sure to include the System information at the top of the log as well.


Can you also let me know how your system is running now?
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-19-2008, 06:07 PM   #9 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
I ran combo fix as requested..it seemed to delete an awful lot of windiws files such as my desktop side bar..it completed all steps..then ended without saving combo fix .txt, my computers settings have now been altered and my desktop background has vanished as have my desktop tools etc..please advise..and thanks for your help so far
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-20-2008, 05:25 AM   #10 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
Hello

on turning on my computer this morning I discovered catchme.zip, which I have not touched and also catchme.log, I cannot find a combo fix .log, so have enclosed the text in the catchme.log

file zipped: C:\Program Files\Windows Sidebar\sbdrop.dll -> catchme.zip -> sbdrop.dll ( 66048 bytes )
PE file "C:\Program Files\Windows Sidebar\sbdrop.dll" killed successfully
file zipped: C:\Program Files\Windows Sidebar\settings.ini -> catchme.zip -> settings.ini ( 1084 bytes )
error: C:\Program Files\Windows Sidebar\settings.ini is not a PE file
PE file "C:\Program Files\Windows Sidebar\settings.ini" killed successfully
file zipped: C:\Program Files\Windows Sidebar\sidebar.exe -> catchme.zip -> sidebar.exe ( 1232896 bytes )
PE file "C:\Program Files\Windows Sidebar\sidebar.exe" killed successfully
file zipped: C:\Program Files\Windows Sidebar\wlsrvc.dll -> catchme.zip -> wlsrvc.dll ( 63488 bytes )
PE file "C:\Program Files\Windows Sidebar\wlsrvc.dll" killed successfully
file zipped: C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui -> catchme.zip -> sbdrop.dll.mui ( 2560 bytes )
PE file "C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui" killed successfully
file zipped: C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui -> catchme.zip -> Sidebar.exe.mui ( 23552 bytes )
PE file "C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png -> catchme.zip -> drag.png ( 6772 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png -> catchme.zip -> icon.png ( 3347 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png -> catchme.zip -> logo.png ( 6166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html -> catchme.zip -> calendar.html ( 18874 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml -> catchme.zip -> gadget.xml ( 944 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css -> catchme.zip -> calendar.css ( 4331 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js -> catchme.zip -> calendar.js ( 67864 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png -> catchme.zip -> bg-desk.png ( 1702 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png -> catchme.zip -> bg-dock.png ( 1367 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png -> catchme.zip -> bg-today.png ( 1174 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png -> catchme.zip -> bNext-disable.png ( 201 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png -> catchme.zip -> bNext-down.png ( 413 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png -> catchme.zip -> bNext-hot.png ( 578 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png -> catchme.zip -> bNext.png ( 203 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png -> catchme.zip -> bPrev-disable.png ( 217 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png -> catchme.zip -> bPrev-down.png ( 409 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png -> catchme.zip -> bPrev-hot.png ( 574 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png -> catchme.zip -> bPrev.png ( 216 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png -> catchme.zip -> calendar_double.png ( 2262 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png -> catchme.zip -> calendar_double_bkg.png ( 3009 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png -> catchme.zip -> calendar_double_orange.png ( 3541 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png -> catchme.zip -> calendar_ring_docked.png ( 3026 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png -> catchme.zip -> calendar_single.png ( 1500 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png -> catchme.zip -> calendar_single_bkg.png ( 3544 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png -> catchme.zip -> calendar_single_bkg_orange.png ( 4773 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png -> catchme.zip -> calendar_single_orange.png ( 2726 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png -> catchme.zip -> corner.png ( 214 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png -> catchme.zip -> curl-hot.png ( 1016 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png -> catchme.zip -> curl.png ( 896 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png -> catchme.zip -> month.png ( 150 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png -> catchme.zip -> rings-desk.png ( 502 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png -> catchme.zip -> rings-dock.png ( 334 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png -> catchme.zip -> drag.png.1 ( 23429 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png -> catchme.zip -> icon.png.1 ( 11788 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png -> catchme.zip -> logo.png.1 ( 6166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html -> catchme.zip -> clock.html ( 4108 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml -> catchme.zip -> gadget.xml.1 ( 927 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html -> catchme.zip -> settings.html ( 10546 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css -> catchme.zip -> clock.css ( 674 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css -> catchme.zip -> settings.css ( 1374 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js -> catchme.zip -> clock.js ( 26074 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js -> catchme.zip -> settings.js ( 17060 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js -> catchme.zip -> timeZones.js ( 13164 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png -> catchme.zip -> cronometer.png ( 31260 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png -> catchme.zip -> cronometer_dot.png ( 306 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png -> catchme.zip -> cronometer_h.png ( 381 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_highlights.png -> catchme.zip -> cronometer_highlights.png ( 5716 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_highlights.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_highlights.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png -> catchme.zip -> cronometer_m.png ( 434 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png -> catchme.zip -> cronometer_s.png ( 3171 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png -> catchme.zip -> cronometer_settings.png ( 38263 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png -> catchme.zip -> diner.png ( 30641 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png -> catchme.zip -> diner_dot.png ( 2944 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png -> catchme.zip -> diner_h.png ( 368 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png -> catchme.zip -> diner_m.png ( 402 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png -> catchme.zip -> diner_s.png ( 2956 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png -> catchme.zip -> diner_settings.png ( 32695 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png -> catchme.zip -> flower.png ( 32775 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png -> catchme.zip -> flower_dot.png ( 321 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png -> catchme.zip -> flower_h.png ( 388 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png -> catchme.zip -> flower_m.png ( 439 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png -> catchme.zip -> flower_s.png ( 3092 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png -> catchme.zip -> flower_settings.png ( 33403 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png -> catchme.zip -> modern.png ( 15614 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png -> catchme.zip -> modern_dot.png ( 2966 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png -> catchme.zip -> modern_h.png ( 2922 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png -> catchme.zip -> modern_m.png ( 2940 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png -> catchme.zip -> modern_s.png ( 3038 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png -> catchme.zip -> modern_settings.png ( 20945 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png -> catchme.zip -> novelty.png ( 25608 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png -> catchme.zip -> novelty_dot.png ( 2903 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png -> catchme.zip -> novelty_h.png ( 2959 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png -> catchme.zip -> novelty_m.png ( 2979 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png -> catchme.zip -> novelty_s.png ( 2919 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png -> catchme.zip -> novelty_settings.png ( 28718 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png -> catchme.zip -> settings_box_bottom.png ( 140 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png -> catchme.zip -> settings_box_divider_left.png ( 135 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png -> catchme.zip -> settings_box_divider_right.png ( 135 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png -> catchme.zip -> settings_box_left.png ( 137 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png -> catchme.zip -> settings_box_right.png ( 137 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png -> catchme.zip -> settings_box_top.png ( 137 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png -> catchme.zip -> settings_corner_bottom_left.png ( 168 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png -> catchme.zip -> settings_corner_bottom_right.png ( 165 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png -> catchme.zip -> settings_corner_top_left.png ( 166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png -> catchme.zip -> settings_corner_top_right.png ( 168 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png -> catchme.zip -> settings_divider.png ( 131 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png -> catchme.zip -> settings_divider_left.png ( 145 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png -> catchme.zip -> settings_divider_right.png ( 139 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png -> catchme.zip -> settings_left_disabled.png ( 697 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png -> catchme.zip -> settings_left_hover.png ( 1050 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png -> catchme.zip -> settings_left_pressed.png ( 1124 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png -> catchme.zip -> settings_left_rest.png ( 855 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png -> catchme.zip -> settings_right_disabled.png ( 697 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png -> catchme.zip -> settings_right_hover.png ( 1047 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png -> catchme.zip -> settings_right_pressed.png ( 1119 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png -> catchme.zip -> settings_right_rest.png ( 856 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png -> catchme.zip -> spacer_highlights.png ( 288 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png -> catchme.zip -> square.png ( 20140 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png -> catchme.zip -> square_dot.png ( 240 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png -> catchme.zip -> square_h.png ( 475 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_highlights.png -> catchme.zip -> square_highlights.png ( 8300 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_highlights.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_highlights.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png -> catchme.zip -> square_m.png ( 458 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png -> catchme.zip -> square_s.png ( 3119 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png -> catchme.zip -> square_settings.png ( 22050 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png -> catchme.zip -> system.png ( 20891 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png -> catchme.zip -> system_dot.png ( 243 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png -> catchme.zip -> system_h.png ( 206 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_highlights.png -> catchme.zip -> system_highlights.png ( 20102 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_highlights.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_highlights.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png -> catchme.zip -> system_m.png ( 206 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png -> catchme.zip -> system_s.png ( 3003 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png -> catchme.zip -> system_settings.png ( 28393 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png -> catchme.zip -> trad.png ( 19515 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png -> catchme.zip -> trad_dot.png ( 3019 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png -> catchme.zip -> trad_h.png ( 351 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_highlights.png -> catchme.zip -> trad_highlights.png ( 7387 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_highlights.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_highlights.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png -> catchme.zip -> trad_m.png ( 361 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png -> catchme.zip -> trad_s.png ( 3000 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png -> catchme.zip -> trad_settings.png ( 21381 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\drag.png -> catchme.zip -> drag.png.2 ( 8839 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\drag.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\drag.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\icon.png -> catchme.zip -> icon.png.2 ( 11125 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\icon.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\icon.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\logo.png -> catchme.zip -> logo.png.2 ( 6166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\logo.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\logo.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\contacts.html -> catchme.zip -> contacts.html ( 11865 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\contacts.html is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\contacts.html" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\gadget.xml -> catchme.zip -> gadget.xml.2 ( 1026 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\gadget.xml is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\gadget.xml" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\css\contacts.css -> catchme.zip -> contacts.css ( 1167 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\css\contacts.css is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\css\contacts.css" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\js\contacts.js -> catchme.zip -> contacts.js ( 22763 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\js\contacts.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\js\contacts.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\box.png -> catchme.zip -> box.png ( 378 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\box.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\box.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\homePhone.png -> catchme.zip -> homePhone.png ( 2900 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\homePhone.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\homePhone.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-desk.png -> catchme.zip -> ltr-desk.png ( 15382 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-desk.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-desk.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-dock-detail.png -> catchme.zip -> ltr-dock-detail.png ( 4374 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-dock-detail.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-dock-detail.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-dock.png -> catchme.zip -> ltr-dock.png ( 4399 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-dock.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-dock.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_hover.png -> catchme.zip -> ltr-stocks_clear_hover.png ( 557 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_pressed.png -> catchme.zip -> ltr-stocks_clear_pressed.png ( 3312 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_rest.png -> catchme.zip -> ltr-stocks_clear_rest.png ( 449 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_clear_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_hover.png -> catchme.zip -> ltr-stocks_search_hover.png ( 850 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_pressed.png -> catchme.zip -> ltr-stocks_search_pressed.png ( 850 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_rest.png -> catchme.zip -> ltr-stocks_search_rest.png ( 850 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\ltr-stocks_search_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\mobilePhone.png -> catchme.zip -> mobilePhone.png ( 2937 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\mobilePhone.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\mobilePhone.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-desk.png -> catchme.zip -> rtl-desk.png ( 15218 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-desk.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-desk.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-dock-detail.png -> catchme.zip -> rtl-dock-detail.png ( 4334 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-dock-detail.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-dock-detail.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-dock.png -> catchme.zip -> rtl-dock.png ( 4707 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-dock.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-dock.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_hover.png -> catchme.zip -> rtl-stocks_clear_hover.png ( 557 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_pressed.png -> catchme.zip -> rtl-stocks_clear_pressed.png ( 562 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_rest.png -> catchme.zip -> rtl-stocks_clear_rest.png ( 449 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_clear_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_hover.png -> catchme.zip -> rtl-stocks_search_hover.png ( 830 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_pressed.png -> catchme.zip -> rtl-stocks_search_pressed.png ( 830 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_rest.png -> catchme.zip -> rtl-stocks_search_rest.png ( 830 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\rtl-stocks_search_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\sbbg.png -> catchme.zip -> sbbg.png ( 3627 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\sbbg.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\sbbg.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\sbth.png -> catchme.zip -> sbth.png ( 598 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\sbth.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\sbth.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\searchbox.png -> catchme.zip -> searchbox.png ( 3137 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\searchbox.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\searchbox.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\tile.png -> catchme.zip -> tile.png ( 4552 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\tile.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\tile.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\workPhone.png -> catchme.zip -> workPhone.png ( 2868 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\workPhone.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\images\workPhone.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png -> catchme.zip -> drag.png.3 ( 20252 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png -> catchme.zip -> icon.png.3 ( 9186 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png -> catchme.zip -> logo.png.3 ( 6166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html -> catchme.zip -> cpu.html ( 4408 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml -> catchme.zip -> gadget.xml.3 ( 917 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css -> catchme.zip -> cpu.css ( 782 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js -> catchme.zip -> cpu.js ( 22590 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png -> catchme.zip -> back.png ( 17126 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png -> catchme.zip -> back_lrg.png ( 26193 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png -> catchme.zip -> dial.png ( 346 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png -> catchme.zip -> dialdot.png ( 3217 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png -> catchme.zip -> dialdot_lrg.png ( 4042 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png -> catchme.zip -> dial_lrg.png ( 3081 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png -> catchme.zip -> dial_lrg_sml.png ( 3075 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png -> catchme.zip -> dial_sml.png ( 3026 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png -> catchme.zip -> glass.png ( 308 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png -> catchme.zip -> glass_lrg.png ( 443 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png -> catchme.zip -> drag.png.4 ( 16491 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png -> catchme.zip -> icon.png.4 ( 6889 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png -> catchme.zip -> logo.png.4 ( 5930 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html -> catchme.zip -> currency.html ( 5558 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml -> catchme.zip -> gadget.xml.4 ( 1806 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css -> catchme.zip -> currency.css ( 17462 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js -> catchme.zip -> currency.js ( 63504 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js -> catchme.zip -> library.js ( 6204 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js -> catchme.zip -> localizedStrings.js ( 9726 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js -> catchme.zip -> service.js ( 5574 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png -> catchme.zip -> activity16v.png ( 12585 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png -> catchme.zip -> add_down.png ( 512 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png -> catchme.zip -> add_over.png ( 420 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png -> catchme.zip -> add_up.png ( 228 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png -> catchme.zip -> base-docked.png ( 16491 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png -> catchme.zip -> base-undocked-2.png ( 43622 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png -> catchme.zip -> base-undocked-3.png ( 54042 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png -> catchme.zip -> base-undocked-4.png ( 62016 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png -> catchme.zip -> combo-hover-left.png ( 2963 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png -> catchme.zip -> combo-hover-middle.png ( 2885 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png -> catchme.zip -> combo-hover-right.png ( 2979 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png -> catchme.zip -> delete_down.png ( 772 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png -> catchme.zip -> delete_over.png ( 696 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png -> catchme.zip -> delete_up.png ( 477 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png -> catchme.zip -> graph_down.png ( 3268 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png -> catchme.zip -> graph_over.png ( 3428 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png -> catchme.zip -> graph_up.png ( 2929 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png -> catchme.zip -> info.png ( 729 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png -> catchme.zip -> row_over.png ( 3034 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png -> catchme.zip -> triangle.png ( 2831 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\drag.png -> catchme.zip -> drag.png.5 ( 5011 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\drag.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\drag.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\icon.png -> catchme.zip -> icon.png.5 ( 2329 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\icon.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\icon.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\logo.png -> catchme.zip -> logo.png.5 ( 6166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\logo.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\logo.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\gadget.xml -> catchme.zip -> gadget.xml.5 ( 922 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\gadget.xml is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\gadget.xml" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\notes.html -> catchme.zip -> notes.html ( 7304 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\notes.html is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\notes.html" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\settings.html -> catchme.zip -> settings.html.1 ( 9088 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\settings.html is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\settings.html" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\css\notes.css -> catchme.zip -> notes.css ( 2854 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\css\notes.css is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\css\notes.css" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\css\settings.css -> catchme.zip -> settings.css.1 ( 1126 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\css\settings.css is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\css\settings.css" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\js\notes.js -> catchme.zip -> notes.js ( 54850 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\js\notes.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\js\notes.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\js\settings.js -> catchme.zip -> settings.js.1 ( 12016 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\js\settings.js is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\js\settings.js" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_bottom.png -> catchme.zip -> settings_box_bottom.png.1 ( 140 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_bottom.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_bottom.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_divider_left.png -> catchme.zip -> settings_box_divider_left.png.1 ( 135 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_divider_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_divider_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_divider_right.png -> catchme.zip -> settings_box_divider_right.png.1 ( 135 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_divider_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_divider_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_left.png -> catchme.zip -> settings_box_left.png.1 ( 137 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_right.png -> catchme.zip -> settings_box_right.png.1 ( 137 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_top.png -> catchme.zip -> settings_box_top.png.1 ( 137 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_top.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_box_top.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_bottom_left.png -> catchme.zip -> settings_corner_bottom_left.png.1 ( 168 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_bottom_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_bottom_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_bottom_right.png -> catchme.zip -> settings_corner_bottom_right.png.1 ( 165 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_bottom_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_bottom_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_top_left.png -> catchme.zip -> settings_corner_top_left.png.1 ( 166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_top_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_top_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_top_right.png -> catchme.zip -> settings_corner_top_right.png.1 ( 168 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_top_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_corner_top_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider.png -> catchme.zip -> settings_divider.png.1 ( 131 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider_left.png -> catchme.zip -> settings_divider_left.png.1 ( 145 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider_left.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider_left.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider_right.png -> catchme.zip -> settings_divider_right.png.1 ( 139 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider_right.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_divider_right.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_disabled.png -> catchme.zip -> settings_left_disabled.png.1 ( 697 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_disabled.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_disabled.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_hover.png -> catchme.zip -> settings_left_hover.png.1 ( 1050 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_pressed.png -> catchme.zip -> settings_left_pressed.png.1 ( 1124 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_rest.png -> catchme.zip -> settings_left_rest.png.1 ( 855 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_left_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_disabled.png -> catchme.zip -> settings_right_disabled.png.1 ( 697 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_disabled.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_disabled.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_hover.png -> catchme.zip -> settings_right_hover.png.1 ( 1047 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_pressed.png -> catchme.zip -> settings_right_pressed.png.1 ( 1119 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_rest.png -> catchme.zip -> settings_right_rest.png.1 ( 856 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\settings_right_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_blue.png -> catchme.zip -> sticky_blue.png ( 12502 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_blue.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_blue.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_blue_docked.png -> catchme.zip -> sticky_blue_docked.png ( 7232 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_blue_docked.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_blue_docked.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_disabled.png -> catchme.zip -> sticky_delete_disabled.png ( 295 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_disabled.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_disabled.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_hover.png -> catchme.zip -> sticky_delete_hover.png ( 718 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_pressed.png -> catchme.zip -> sticky_delete_pressed.png ( 520 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_rest.png -> catchme.zip -> sticky_delete_rest.png ( 316 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_delete_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_green.png -> catchme.zip -> sticky_green.png ( 12158 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_green.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_green.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_green_docked.png -> catchme.zip -> sticky_green_docked.png ( 7199 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_green_docked.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_green_docked.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_disabled.png -> catchme.zip -> sticky_left_disabled.png ( 217 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_disabled.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_disabled.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_hover.png -> catchme.zip -> sticky_left_hover.png ( 574 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_pressed.png -> catchme.zip -> sticky_left_pressed.png ( 409 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_rest.png -> catchme.zip -> sticky_left_rest.png ( 216 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_left_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_pink.png -> catchme.zip -> sticky_pink.png ( 12728 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_pink.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_pink.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_pink_docked.png -> catchme.zip -> sticky_pink_docked.png ( 7219 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_pink_docked.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_pink_docked.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_disabled.png -> catchme.zip -> sticky_plus_disabled.png ( 166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_disabled.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_disabled.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_hover.png -> catchme.zip -> sticky_plus_hover.png ( 508 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_pressed.png -> catchme.zip -> sticky_plus_pressed.png ( 366 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_rest.png -> catchme.zip -> sticky_plus_rest.png ( 166 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_plus_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_purple.png -> catchme.zip -> sticky_purple.png ( 12440 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_purple.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_purple.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_purple_docked.png -> catchme.zip -> sticky_purple_docked.png ( 7248 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_purple_docked.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_purple_docked.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_disabled.png -> catchme.zip -> sticky_right_disabled.png ( 201 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_disabled.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_disabled.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_hover.png -> catchme.zip -> sticky_right_hover.png ( 578 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_hover.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_hover.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_pressed.png -> catchme.zip -> sticky_right_pressed.png ( 413 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_pressed.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_pressed.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_rest.png -> catchme.zip -> sticky_right_rest.png ( 203 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_rest.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_right_rest.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_well.png -> catchme.zip -> sticky_well.png ( 549 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_well.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_well.png" killed successfully
file zipped: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_white.png -> catchme.zip -> sticky_white.png ( 11334 bytes )
error: C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_white.png is not a PE file
PE file "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_white.png" killed successfully
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-20-2008, 05:11 PM   #11 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
Hi Iain, thanks for all your help so far, system restore worked and here is my latest dss scan


Deckard's System Scanner v20071014.68
Run by Erica on 2008-03-20 23:02:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-20 23:03:19
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\igfxext.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Users\Erica\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Reminder_MUI] C:\Applications\oem\Reminder\Reminder_MUI.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Erica\AppData\Local\Temp\byxyw.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM339dae72] Rundll32.exe "C:\Users\Erica\AppData\Local\Temp\dtdplsrl.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\System32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--
End of file - 9719 bytes

-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

2008-03-19 23:53:32 0 d-------- C:\ComboFix(3)
2008-03-18 12:02:29 0 d-------- C:\Program Files\SpywareBlaster
2008-03-16 19:54:40 0 d-------- C:\Program Files\Lavasoft
2008-03-16 19:53:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 20:43:03 0 dr-h----- C:\$VAULT$.AVG
2008-03-14 16:30:59 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-03 09:21:58 0 d-------- C:\Intel


-- Find3M Report ---------------------------------------------------------------

2008-03-20 22:58:53 0 d-------- C:\Users\Erica\AppData\Roaming\AVG7
2008-03-20 22:54:54 0 d-------- C:\Program Files\Windows Sidebar
2008-03-18 21:02:23 5642 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-03-18 21:02:23 168 -rahs---- C:\Windows\system32\CC5AFB9271.sys
2008-03-17 21:36:55 29298 --a------ C:\Users\Erica\AppData\Roaming\UserTile.png
2008-03-17 21:36:50 0 d-------- C:\Users\Erica\AppData\Roaming\Corel Auto-Preserve <CORELA~1>
2008-03-17 21:30:40 0 d-------- C:\Users\Erica\AppData\Roaming\Corel
2008-03-17 21:25:50 0 d-------- C:\Program Files\Common Files\Corel
2008-03-17 21:25:13 0 d-------- C:\Program Files\Corel
2008-03-16 19:53:28 0 d-------- C:\Program Files\Common Files
2008-03-16 19:12:53 0 d-------- C:\Users\Erica\AppData\Roaming\PeerNetworking
2008-03-15 19:12:25 0 d-------- C:\Users\Erica\AppData\Roaming\Adobe
2008-03-14 16:30:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-13 08:31:34 0 d-------- C:\Program Files\Windows Mail
2008-02-18 17:25:11 0 d-------- C:\Users\Erica\AppData\Roaming\Intel
2008-02-18 10:22:28 0 d-------- C:\Program Files\MSXML 4.0
2008-02-16 19:59:44 0 d-------- C:\Users\Erica\AppData\Roaming\InstallShield
2008-01-30 19:26:58 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-30 19:25:56 0 d-------- C:\Program Files\Roxio
2008-01-30 19:25:51 0 d-------- C:\Program Files\directx
2008-01-30 19:25:47 57344 --a------ C:\Windows\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-01-30 19:25:47 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-01-25 14:41:16 0 d-------- C:\Program Files\Java
2008-01-25 14:39:03 0 d-------- C:\Program Files\Common Files\Java
2008-01-24 16:19:54 0 d-------- C:\Program Files\Microsoft Works
2008-01-24 16:18:59 0 d-------- C:\Program Files\Microsoft.NET
2007-12-26 11:38:40 0 --a------ C:\Windows\nsreg.dat
2007-12-25 11:14:57 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/05/2007 07:48]
"RtHDVCpl"="RtHDVCpl.exe" [10/04/2007 15:01 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [27/10/2006 12:50]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/02/2007 13:37]
"Keyboard Manager Utility"="C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [02/08/2007 14:33]
"UpdateP2GShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [26/07/2007 21:07]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/10/2007 20:08]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [29/10/2007 22:04]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [26/12/2007 11:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/01/2008 17:07]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/01/2008 17:06]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/01/2008 17:07]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [02/10/2007 14:45]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [28/08/2007 12:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 11:01]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Reminder_MUI"="C:\Applications\oem\Reminder\Reminder_MUI.exe" [20/07/2007 09:15]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"MSServer"="C:\Users\Erica\AppData\Local\Temp\byxyw.dll,#1" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"BM339dae72"="C:\Users\Erica\AppData\Local\Temp\dtdplsrl.dll,s" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 25/12/2007 10:51 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec22836-b309-11dc-8805-001b24b8e31f}]
AutoRun\command- F:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-20 23:03:51 ------------
Attached Files
File Type: txt extra.txt (14.1 KB, 0 views)
__________________
Cymru am byth
Last edited by Kaleidoscope; 03-20-2008 at 05:14 PM.
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-21-2008, 10:05 AM   #12 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,503
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Poblems with ad ware and Trojans
Hi again Erica

Good work. Let's run a couple of alternate scanners first and see what they pickup. These should be fairly quick to complete.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



VundoFix
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:

-> Click on the Malwarebytes' Anti-Malware icon to launch the program.
-> Click on the Logs tab.
-> Click on the log at the bottom of those listed to highlight it.
-> Click Open.

Copy & Paste the entire report in your next reply.


Please post back with C:\vundofix.txt, malwarebytes log and a fresh HijackThis Log.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-21-2008, 12:40 PM   #13 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
Hi Iain, vundofix found nothing so there is no vundo fix .txt..but here are my malaware bytes log and hijackthis log

Malwarebytes' Anti-Malware 1.09
Database version: 518

Scan type: Quick Scan
Objects scanned: 31078
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:51, on 21/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Erica\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.philips.com/pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Reminder_MUI] C:\Applications\oem\Reminder\Reminder_MUI.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM339dae72] Rundll32.exe "C:\Users\Erica\AppData\Local\Temp\dtdplsrl.dll",s
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8172 bytes
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-21-2008, 12:54 PM   #14 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,503
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Poblems with ad ware and Trojans
Hi Erica.

The fact that VundoFix didn't find anything is good.


Download AVG Anti Spyware

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG AS
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Do not Automatically generate report after every scan"
When you have finished updating, EXIT AVG Anti Spyware.

Do not run a scan just yet - we will do so later.


Reboot
Reboot your system in Safe Mode.
  • Restart the computer. The computer begins processing a set of instructions known as BIOS.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
  • Instead of Windows loading as normal, a menu should appear
  • Use the arrow key to highlight Safe Mode and press Enter.



AVG Anti Spyware
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
Note that this scan may take an hour.


Online Scan
Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner

Next Click on Kaspersky Online Scanner


A Welcome screen will appear - click 'Accept' at the bottom. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
  • Extended
Scan Options:
  • Scan Archives
  • Scan Mail Bases
Click OK

Now under select a target to scan: Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note of the name(s) and location(s) of any file(s) it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


Please post back with the Kaspersky Log, AVG AS Log and a fresh HijackThis Log.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-21-2008, 04:40 PM   #15 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Problems with ad ware and Trojans
performed scans as requested..here are the log files

avg log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:26:44 21/03/2008

+ Scan result:



:mozilla.429:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.467:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.94:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.96:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.97:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.98:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.99:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.257:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.258:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.259:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.260:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.261:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.344:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.345:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.708:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.523:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.524:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Users\Erica\AppData\Roaming\Microsoft\Windows\Cookies\erica@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.188:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.189:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.190:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.191:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.192:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.468:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.83:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.84:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.85:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.86:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.87:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.88:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.89:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.104:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.105:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.106:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.107:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.108:C:\Users\Erica\AppData\Roaming\Mozilla\Firefox\Profiles\fn3xbngi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.


::Report end


Kaspersky log would not save to my documents or desktop..it kept defaulting to my temporary internet files..and I cant find it..my father is not about at the moment so will try and help me find it tomorrow.


hijackthislog.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:54, on 21/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Erica\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.philips.com/pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Reminder_MUI] C:\Applications\oem\Reminder\Reminder_MUI.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM339dae72] Rundll32.exe "C:\Users\Erica\AppData\Local\Temp\dtdplsrl.dll",s
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8650 bytes

thanks for your help so far Iain..my father says you are probably cursing him
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-22-2008, 02:15 PM   #16 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
Hi, thank you for your help so far

I have run an other kaspersky scan and tried again to save it..but my computer keeps giving me this message "For your security, windows has saved this to your temporary internet files"..and then when I go into my temp internet files..the file is not there..please advise
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-22-2008, 02:44 PM   #17 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,503
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Poblems with ad ware and Trojans
Hi Erica

Your father often curses me, so no change there.

Ignore Kaspersky for now.



Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



HijackThis Entries
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O4 - HKCU\..\Run: [BM339dae72] Rundll32.exe "C:\Users\Erica\AppData\Local\Temp\dtdplsrl.dll",s

Please remember to close all other windows, including browsers then click Fix checked.




File Deletions
Delete the following File indicated in RED if it still exists.

C:\Users\Erica\AppData\Local\Temp\dtdplsrl.dll

Note: If it proves to be stubborn, you may have to boot to Safe Mode to delete it.


Post back with a fresh HijackThis Log. If you do find Kaspersky then please post the log. How is your system running now?
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-22-2008, 03:52 PM   #18 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
Hi Iain

Im on vista..and do not have "my computer"..just "computer" but if I click on that..it doesnt lead me to the options you describe..unfortunately i cant find that facility.. Im quite new to this operating system so still finding my way around it. I will not be online again tonight but will check back very early tomorrow morning before I go to work
__________________
Cymru am byth
Last edited by Kaleidoscope; 03-22-2008 at 04:16 PM.
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-23-2008, 03:38 PM   #19 (permalink)
Registered User
 
Kaleidoscope's Avatar
 
Join Date: Mar 2007
Location: North Wales
Posts: 54
OS: Vista


Re: Poblems with ad ware and Trojans
Hi Iain

Have spoken with my father today and he has guided me through show hidden files..It emerges that show hidden files was checked already..but still no kapersky file...anyway have followed the rest of your post and deleted said file and here is my new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:02, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\mobsync.exe
C:\Users\Erica\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.philips.com/pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Reminder_MUI] C:\Applications\oem\Reminder\Reminder_MUI.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8488 bytes
__________________
Cymru am byth
Kaleidoscope is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-23-2008, 04:31 PM   #20 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,503
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Poblems with ad ware and Trojans
Hi Erica

Logs are looking clean. I see you have AVG installed - did it flag up the original problem? Can you run a full system scan with your AVG and let me know if it finds anything?
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:41 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85