Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Yoog Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Yoog Removal

Unread postby smurphie » May 10th, 2009, 4:00 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:25 PM, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6070510
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6070510
O2 - BHO: trueads search enhancer - {04D3B09C-972F-70B5-9A62-4E0B099182AC} - C:\WINDOWS\system32\fyjiewajwvluo.dll
O2 - BHO: trueads - {07b2b486-dcba-8285-7ea9-66cc07f1000b} - C:\WINDOWS\system32\nsn1EB.dll
O2 - BHO: (no name) - {10998ace-32d8-464d-821a-a001085d0967} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4459B80A-615D-48C0-BE97-84F862177DC9} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DCB32851-7528-48F9-A533-D6C6DAFFDB7B} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O20 - Winlogon Notify: urqnoli - urqnoli.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11427 bytes[color=#FF00BF]
Hi. My problem is www27.yoog.com. It has hijacked my homepage & I'm not sure what else. I have tried a few things, but I am not very computer savvy, so I am asking for help in restoring my homepage. I use firefox for my browser. I do not believe the other users are affected. Thank you
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm
Advertisement
Register to Remove

Re: Yoog Removal

Unread postby turtledove » May 14th, 2009, 1:44 am

Hello smurphie and welcome to the forums :)

I am turtledove, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 5 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*If you can do the above all should go well.
*Please do not run any other tools/scans unless requested*
**Please be sure you have read the Notice about Peer to Peer at the top of this forum**
Link: viewtopic.php?f=11&t=33112

**As I am an Undergrad, my responses will be approved by an Expert/Teacher before I post to you; therefore it may take a tad bit more time to reply.
Thanks for your patience.


Since it has been some time since your above post, please post the following logs. I will go over the new logs and return as soon as possible.

Step 1
Please make an Uninstall list :
To access the Uninstall Manager, please do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.

Step 2
Rerun HijackThis and Save the log.

Post the HijackThis and the Uninstall list using the Reply button.

Thank you
turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 14th, 2009, 2:50 pm

Turtledove...... here you go. Thanks.

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Adobe Shockwave Player
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVIConverter Smart
Bonjour
ccCommon
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Digital Line Detect
DivX Content Uploader
DivX Web Player
Drivers Install For Linksys Easylink Advisor
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
LimeWire 5.1.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.10)
MP3 Player Utilities 1.47
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Norton WMI Update
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Sonic Activation Module
Sonic Update Manager
SPBBC
Spyware Doctor 6.0
Symantec
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URGE
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Vuze
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 14th, 2009, 8:18 pm

Hello smurphie,
Thanks for the list.
Would you please post a NEW HijackThis log so I may see if anything has changed since your first post.

Thank you,
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 14th, 2009, 11:10 pm

Turtledove....
Here you go. Hope it helps!!Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:39 PM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpenc.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: trueads search enhancer - {04D3B09C-972F-70B5-9A62-4E0B099182AC} - C:\WINDOWS\system32\fyjiewajwvluo.dll
O2 - BHO: trueads - {07b2b486-dcba-8285-7ea9-66cc07f1000b} - C:\WINDOWS\system32\nsn1EB.dll
O2 - BHO: (no name) - {10998ace-32d8-464d-821a-a001085d0967} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4459B80A-615D-48C0-BE97-84F862177DC9} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DCB32851-7528-48F9-A533-D6C6DAFFDB7B} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [Aim6] (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O20 - Winlogon Notify: urqnoli - urqnoli.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12459 bytes
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 16th, 2009, 5:41 pm

Hello smurphie,

Thank you for the new log.
***Please Copy/Print all instructions for easy reference and any times off line during the fixes**

First Step
REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire
Vuze


Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file sharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the program listed above (in red) NOW.

** Also Remove the following Java Programs From Add/Remove as they are outdated and open to vulnerabilities that cause infections.
We will update Java in another post later.

J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5


Second Step
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

In Reply Post:
log.txt
info.txt
Information on which Norton, you have as an older version is showing in your programs list, is a Firewall included?
Thank you
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 17th, 2009, 3:58 pm

info.txt logfile of random's system information tool 1.06 2009-05-17 15:51:01

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVIConverter Smart-->C:\Program Files\AVIConverter\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 1.47-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NAVShortcut-->MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Norton AntiVirus 2006 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus 2006-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Vuze-->C:\Program Files\Azureus\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost 127.0.0.1 www.yoog.com

======Security center information======

AV: Norton AntiVirus 2006 (outdated)
FW: Norton Internet Worm Protection

======System event log======

Computer Name: GOD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 33052
Source Name: Service Control Manager
Time Written: 20090510121134.000000-240
Event Type: error
User:

Computer Name: GOD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 33049
Source Name: Service Control Manager
Time Written: 20090510121134.000000-240
Event Type: error
User:

Computer Name: GOD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 33046
Source Name: Service Control Manager
Time Written: 20090510121134.000000-240
Event Type: error
User:

Computer Name: GOD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 33043
Source Name: Service Control Manager
Time Written: 20090510121134.000000-240
Event Type: error
User:

Computer Name: GOD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 33040
Source Name: Service Control Manager
Time Written: 20090510121134.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: GOD
Event Code: 20
Message:
Record Number: 19667
Source Name: Google Update
Time Written: 20090405072137.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GOD
Event Code: 20
Message:
Record Number: 19666
Source Name: Google Update
Time Written: 20090405062137.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GOD
Event Code: 20
Message:
Record Number: 19665
Source Name: Google Update
Time Written: 20090405052137.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GOD
Event Code: 20
Message:
Record Number: 19664
Source Name: Google Update
Time Written: 20090405042137.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GOD
Event Code: 20
Message:
Record Number: 19663
Source Name: Google Update
Time Written: 20090405032137.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: GOD
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: AOL

Path: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

State: Enabled

Scope: All subnets

Record Number: 54020
Source Name: Security
Time Written: 20090510115138.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: GOD
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: AOL

Path: C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

State: Enabled

Scope: All subnets

Record Number: 54019
Source Name: Security
Time Written: 20090510115138.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: GOD
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: Bonjour

Path: C:\Program Files\Bonjour\mDNSResponder.exe

State: Enabled

Scope: All subnets

Record Number: 54018
Source Name: Security
Time Written: 20090510115138.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: GOD
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: Azureus

Path: C:\Program Files\Azureus\Azureus.exe

State: Enabled

Scope: All subnets

Record Number: 54017
Source Name: Security
Time Written: 20090510115138.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: GOD
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: AOL

Path: C:\Program Files\America Online 9.0\waol.exe

State: Enabled

Scope: All subnets

Record Number: 54016
Source Name: Security
Time Written: 20090510115138.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by momma at 2009-05-17 15:50:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 88 GB (59%) free of 149 GB
Total RAM: 1022 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:55 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\momma\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\momma.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: trueads search enhancer - {04D3B09C-972F-70B5-9A62-4E0B099182AC} - C:\WINDOWS\system32\fyjiewajwvluo.dll
O2 - BHO: trueads - {07b2b486-dcba-8285-7ea9-66cc07f1000b} - C:\WINDOWS\system32\nsn1EB.dll
O2 - BHO: (no name) - {10998ace-32d8-464d-821a-a001085d0967} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4459B80A-615D-48C0-BE97-84F862177DC9} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {DCB32851-7528-48F9-A533-D6C6DAFFDB7B} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O20 - Winlogon Notify: urqnoli - urqnoli.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10668 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1228579750.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - momma.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Stud.job
C:\WINDOWS\tasks\Norton Security Scan for momma.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04D3B09C-972F-70B5-9A62-4E0B099182AC}]
trueads search enhancer - C:\WINDOWS\system32\fyjiewajwvluo.dll [2009-04-29 565248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b2b486-dcba-8285-7ea9-66cc07f1000b}]
trueads - C:\WINDOWS\system32\nsn1EB.dll [2009-04-29 688640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10998ace-32d8-464d-821a-a001085d0967}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4459B80A-615D-48C0-BE97-84F862177DC9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll [2009-03-02 38320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-12 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-12-08 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DCB32851-7528-48F9-A533-D6C6DAFFDB7B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll [2009-03-02 333208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-05-10 26112]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-11 53096]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-11 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqnoli]
urqnoli.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Stud\Desktop\wowclient-downloader.exe"="C:\Documents and Settings\Stud\Desktop\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\bqafibgf.exe"="C:\WINDOWS\system32\bqa"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Stud\Desktop\uTorrent.exe"="C:\Documents and Settings\Stud\Desktop\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Documents and Settings\Stud\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\Documents and Settings\Stud\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Stud\Desktop\wowclient-downloader(3).exe"="C:\Documents and Settings\Stud\Desktop\wowclient-downloader(3).exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a7b5c6e-c65d-11dd-aaf6-001372ea4da0}]
shell\AutoRun\command - I:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f335dc64-d6ad-11dd-ab07-001372ea4da0}]
shell\AutoRun\command - I:\WDSetup.exe


======List of files/folders created in the last 1 months======

2009-05-17 15:50:44 ----D---- C:\rsit
2009-05-15 13:37:37 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-05-15 13:35:54 ----D---- C:\Program Files\AIM6
2009-05-10 16:31:43 ----A---- C:\WINDOWS\imsins.BAK
2009-05-10 15:43:25 ----D---- C:\Program Files\Trend Micro
2009-05-09 10:14:25 ----D---- C:\Program Files\Common Files\PC Tools
2009-05-09 10:14:12 ----D---- C:\Program Files\Spyware Doctor
2009-05-09 10:14:12 ----D---- C:\Documents and Settings\momma\Application Data\PC Tools
2009-05-09 10:14:12 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-05-09 10:14:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-09 10:13:55 ----D---- C:\Program Files\Norton Security Scan
2009-04-29 10:47:52 ----A---- C:\WINDOWS\system32\fyjiewajwvluo.dll
2009-04-29 10:45:10 ----A---- C:\WINDOWS\system32\nsn1EB.dll
2009-04-21 09:23:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-21 09:21:48 ----D---- C:\Program Files\Adobe

======List of files/folders modified in the last 1 months======

2009-05-17 15:50:56 ----D---- C:\WINDOWS\Prefetch
2009-05-17 15:41:53 ----SHD---- C:\WINDOWS\Installer
2009-05-17 15:41:53 ----D---- C:\Config.Msi
2009-05-17 15:41:22 ----D---- C:\WINDOWS\system32
2009-05-17 15:40:22 ----D---- C:\WINDOWS\Temp
2009-05-17 15:40:00 ----D---- C:\Program Files\Java
2009-05-17 15:37:42 ----D---- C:\Documents and Settings\momma\Application Data\LimeWire
2009-05-17 15:37:29 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 15:37:25 ----D---- C:\Program Files\LimeWire
2009-05-17 15:25:42 ----SD---- C:\WINDOWS\Tasks
2009-05-17 15:25:41 ----D---- C:\WINDOWS\system32\drivers
2009-05-17 15:25:40 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-05-17 15:23:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 15:23:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-16 17:20:21 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-15 13:37:47 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-05-15 13:37:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-15 13:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-05-15 13:36:39 ----D---- C:\WINDOWS\WinSxS
2009-05-15 13:35:54 ----RD---- C:\Program Files
2009-05-15 08:45:10 ----D---- C:\Documents and Settings
2009-05-14 10:00:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-13 03:00:32 ----D---- C:\WINDOWS\Debug
2009-05-12 20:40:35 ----D---- C:\Program Files\CCleaner
2009-05-12 15:13:58 ----D---- C:\WINDOWS
2009-05-12 10:59:03 ----D---- C:\WINDOWS\system32\FxsTmp
2009-05-10 16:24:59 ----D---- C:\Program Files\Microsoft Office
2009-05-10 16:24:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-10 13:12:51 ----D---- C:\WINDOWS\system32\bbc1
2009-05-10 12:11:34 ----D---- C:\Documents and Settings\momma\Application Data\SUPERAntiSpyware.com
2009-05-10 12:11:31 ----D---- C:\Program Files\Common Files
2009-05-10 12:11:29 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-10 12:07:25 ----D---- C:\Temp
2009-05-10 11:57:53 ----D---- C:\Program Files\Outspark
2009-05-10 11:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\Outspark
2009-05-10 11:54:37 ----D---- C:\Program Files\Google
2009-05-08 16:31:08 ----D---- C:\Documents and Settings\momma\Application Data\Apple Computer
2009-05-08 10:10:24 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-05-07 03:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 08:09:54 ----HD---- C:\WINDOWS\inf
2009-04-30 10:24:33 ----D---- C:\Program Files\Windows Media Player
2009-04-30 09:24:02 ----A---- C:\WINDOWS\win.ini
2009-04-22 10:05:06 ----D---- C:\Program Files\Azureus
2009-04-21 09:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-21 09:26:43 ----D---- C:\Program Files\NOS
2009-04-21 09:23:32 ----D---- C:\Documents and Settings\momma\Application Data\Adobe
2009-04-21 09:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-21 09:22:51 ----D---- C:\Program Files\Common Files\Adobe
2009-04-21 09:07:45 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-05-10 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-03 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081009.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081009.003\NavEx15.Sys []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090325.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva143;XDva143; \??\C:\WINDOWS\system32\XDva143.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-03 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-02-11 191848]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-02-11 169320]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [2007-05-23 46704]
R2 SAVScan;Symantec AVScan; C:\Program Files\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SPBBCSvc;SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-14 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-09-08 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c98c0362dbb048;Google Update Service (gupdate1c98c0362dbb048); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 183280]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe [2008-09-10 28762]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Cannot uninstall Vuze. Error code about EXE4J_JAVA_HOME it tells me to download JRE. Maybe because I uninstalled the jave stuff first? I'm so over this. It's very frustrating to have to wait days & then go one step at a time. Is there a faster way? Another site? Anything?? Norton is out of date. Whatever firewall there is is what's already here. I cannot affort to update Norton or buy virus protection. Am out of work.
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 18th, 2009, 1:30 am

Hello smurphie,

Thanks for the logs.
I know you would like things done faster, but research takes time. It is the same at other forums, some busier than ours. We will do things in as brief a time as possible, but we also want to do it Right. Please be patient.

Please copy/Print the instructions for reference.
Please follow the directions in order given.


Step 1

Update Java Runtime:

The most current version of Sun Java is: Java Runtime Environment Version 6 Update13.
  • Go here to Update Java
  • Click on the link named Java Runtime Environment (JRE) 6 Update13
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 6 Runtime Environment, JRE or JSE) * Still Present*
  • Reboot your computer
  • Delete the folder C:\Program Files\jre1.6.0_05 if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer


Step 2

Next, please go to Add/Remove Programs and Uninstall if present:
Azureus
Kazaa
LimeWire
uTorrent


*If not there, go to c:\Program Files-->> Open each folder one at a time, and if there is an unins.exe or similar, run the uninstaller.
***Be careful of questions asked by an uninstaller, they often trick users into keeping the program.

Step 3
Remove Norton

Note : You should first attempt to remove your Norton product using Add/Remove Programs in the Windows Control Panel (Programs and Features, in Windows Vista). This is the best method. After uninstalling using Windows Add/Remove Programs, run the Norton Removal Tool to ensure successful removal of all Norton references.

    Please go to this -page- and select the product you have

      1 Download the Norton Removal Tool.
      Save the file to the Windows desktop.
      2 On the Windows desktop, double-click the Norton Removal Tool icon.
      3 Follow the on-screen instructions.
      Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.


Step 4
Here are some Free Anti Virus and Firewall items to choose from. Please only select one of each, as two AV or FW will conflict as well as slow down your computer.
*Please do NOT run the a scan yet, only install and exit.*
Antivirus: *Use only one*
AntiVir
AVAST! Anti-Virus

Needed Firewall: Monitors traffic IN and OUT Bound. Very Important. *Use only one*
Online Armor
Comodo Personal Firewall


Step 4

Next,we will run ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Post:
ComboFix.txt
New HijackThis

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 18th, 2009, 1:16 pm

ComboFix 09-05-17.08 - momma 05/18/2009 12:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.538 [GMT -4:00]
Running from: c:\documents and settings\momma\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\momma\nah_wxkw.exe
c:\program files\Adssite Advanced Toolbar
c:\program files\Internet Explorer\msimg32.dll
c:\program files\Mozilla Firefox\components\fyjiewajwvluo.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00032A4D
c:\program files\MyWebSearch\bar\Cache\022493F9
c:\program files\MyWebSearch\bar\Cache\0224960C
c:\program files\MyWebSearch\bar\Cache\022498FA.bin
c:\program files\MyWebSearch\bar\Cache\02249A71.bin
c:\program files\MyWebSearch\bar\Cache\02249C84.bin
c:\program files\MyWebSearch\bar\Cache\02249DAD.bin
c:\program files\MyWebSearch\bar\Cache\02294DC0.bin
c:\program files\MyWebSearch\bar\Cache\02294E7C.bin
c:\program files\MyWebSearch\bar\Cache\02294FC4.bin
c:\program files\MyWebSearch\bar\Cache\02295070.bin
c:\program files\MyWebSearch\bar\Cache\02C30A80
c:\program files\MyWebSearch\bar\Cache\0410FB55.bin
c:\program files\MyWebSearch\bar\Cache\0483D426.bin
c:\program files\MyWebSearch\bar\Cache\0483D56E.bin
c:\program files\MyWebSearch\bar\Cache\0483E1D2.bin
c:\program files\MyWebSearch\bar\Cache\0E49237A
c:\program files\MyWebSearch\bar\Cache\1129E5A5.bin
c:\program files\MyWebSearch\bar\Cache\11EC4D39
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\recycler\S-1-5-18\Dc16.dll
c:\recycler\S-1-5-18\Dc2.html
c:\recycler\S-1-5-18\Dc3.gif
c:\recycler\S-1-5-18\Dc6.gif
c:\recycler\S-1-5-18\Dc7.gif
c:\recycler\S-1-5-18\Dc8.dll
c:\recycler\S-1-5-18\Dc9.gif
c:\recycler\S-1-5-18\INFO2
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc10.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc11.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc12.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc13.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc14.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc15.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc16.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc17.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc18.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc19.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc20.avi
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc21.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc24.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc25.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc26.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc27.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc28.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc29.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc30.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc31.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc32.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc33.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc34.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc35.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc36.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc37.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc38.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc39.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc40.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc41.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc42.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc43.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc45.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc46.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc47.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc48.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc49.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc50.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc51.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc52.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc53.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc54.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc55.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc8.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc9.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\INFO2
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc1\surfing.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc1\Thumbs.db
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc10.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc11.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc12.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc13.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc14.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc15.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc16.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc17.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc18.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc19.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc2.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc20.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc21.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc22.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc23.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc24.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc25.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc26.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc27.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\.DS_Store
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt Slider.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt Sliderrrr.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt 1 Slider.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 s.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 sa.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 sagood.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 saw.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 saww.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 sgood.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt 12 Slider.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt 12 Sliderzz.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt 12.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt Slider.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00259.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00260.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00261.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00282.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00283.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00284.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00285.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00286.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00287.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00288.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00289.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00290.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00291.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00292.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00293.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00294.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00295.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00296.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00297.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00298.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00299.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00300.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00301.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00302.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00303.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00304.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00305.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00306.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00307.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00308.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00309.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00310.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00311.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00312.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00313.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00314.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00317.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00318.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00319.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00322.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00323.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00324.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00325.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00326.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00327.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00328.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00329.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00330.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00331.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00332.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00333.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00334.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00335.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00336.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00337.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00338.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00339.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00340.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00341.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00342.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00343.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00344.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00345.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00348.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00349.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00350.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00351.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00352.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00353.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00354.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00355.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00356.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00357.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00358.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00364.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00366.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00367.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00368.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00369.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00370.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00371.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00372.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00373.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00374.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00377.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00378.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00379.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00380.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00381.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00382.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00383.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00384.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00385.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00386.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00387.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00388.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00389.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00390.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\hpothb07.dat
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\hpothb07.tif
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\ladder rack goood.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\ladder rack gooood.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Ryobi cord.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\ryobi cordd.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\ryobi corddd.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Ryobi cordless.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Ryobi cordlesss.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Ryobi cordlessss.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Thumbs.db
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Truck rack good.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc3.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc4.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc5.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc6.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc7.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc8.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc9.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\INFO2
c:\temp\xOe
c:\temp\xOe\tOasF.log
c:\windows\b.exe
c:\windows\cookies.ini
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\b1
c:\windows\system32\bbc1
c:\windows\system32\cccdd.bak1
c:\windows\system32\cccdd.bak2
c:\windows\system32\cccdd.ini
c:\windows\system32\cccdd.ini2
c:\windows\system32\cccdd.tmp
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\jtvgiwvd.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\ss1
c:\windows\system32\vMW02a
c:\windows\system32\wyjhenli.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 16:11 . 2009-05-18 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-17 19:50 . 2009-05-17 19:51 -------- d-----w C:\rsit
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-05-15 17:35 . 2009-05-15 18:04 -------- d-----w c:\program files\AIM6
2009-05-10 19:43 . 2009-05-10 19:43 -------- d-----w c:\program files\Trend Micro
2009-05-09 14:14 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-09 14:14 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-09 14:14 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-09 14:14 . 2009-05-18 16:21 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-09 14:14 . 2009-05-18 16:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-29 14:47 . 2009-04-29 14:47 565248 ----a-w c:\windows\system32\fyjiewajwvluo.dll
2009-04-29 14:45 . 2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll
2009-04-21 13:23 . 2009-04-21 13:23 -------- d-----w c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 16:21 . 2007-08-16 19:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 16:08 . 2007-06-13 21:32 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 15:38 . 2009-04-09 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 15:38 . 2007-05-10 16:29 -------- d-----w c:\program files\Java
2009-05-13 00:40 . 2007-10-12 01:25 -------- d-----w c:\program files\CCleaner
2009-05-10 16:11 . 2007-10-12 00:50 -------- d-----w c:\documents and settings\momma\Application Data\SUPERAntiSpyware.com
2009-05-10 15:57 . 2008-05-19 05:20 -------- d-----w c:\program files\Outspark
2009-05-10 15:54 . 2007-05-10 16:37 -------- d-----w c:\program files\Google
2009-05-09 21:58 . 2008-11-05 14:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-06 14:51 . 2007-09-10 21:18 1842 ----a-w c:\documents and settings\momma\Application Data\wklnhst.dat
2009-04-27 12:33 . 2008-05-11 01:00 710 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\program files\NOS
2009-04-21 13:22 . 2007-06-30 05:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 01:08 . 2009-04-17 01:08 -------- d-----w c:\program files\AML Products
2009-04-15 00:12 . 2009-04-15 00:12 0 ---ha-w c:\documents and settings\Guest\hpothb07.dat
2009-04-07 02:03 . 2009-03-26 18:47 -------- d-----w c:\program files\iTunes
2009-04-07 02:02 . 2009-04-07 02:02 -------- d-----w c:\program files\iPod
2009-04-07 02:02 . 2007-08-16 17:15 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 01:55 . 2009-04-07 01:55 -------- d-----w c:\program files\Safari
2009-04-01 16:42 . 2008-07-08 14:22 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-04-01 16:14 . 2009-04-01 16:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-28 13:25 . 2007-06-15 21:04 -------- d-----w c:\program files\Apple Software Update
2009-03-26 18:46 . 2009-03-26 18:46 -------- d-----w c:\program files\Bonjour
2009-03-26 18:45 . 2009-03-26 18:45 -------- d-----w c:\program files\QuickTime
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-26 18:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-23 14:30 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-20 08:10 . 2004-08-10 17:51 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-10 17:51 81920 ----a-w c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-11-28 20:35 507904 3969440BA384D35317DBBDEEAAE641CE c:\windows\system32\winlogon.exe

[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-11-28 20:35 295424 63999D0ABD8DABFD76A9C07F6E104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04D3B09C-972F-70B5-9A62-4E0B099182AC}]
2009-04-29 14:47 565248 ----a-w c:\windows\system32\fyjiewajwvluo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b2b486-dcba-8285-7ea9-66cc07f1000b}]
2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-05-10 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/9/2009 10:14 AM 130424]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2007 6:47 PM 24652]
S2 gupdate1c98c0362dbb048;Google Update Service (gupdate1c98c0362dbb048);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 12:44 AM 133104]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 20:03]
.
- - - - ORPHANS REMOVED - - - -

BHO-{10998ace-32d8-464d-821a-a001085d0967} - (no file)
BHO-{4459B80A-615D-48C0-BE97-84F862177DC9} - (no file)
BHO-{DCB32851-7528-48F9-A533-D6C6DAFFDB7B} - (no file)
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
Notify-urqnoli - urqnoli.dll


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
FF - ProfilePath - c:\documents and settings\momma\Application Data\Mozilla\Firefox\Profiles\8dllqohr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 13:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3232)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-05-18 13:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-18 17:07

Pre-Run: 95,421,300,736 bytes free
Post-Run: 97,542,496,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

516 --- E O F --- 2009-05-13 07:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:35 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: trueads search enhancer - {04D3B09C-972F-70B5-9A62-4E0B099182AC} - C:\WINDOWS\system32\fyjiewajwvluo.dll
O2 - BHO: trueads - {07b2b486-dcba-8285-7ea9-66cc07f1000b} - C:\WINDOWS\system32\nsn1EB.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7895 bytes
Ok... I did it as you asked, TD. Here are the results. Thanks for responding so quickly. Let me know about the anti virus & firewall as now there are none running & I am getting pop ups all over the place. Thanks, Kathy
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby smurphie » May 18th, 2009, 1:16 pm

ComboFix 09-05-17.08 - momma 05/18/2009 12:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.538 [GMT -4:00]
Running from: c:\documents and settings\momma\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\momma\nah_wxkw.exe
c:\program files\Adssite Advanced Toolbar
c:\program files\Internet Explorer\msimg32.dll
c:\program files\Mozilla Firefox\components\fyjiewajwvluo.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00032A4D
c:\program files\MyWebSearch\bar\Cache\022493F9
c:\program files\MyWebSearch\bar\Cache\0224960C
c:\program files\MyWebSearch\bar\Cache\022498FA.bin
c:\program files\MyWebSearch\bar\Cache\02249A71.bin
c:\program files\MyWebSearch\bar\Cache\02249C84.bin
c:\program files\MyWebSearch\bar\Cache\02249DAD.bin
c:\program files\MyWebSearch\bar\Cache\02294DC0.bin
c:\program files\MyWebSearch\bar\Cache\02294E7C.bin
c:\program files\MyWebSearch\bar\Cache\02294FC4.bin
c:\program files\MyWebSearch\bar\Cache\02295070.bin
c:\program files\MyWebSearch\bar\Cache\02C30A80
c:\program files\MyWebSearch\bar\Cache\0410FB55.bin
c:\program files\MyWebSearch\bar\Cache\0483D426.bin
c:\program files\MyWebSearch\bar\Cache\0483D56E.bin
c:\program files\MyWebSearch\bar\Cache\0483E1D2.bin
c:\program files\MyWebSearch\bar\Cache\0E49237A
c:\program files\MyWebSearch\bar\Cache\1129E5A5.bin
c:\program files\MyWebSearch\bar\Cache\11EC4D39
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\recycler\S-1-5-18\Dc16.dll
c:\recycler\S-1-5-18\Dc2.html
c:\recycler\S-1-5-18\Dc3.gif
c:\recycler\S-1-5-18\Dc6.gif
c:\recycler\S-1-5-18\Dc7.gif
c:\recycler\S-1-5-18\Dc8.dll
c:\recycler\S-1-5-18\Dc9.gif
c:\recycler\S-1-5-18\INFO2
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc10.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc11.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc12.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc13.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc14.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc15.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc16.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc17.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc18.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc19.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc20.avi
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc21.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc24.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc25.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc26.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc27.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc28.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc29.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc30.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc31.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc32.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc33.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc34.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc35.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc36.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc37.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc38.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc39.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc40.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc41.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc42.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc43.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc45.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc46.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc47.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc48.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc49.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc50.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc51.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc52.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc53.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc54.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc55.ipa
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc8.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\Dc9.mp3
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-1006\INFO2
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc1\surfing.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc1\Thumbs.db
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc10.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc11.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc12.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc13.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc14.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc15.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc16.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc17.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc18.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc19.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc2.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc20.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc21.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc22.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc23.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc24.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc25.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc26.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc27.jpg
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\.DS_Store
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt Slider.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt Sliderrrr.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt 1 Slider.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 s.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 sa.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 sagood.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 saw.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 saww.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\dewalt 10 sgood.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt 12 Slider.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt 12 Sliderzz.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt 12.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Dewalt Slider.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00259.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00260.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00261.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00282.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00283.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00284.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00285.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00286.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00287.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00288.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00289.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00290.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00291.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00292.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00293.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00294.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00295.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00296.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00297.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00298.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00299.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00300.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00301.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00302.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00303.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00304.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00305.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00306.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00307.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00308.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00309.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00310.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00311.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00312.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00313.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00314.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00317.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00318.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00319.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00322.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00323.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00324.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00325.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00326.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00327.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00328.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00329.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00330.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00331.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00332.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00333.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00334.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00335.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00336.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00337.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00338.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00339.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00340.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00341.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00342.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00343.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00344.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00345.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00348.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00349.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00350.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00351.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00352.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00353.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00354.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00355.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00356.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00357.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00358.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00364.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00366.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00367.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00368.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00369.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00370.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00371.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00372.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00373.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00374.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00377.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00378.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00379.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00380.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00381.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00382.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00383.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00384.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00385.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00386.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00387.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00388.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00389.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\DSC00390.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\hpothb07.dat
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\hpothb07.tif
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\ladder rack goood.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\ladder rack gooood.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Ryobi cord.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\ryobi cordd.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\ryobi corddd.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Ryobi cordless.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Ryobi cordlesss.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Ryobi cordlessss.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Thumbs.db
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc28\Truck rack good.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc3.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc4.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc5.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc6.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc7.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc8.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\Dc9.JPG
c:\recycler\S-1-5-21-1450584279-1723378454-3865011881-501\INFO2
c:\temp\xOe
c:\temp\xOe\tOasF.log
c:\windows\b.exe
c:\windows\cookies.ini
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\b1
c:\windows\system32\bbc1
c:\windows\system32\cccdd.bak1
c:\windows\system32\cccdd.bak2
c:\windows\system32\cccdd.ini
c:\windows\system32\cccdd.ini2
c:\windows\system32\cccdd.tmp
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\jtvgiwvd.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\ss1
c:\windows\system32\vMW02a
c:\windows\system32\wyjhenli.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 16:11 . 2009-05-18 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-17 19:50 . 2009-05-17 19:51 -------- d-----w C:\rsit
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-05-15 17:35 . 2009-05-15 18:04 -------- d-----w c:\program files\AIM6
2009-05-10 19:43 . 2009-05-10 19:43 -------- d-----w c:\program files\Trend Micro
2009-05-09 14:14 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-09 14:14 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-09 14:14 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-09 14:14 . 2009-05-18 16:21 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-09 14:14 . 2009-05-18 16:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-29 14:47 . 2009-04-29 14:47 565248 ----a-w c:\windows\system32\fyjiewajwvluo.dll
2009-04-29 14:45 . 2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll
2009-04-21 13:23 . 2009-04-21 13:23 -------- d-----w c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 16:21 . 2007-08-16 19:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 16:08 . 2007-06-13 21:32 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 15:38 . 2009-04-09 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 15:38 . 2007-05-10 16:29 -------- d-----w c:\program files\Java
2009-05-13 00:40 . 2007-10-12 01:25 -------- d-----w c:\program files\CCleaner
2009-05-10 16:11 . 2007-10-12 00:50 -------- d-----w c:\documents and settings\momma\Application Data\SUPERAntiSpyware.com
2009-05-10 15:57 . 2008-05-19 05:20 -------- d-----w c:\program files\Outspark
2009-05-10 15:54 . 2007-05-10 16:37 -------- d-----w c:\program files\Google
2009-05-09 21:58 . 2008-11-05 14:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-06 14:51 . 2007-09-10 21:18 1842 ----a-w c:\documents and settings\momma\Application Data\wklnhst.dat
2009-04-27 12:33 . 2008-05-11 01:00 710 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\program files\NOS
2009-04-21 13:22 . 2007-06-30 05:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 01:08 . 2009-04-17 01:08 -------- d-----w c:\program files\AML Products
2009-04-15 00:12 . 2009-04-15 00:12 0 ---ha-w c:\documents and settings\Guest\hpothb07.dat
2009-04-07 02:03 . 2009-03-26 18:47 -------- d-----w c:\program files\iTunes
2009-04-07 02:02 . 2009-04-07 02:02 -------- d-----w c:\program files\iPod
2009-04-07 02:02 . 2007-08-16 17:15 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 01:55 . 2009-04-07 01:55 -------- d-----w c:\program files\Safari
2009-04-01 16:42 . 2008-07-08 14:22 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-04-01 16:14 . 2009-04-01 16:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-28 13:25 . 2007-06-15 21:04 -------- d-----w c:\program files\Apple Software Update
2009-03-26 18:46 . 2009-03-26 18:46 -------- d-----w c:\program files\Bonjour
2009-03-26 18:45 . 2009-03-26 18:45 -------- d-----w c:\program files\QuickTime
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-26 18:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-23 14:30 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-20 08:10 . 2004-08-10 17:51 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-10 17:51 81920 ----a-w c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-11-28 20:35 507904 3969440BA384D35317DBBDEEAAE641CE c:\windows\system32\winlogon.exe

[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-11-28 20:35 295424 63999D0ABD8DABFD76A9C07F6E104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04D3B09C-972F-70B5-9A62-4E0B099182AC}]
2009-04-29 14:47 565248 ----a-w c:\windows\system32\fyjiewajwvluo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b2b486-dcba-8285-7ea9-66cc07f1000b}]
2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-05-10 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/9/2009 10:14 AM 130424]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2007 6:47 PM 24652]
S2 gupdate1c98c0362dbb048;Google Update Service (gupdate1c98c0362dbb048);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 12:44 AM 133104]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 20:03]
.
- - - - ORPHANS REMOVED - - - -

BHO-{10998ace-32d8-464d-821a-a001085d0967} - (no file)
BHO-{4459B80A-615D-48C0-BE97-84F862177DC9} - (no file)
BHO-{DCB32851-7528-48F9-A533-D6C6DAFFDB7B} - (no file)
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
Notify-urqnoli - urqnoli.dll


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
FF - ProfilePath - c:\documents and settings\momma\Application Data\Mozilla\Firefox\Profiles\8dllqohr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 13:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3232)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-05-18 13:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-18 17:07

Pre-Run: 95,421,300,736 bytes free
Post-Run: 97,542,496,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

516 --- E O F --- 2009-05-13 07:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:35 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: trueads search enhancer - {04D3B09C-972F-70B5-9A62-4E0B099182AC} - C:\WINDOWS\system32\fyjiewajwvluo.dll
O2 - BHO: trueads - {07b2b486-dcba-8285-7ea9-66cc07f1000b} - C:\WINDOWS\system32\nsn1EB.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7895 bytes
Ok... I did it as you asked, TD. Here are the results. Thanks for responding so quickly. Let me know about the anti virus & firewall as now there are none running & I am getting pop ups all over the place. Thanks, Kathy
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 19th, 2009, 3:28 pm

Hello smurphie,
* Please copy/ print the following instructions.

Please click this link-->Jotti

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\windows\system32\winlogon.exe
C:\windows\system32\termsrv.dll



Repeat steps for all files on the list.

Please post back the results of the scans in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


Please Post the results, and do turn on your Firewall and Anti Virus.

Thank you
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby turtledove » May 22nd, 2009, 1:35 pm

Hello smurphie,


Are you still in need of assistance? Please let me know if there are any problems with my previous instructions.

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 22nd, 2009, 3:15 pm

Yes. I was offline for a couple of days. Sorry. I should've let you know. I am following your last directions now. My apologies.
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby smurphie » May 22nd, 2009, 3:28 pm

2009-05-22 Found nothing
[F-Secure Anti-Virus]
2009-05-22 Found nothing
[Emsisoft A-squared]
2009-05-22 Found nothing
[Ikarus]
2009-05-22 Found nothing
[Avast! antivirus]
2009-05-21 Found nothing
[Kaspersky Anti-Virus]
2009-05-22 Found nothing
[Grisoft AVG Anti-Virus]
2009-05-22 Found nothing
[ESET NOD32]
2009-05-22 Found nothing
[Avira AntiVir]
2009-05-22 Found nothing
[Norman Virus Control]
2009-05-22 Found nothing
[Softwin BitDefender]
2009-05-22 Found nothing
[Panda Antivirus]
2009-05-22 Found nothing
[ClamAV]
2009-05-22 Found nothing
[Quick Heal]
2009-05-22 Found nothing
[CPsecure]
2009-05-22 Found nothing
[Sophos]
2009-05-22 Found nothing
[Dr.Web]
2009-05-22 Found nothing
[VirusBlokAda VBA32]
2009-05-22 Found nothing
[Frisk F-Prot Antivirus]
2009-05-22 Found nothing
[VirusBuster]
2009-05-22 Found nothing
2009-05-22 Found nothing
[F-Secure Anti-Virus]
2009-05-22 Found nothing
[Emsisoft A-squared]
2009-05-22 Found nothing
[Ikarus]
2009-05-22 Found nothing
[Avast! antivirus]
2009-05-21 Found nothing
[Kaspersky Anti-Virus]
2009-05-22 Found nothing
[Grisoft AVG Anti-Virus]
2009-05-22 Found nothing
[ESET NOD32]
2009-05-22 Found nothing
[Avira AntiVir]
2009-05-22 Found nothing
[Norman Virus Control]
2009-05-22 Found nothing
[Softwin BitDefender]
2009-05-22 Found nothing
[Panda Antivirus]
2009-05-22 Found nothing
[ClamAV]
2009-05-22 Found nothing
[Quick Heal]
2009-05-22 Found nothing
[CPsecure]
2009-05-22 Found nothing
[Sophos]
2009-05-22 Found nothing
[Dr.Web]
2009-05-22 Found nothing
[VirusBlokAda VBA32]
2009-05-22 Found nothing
[Frisk F-Prot Antivirus]
2009-05-22 Found nothing
[VirusBuster]
2009-05-22 Found nothing

File size: 295424 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: 63999d0abd8dabfd76a9c07f6e104868
SHA1: 509689ba3edd2cfad361773708b72dc35f1c77b8

ile size: 507904 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 3969440ba384d35317dbbdeeaae641ce
SHA1: c87bb53e5dd5258e80df74ebd4f68aef193ea5af

Ok... here is the results of Jotti
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 24th, 2009, 3:42 am

Hello smurphie,
* Please copy/ print the following instructions.

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b2b486-dcba-8285-7ea9-66cc07f1000b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04D3B09C-972F-70B5-9A62-4E0B099182AC}]

Driver::
XDva143



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please run and save a New HijackThis Scan.

*Restart your Anti Virus and Firewall Programs. Just do not let them scan until we are done.*
Please post:
C:\ComboFix.txt
A New HijackThis log

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware