Free Malware Removal Forum

[rhoar]

Browser (IE8 and Firefox) keeps trying to redirect to various malicious sites.
Also can't open Lavasoft Ad-Aware or Spybot S&D.
I believe it was probably due to a Limewire download.

Steps taken:

Uninstalled Limewire
Cleaned registry with CCleaner
Quick Scan and Complete Scan using Malwarebytes' Anti-Malware found and cleaned 7 or 8 items

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:08 PM, on 06/20/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wudfhost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\wudfhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
G:\WebServer\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
G:\WebServer\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
G:\WebServer\bin\httpd.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\WebServer\bin\ApacheMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = G:\WebServer\bin\ApacheMonitor.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Dad\Desktop\InterCasino $$$.lnk (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Dad\Desktop\InterCasino $$$.lnk (HKCU)
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Share ... mCtl32.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/downl ... st_Win.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - http://dlm.tools.akamai.com/dlmanager/v ... .2.0.5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5548060687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9054257484
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniver ... _0_0_5.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dwStg32.dll
O20 - Winlogon Notify: 70798024620 - C:\WINDOWS\System32\dwStg32.dll
O23 - Service: Apache2.2 - Apache Software Foundation - G:\WebServer\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - G:\WebServer\MySQL\bin\mysqld-nt (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9732 bytes

Thanks,
Bob Hoar

[jmw3]

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is postedis ticked on the POST A REPLY page.

In the meantime please note the following:

• Any recommendations made are for your computer problems only and should NOT be used on any other computer.
• Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
  1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
  2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
• If you get stuck or are unsure of something please ask for a further explanation, do not guess.
• It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2

• Double-Click on dds.scr and a command window will appear. This is normal
• Shortly after two logs will appear, DDS.txt & Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Gmer
Download GMER Rootkit Scanner from here.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log

[rhoar]

Thanks for your help.

Here are the results:

DDS.txt

DDS (Ver_09-05-14.01) - NTFSx86
Run by Dad at 6:01:52.65 on 06/24/09
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.145 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090623-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
G:\WebServer\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
G:\WebServer\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WebServer\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\WebServer\bin\ApacheMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MetaTrader - Alpari (US)\terminal.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\WebServer\bin\ApacheMonitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Call Trace\ctrace.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dad\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {020B192B-60FC-4301-BFD4-9D86668D3FF8} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [P2kAutostart]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - g:\webserver\bin\ApacheMonitor.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
Trusted Zone: whataboutadog.com
Trusted Zone: musicmatch.com\online
DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} - hxxp://download.mcafee.com/molbin/Share ... mCtl32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} - hxxp://forms.real.com/real/player/downl ... st_Win.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.0.5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/ ... leaner.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/share ... insctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 5548060687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 9054257484
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX28.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/share ... cgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniver ... _0_0_5.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: 70798024620 - c:\windows\system32\dwStg32.dll
AppInit_DLLs: c:\windows\system32\dwStg32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - No File
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\ip9ng514.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.dx4all.net/|https://www.dxin ... 67d34fa404

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-7 114768]
R2 Apache2.2;Apache2.2;g:\webserver\bin\httpd.exe [2008-6-13 24635]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2005-12-13 138680]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2005-12-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2005-12-13 352920]
R3 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [2003-4-14 34240]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-10-24 42112]

=============== Created Last 30 ================

2009-06-23 14:26 0 a------- c:\windows\system32\2A.tmp
2009-06-23 14:26 0 a------- c:\windows\system32\139.tmp
2009-06-23 05:56 <DIR> --dsh--- c:\windows\system32\SystemX86
2009-06-21 17:36 0 a------- c:\windows\system32\E.tmp
2009-06-21 17:36 0 a------- c:\windows\system32\144.tmp
2009-06-20 21:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-20 18:26 <DIR> --d----- c:\docume~1\dad\applic~1\Malwarebytes
2009-06-20 18:26 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 18:26 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-20 18:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-20 18:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 15:02 <DIR> --dsh--- c:\documents and settings\dad\PrivacIE
2009-06-20 15:01 <DIR> --dsh--- c:\documents and settings\dad\IETldCache
2009-06-20 14:57 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-20 14:57 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-20 14:56 <DIR> --d----- c:\windows\ie8updates
2009-06-20 14:56 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-20 14:53 <DIR> -cd-h--- c:\windows\ie8
2009-06-20 14:16 <DIR> --d----- c:\program files\Lavasoft
2009-06-19 23:00 615 a------- c:\windows\system32\CzjEUUdRW2kCB7F.vbs
2009-06-19 22:59 0 a------- c:\windows\system32\20.tmp
2009-06-19 22:59 1,692 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-06-19 22:58 143,360 a------- c:\windows\system32\dwStg32.dll
2009-06-19 22:58 615 a------- c:\windows\system32\qzHRzZRG3iFqSan.vbs
2009-05-27 15:09 <DIR> --d----- c:\program files\MetaTrader - Alpari (US)

==================== Find3M ====================

2009-06-20 17:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-16 23:41 77,915 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 17:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 17:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-29 00:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-28 00:03 453,152 a------- c:\windows\system32\nvuninst.exe
2009-03-28 00:03 453,152 a------- c:\windows\system32\nvudisp.exe
2009-03-28 00:03 401,408 a------- c:\windows\system32\nvcuvid.dll
2006-04-27 09:46 6,036 a------- c:\docume~1\dad\applic~1\unins000.dat
2006-04-27 09:45 673,546 a------- c:\docume~1\dad\applic~1\unins000.exe

============= FINISH: 6:02:45.76 ===============

attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 01/11/07 4:24:29 PM
System Uptime: 06/21/09 10:26:26 PM (56 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 100 GiB total, 8.072 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 10 GiB total, 9.203 GiB free.
G: is FIXED (NTFS) - 342 GiB total, 287.293 GiB free.
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

23_24_2500Tour
2400
2400_2500Help
2400_2500trb
Ad-Aware SE Personal
Ad Word Analyzer
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
ADS Tech V3.6.1 Instant DVD CapWiz
AIME Tradesheet©
AiO_Scan
AIOMinimal
AiOSoftware
AOL Instant Messenger
Apache HTTP Server 2.2.9
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AudibleManager
avast! Antivirus
Banctec Service Agreement
Better Homes and Gardens Home Designer Suite 6.0
BitPim 0.9.13
Black Jack 1.1
Bonjour
Broadcom Advanced Control Suite 2
Call Trace
CCleaner (remove only)
Check Designer
CircuitMaker 6 Student
CleanUp!
ContentSAFER for Wizmax
Copy
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
CreativeProjects
Cribbage
Cribbage 2D
Critical Update for Windows Media Player 11 (KB959772)
CyberSky
Data Lifeguard Tools
DeductionPro 2006
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Director
DocProc
EasyCleaner
Edmark Mighty Math Number Heroes (remove)
exPressit S.E. 2.1
FA Addition Subtraction
Fax
FileZilla (remove only)
Fusion
GNU Backgammon 0.14.3-devel
GroupMail :: Free Edition
GSiteCrawler
GTK+ 2.8.9 runtime environment
HelloJWS
HepYek 1.0
Higher Score on the SAT/PSAT
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Update
hpmdtab
HPSSupply
HPSystemDiagnostics
InfraRecorder
InstantShare
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
InterActual Player
InterCasino
Internet Explorer Default Page
InterVideo WinDVD 7
iTunes
J2SE Development Kit 5.0 Update 6
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Jigs@w Puzzle
LabelCreator Pro
LADSPA_plugins-win-0.4.15
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
MetaTrader - Alpari (US) 4.00
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 2000
Microsoft XML Parser
Modem Event Monitor
Modem Helper
Modem On Hold
Motorola Driver Installation 3.7.0
Motorola Software Update
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
muvee autoProducer
My Way Search Assistant
MySpaceIM
MySQL Server 5.0
MySQL Tools for 5.0
Napster
Napster Burn Engine
NCH Toolbox
NVIDIA Drivers
NVIDIA PhysX v8.10.13
Nvu 1.0
OpenOffice.org 2.1
Overland
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Photo Click
PhotoGallery
PowerDVD 5.3
PrintScreen
PSP Video Express(remove only)
QFolder
QuickProjects
QuickTime
RadioButtonDemo
Readme
RealArcade
RealPlayer
Registry Mechanic 5.1
Rhapsody
Rhapsody Player Engine
Samsung Media Studio 5
Scan
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shop for HP Supplies
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Simple Search-Replace
SkinsHP1
SkinsHP2
Skype 2.5
SmartSound Quicktracks Plugin
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SoundMAX
SpongeBob SquarePants Typing
Spybot - Search & Destroy 1.4
SWiSHvideo2
Switch Sound File Converter
Symantec Technical Support Web Controls
TaxCut 2004
TaxCut Deluxe 2005
TaxCut Massachusetts 2007
TaxCut Massachusetts 2008
TaxCut Premium + State + Efile 2008
TaxCut Premium + State 2007
TaxCut Premium 2006
The GIMP 2.2.10
TrayApp
U.B. Funkeys
Ulead COOL 3D 3.0
Ulead DVD MovieFactory 2 SE
Ulead Straight-to-Disc SDK
Ulead VideoStudio 10
Uninstall Startup Inspector
Unload
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URGE
Wal-Mart Digital Photo Manager
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Winamp
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Marketplace upgrade options tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows Vista Upgrade Advisor
Windows XP Service Pack 3
WinRAR archiver
Wisdom-soft ScreenHunter 4.0 Free
Yahoo! Install Manager
Yahoo! SiteBuilder
ZENcast Organizer
Zeus Internet Marketing Robot 3.1.2
Zoo Tycoon: Complete Collection

==== Event Viewer Messages From Past Week ========

06/20/09 7:02:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
06/20/09 5:29:47 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
06/20/09 5:25:55 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
06/20/09 5:15:13 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================


Gmer.txt

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-24 06:38:56
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF52AF6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF52AF574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF52AFA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF52AF14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF52AF64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF52AF08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF52AF0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF52AF76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF52AF72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF52AF8AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.mfp@ MacromediaFlashPaper.MacromediaFlashPaper
Reg HKLM\SOFTWARE\Classes\.mfp@Content Type application/x-shockwave-flash
Reg HKLM\SOFTWARE\Classes\.sol@Content Type text/plain
Reg HKLM\SOFTWARE\Classes\.sor@Content Type text/plain
Reg HKLM\SOFTWARE\Classes\.spl@ ShockwaveFlash.ShockwaveFlash
Reg HKLM\SOFTWARE\Classes\.spl@Content Type application/futuresplash
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory@ Macromedia Flash Factory Object
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID@ {D27CDB70-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer@ FlashFactory.FlashFactory.1
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1@ Macromedia Flash Factory Object
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID@ {D27CDB70-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper@ Macromedia Flash Paper
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon@ C:\Program Files\Internet Explorer\IEXPLORE.EXE,-17
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome "%1"
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer@ ShockwaveFlash.ShockwaveFlash.10
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}

---- Files - GMER 1.0.15 ----

File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\explore6.htm 4052 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\explorer.htm 2057 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\javainfo.htm 1130 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\javainfo.jar 1425 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\mozilla.htm 2056 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\mozillau.htm 3382 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\netscape.htm 2967 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\wwhelp.htm 5139 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\indexsel.htm 2155 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\navigate.htm 2012 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelfsi.htm 1814 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelfss.htm 1814 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelini.htm 1228 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelmsg.htm 1168 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelnav.htm 2094 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelvie.htm 2505 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\tabs.htm 2063 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\wwhelp.htm 5283 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Call.xml 870 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Chat.xml 10434 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Chat_Room.xml 14473 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Config 0 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Config\Static.xml 68064 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\ContactsDetail.xml 2598 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\ContactsList.xml 6150 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\EventHistory.xml 902 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Images 0 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Images\10x10_2a518c.png 138 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Images\5x5_2a518c.png 135 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Skin.xml 5098 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Toast.xml 1655 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\UserDetail.xml 2782 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Voicemail.xml 884 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Call.xml 869 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Chat.xml 11157 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Chat_Room.xml 14945 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Common 0 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Common\UI_Bg.xml 440 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Config 0 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Config\Static.xml 66048 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\ContactsDetail.xml 2598 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\ContactsList.xml 6749 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\EventHistory.xml 901 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images 0 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Btn_Collapse-A_Dn.png 230 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Btn_Collapse-A_Up.png 232 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Mnu_Bg.png 197 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Win_Resize.png 218 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Skin.xml 5067 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Toast.xml 1496 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\UserDetail.xml 2782 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Voicemail.xml 883 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Call.xml 870 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Chat.xml 10434 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Chat_Room.xml 14452 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Common 0 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Common\UI_Bg.xml 5765 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Common\UI_Titlebar.xml 7273 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Config 0 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Config\Static.xml 68216 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\ContactsDetail.xml 2598 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\ContactsList.xml 7467 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\EventHistory.xml 902 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images 0 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Bg.png 231 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Bg_Down.png 249 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Bg_Grayed.png 208 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Bg_Roll.png 252 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Collapse-B_Dn.png 419 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Collapse-B_Up.png 419 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_CollapseGrp_Closed_Down.png 420 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_CollapseGrp_Closed_Up.png 431 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_CollapseGrp_Open_Down.png 423 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_CollapseGrp_Open_Up.png 424 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_DDL.png 490 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_DDL_Down.png 595 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_DDL_Roll.png 605 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Lt.png 330 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Lt_Down.png 442 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Lt_Grayed.png 274 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Lt_Roll.png 460 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Rt.png 341 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Rt_Down.png 460 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Rt_Grayed.png 299 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Mnu_Bg.png 199 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Bg.png 215 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Down.png 387 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Down_Roll.png 391 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_JumpDown.png 440 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_JumpDown_Down.png 457 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_JumpDown_Flash.png 464 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_JumpDown_Roll.png 431 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Knob_Bg.png 233 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Knob_Bt.png 288 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Knob_Md.png 357 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Knob_Tp.png 291 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Up.png 347 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Up_On.png 393 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Up_Roll.png 378 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Bg.png 427 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar.png 1706 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_Close.png 1001 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_Close_Down.png 1113 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_Close_Roll.png 1117 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_DDL.png 294 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_DDL_Down.png 689 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_DDL_Roll.png 706 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Avatar_Bg_55.png 556 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Bg_Bt.png 190 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Bg_Lt.png 189 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Bg_Rt.png 188 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Resize.png 270 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Rt_Roll.png 445 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Down_On.png 418 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\SelectUserInput_Bg.png 213 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Bg.png 261 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Bg_NoFocus.png 261 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Close.png 945 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Close_Down.png 1180 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Close_NoFocus.png 860 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Close_Roll.png 1173 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Min.png 663 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Min_Down.png 924 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Min_NoFocus.png 615 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Min_Roll.png 875 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Lt.png 656 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Lt_NoFocus.png 621 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Rt.png 629 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Rt_NoFocus.png 625 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Skin.xml 5088 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Toast.xml 1655 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\UserDetail.xml 2782 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Voicemail.xml 884 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\10x10_131313.png 138 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\5x5_131313.png 135 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations 0 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f01.png 334 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f02.png 374 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f03.png 375 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f04.png 367 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f05.png 372 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f06.png 389 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f07.png 384 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f08.png 376 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f09.png 359 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f10.png 384 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f11.png 384 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f12.png 378 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f13.png 379 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f14.png 387 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f15.png 382 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f16.png 371 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Bg_CmdBar.png 219 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Bg_Input.png 200 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_AlertsSound.png 621 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_AlertsSound_Down.png 864 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_AlertsSound_Roll.png 635 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Bg.png 224 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Bg_Down.png 221 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Bg_Roll.png 232 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_ChatViewToggle.png 590 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_ChatViewToggle_Down.png 587 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_ChatViewToggle_Roll.png 597 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_CloseSmall.png 499 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_CloseSmall_Down.png 469 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_CloseSmall_Roll.png 554 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Collapse-A_Dn.png 2860 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Collapse-A_Up.png 2857 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Collapse-B_Dn.png 2870 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Collapse-B_Up.png 2866 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL-B.png 235 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL-B_Down.png 317 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL-B_Roll.png 317 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL.png 345 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL_Down.png 354 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL_Roll.png 358 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_FindUser-B.png 467 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Grabber.png 247 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_Comments.png 497 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_Events.png 315 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_FRs.png 499 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_Messages.png 510 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_PicComments.png 483 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_Update.png 447 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_EventHistory.png 600 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Lt.png 460 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Lt_Down.png 435 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Lt_Roll.png 572 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Bg_Down.png 220 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Bg_Roll.png 222 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Lt.png 202 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Lt_Down.png 197 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Lt_Roll.png 201 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_RoomPicView.png 582 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_RoomPicView_Down.png 616 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_RoomPicView_Roll.png 617 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Rt.png 474 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Rt_Roll.png 612 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_No.png 2894 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_No_Down.png 2899 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_No_Roll.png 2967 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_Yes.png 2957 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_Yes_Down.png 2963 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_Yes_Roll.png 3087 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Chat_BalloonTail_Contact.png 261 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Ddl_Btn.png 2894 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Ddl_Btn_Down.png 2898 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_BlogComments.png 506 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Bg.png 223 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Rt_Down.png 458 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Ddl_Btn_Roll.png 2894 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Color.png 737 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Size_Down.png 568 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Ico_FindUser.png 424 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Mnu_Bg.png 2819 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_No.png 3089 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_No_Down.png 3089 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_No_Roll.png 3092 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_Yes.png 3162 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_Yes_Down.png 3148 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_Yes_Roll.png 3146 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bg.png 868 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bg_Down.png 893 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bg_Roll.png 873 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BIU.png 459 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BIU_Down.png 616 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BIU_Roll.png 500 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkColor.png 322 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkColor_Down.png 344 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkColor_Roll.png 332 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkPic.png 806 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkPic_Down.png 817 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkPic_Roll.png 813 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bold.png 391 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bold_Down.png 516 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bold_Roll.png 457 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Color_Down.png 726 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Color_Roll.png 756 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Emoticons.png 757 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Emoticons_Down.png 752 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Emoticons_Roll.png 768 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Family.png 349 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Family_Down.png 437 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Family_Roll.png 386 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_File.png 473 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_File_Down.png 500 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_File_Roll.png 468 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Italic.png 336 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Italic_Down.png 408 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Italic_Roll.png 341 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Size.png 424 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Size_Roll.png 491 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Underline.png 337 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Underline_Down.png 400 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Underline_Roll.png 342 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Zaps.png 546 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Zaps_Down.png 588 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Zaps_Roll.png 556 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Divider.png 195 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Bg.png 2823 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Down.png 3013 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Down_On.png 3013 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_JumpDown.png 416 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_JumpDown_Flash.png 578 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_JumpDown_On.png 417 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Knob_Bg.png 2823 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Knob_Bt.png 2854 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Knob_Md.png 2841 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Knob_Tp.png 2855 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Up.png 3008 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Up_On.png 3002 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Toast_Bg.png 2975 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Toast_Titlebar.png 389 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_Divider.png 2814 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_Logo.png 2769 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_Resize.png 201 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Close.png 3106 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Close_Down.png 3120 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Close_Roll.png 3120 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Min.png 2924 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Min_Down.png 2931 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Min_Roll.png 2931 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\BaseLua.lua 2424 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\DbUtils.lua 22806 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\Migration.lua 3564 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\Rdbms.lua 5031 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfo.lua 5379 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoAccess.lua 5155 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoGeneric.lua 5114 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoMaxdb.lua 12648 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoMssql.lua 12542 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoMysql.lua 45103 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoOracle.lua 13647 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoSybase.lua 13460 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsManagement.lua 9930 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\_library.lua 10785 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\_query.lua 5759 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\_textforms.lua 6120 bytes
File C:\Program Files\Nvu\defaults\wallet\DistinguishedSchema.tbl 201 bytes
File C:\Program Files\Nvu\defaults\wallet\FieldSchema.tbl 27605 bytes
File C:\Program Files\Nvu\defaults\wallet\PositionalSchema.tbl 1572 bytes
File C:\Program Files\Nvu\defaults\wallet\SchemaConcat.tbl 19660 bytes
File C:\Program Files\Nvu\defaults\wallet\SchemaStrings.tbl 1138 bytes
File C:\Program Files\Nvu\defaults\wallet\StateSchema.tbl 3985 bytes
File C:\Program Files\Nvu\defaults\wallet\VcardSchema.tbl 835 bytes
File C:\Program Files\Nvu\extensions\Extensions.rdf 1205 bytes
File C:\Program Files\Nvu\extensions\installed-extensions-processed.txt 45 bytes
File C:\Program Files\Nvu\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} 0 bytes
File C:\Program Files\Nvu\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\chrome 0 bytes
File C:\Program Files\Nvu\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf 1164 bytes
File C:\Program Files\Nvu\res\forms.css 11919 bytes
File C:\Program Files\Nvu\res\arrow.gif 49 bytes
File C:\Program Files\Nvu\res\arrowd.gif 52 bytes
File C:\Program Files\Nvu\res\bloatcycle.html 1015 bytes
File C:\Program Files\Nvu\res\broken-image.gif 165 bytes
File C:\Program Files\Nvu\res\builtin 0 bytes
File C:\Program Files\Nvu\res\charsetalias.properties 0 bytes
File C:\Program Files\Nvu\res\charsetData.properties 0 bytes
File C:\Program Files\Nvu\res\cmessage.txt 0 bytes
File C:\Program Files\Nvu\res\dtd 0 bytes
File C:\Program Files\Nvu\res\EditorOverride.css 0 bytes
File C:\Program Files\Nvu\res\entityTables 0 bytes
File C:\Program Files\Nvu\res\fonts 0 bytes

---- EOF - GMER 1.0.15 ----

[jmw3]

Hi

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

My Way Search Assistant

If some programs listed are not present, please do not panic
While in Add or Remove Programs, you should also remove the following outdated versions of Java as they are open to exploitation:
J2SE Development Kit 5.0 Update 6
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2
Link 3

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  A guide to do this can be found here
• Double click on ComboFix.exe & follow the prompts
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log
Update on how the computer is running

[rhoar]

I was unable to find My Way Search Assistant in Add/Remove Programs.

Also I was unable to remove any of the old versions of Java or Java SDK. I would get either a "fatal error during installation" message or an "invalid transform" message depending on which version I tried to remove.

Computer seems good so far. Not getting blocked site messages from avast, web browsers are acting normal.

Here are the results from Gmer:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-24 06:38:56
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF52AF6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF52AF574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF52AFA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF52AF14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF52AF64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF52AF08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF52AF0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF52AF76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF52AF72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF52AF8AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.mfp@ MacromediaFlashPaper.MacromediaFlashPaper
Reg HKLM\SOFTWARE\Classes\.mfp@Content Type application/x-shockwave-flash
Reg HKLM\SOFTWARE\Classes\.sol@Content Type text/plain
Reg HKLM\SOFTWARE\Classes\.sor@Content Type text/plain
Reg HKLM\SOFTWARE\Classes\.spl@ ShockwaveFlash.ShockwaveFlash
Reg HKLM\SOFTWARE\Classes\.spl@Content Type application/futuresplash
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory@ Macromedia Flash Factory Object
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID@ {D27CDB70-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer@ FlashFactory.FlashFactory.1
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1@ Macromedia Flash Factory Object
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID@ {D27CDB70-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper@ Macromedia Flash Paper
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon@ C:\Program Files\Internet Explorer\IEXPLORE.EXE,-17
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome "%1"
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer@ ShockwaveFlash.ShockwaveFlash.10
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}

---- Files - GMER 1.0.15 ----

File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\explore6.htm 4052 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\explorer.htm 2057 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\javainfo.htm 1130 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\javainfo.jar 1425 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\mozilla.htm 2056 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\mozillau.htm 3382 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\netscape.htm 2967 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\java\html\wwhelp.htm 5139 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\indexsel.htm 2155 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\navigate.htm 2012 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelfsi.htm 1814 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelfss.htm 1814 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelini.htm 1228 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelmsg.htm 1168 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelnav.htm 2094 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\panelvie.htm 2505 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\tabs.htm 2063 bytes
File C:\Program Files\MySoftware\CheckDesigner\Help\wwhelp\wwhimpl\js\html\wwhelp.htm 5283 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Call.xml 870 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Chat.xml 10434 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Chat_Room.xml 14473 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Config 0 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Config\Static.xml 68064 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\ContactsDetail.xml 2598 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\ContactsList.xml 6150 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\EventHistory.xml 902 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Images 0 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Images\10x10_2a518c.png 138 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Images\5x5_2a518c.png 135 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Skin.xml 5098 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Toast.xml 1655 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\UserDetail.xml 2782 bytes
File C:\Program Files\MySpace\IM\Skins\BlueNick\Voicemail.xml 884 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Call.xml 869 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Chat.xml 11157 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Chat_Room.xml 14945 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Common 0 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Common\UI_Bg.xml 440 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Config 0 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Config\Static.xml 66048 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\ContactsDetail.xml 2598 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\ContactsList.xml 6749 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\EventHistory.xml 901 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images 0 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Btn_Collapse-A_Dn.png 230 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Btn_Collapse-A_Up.png 232 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Mnu_Bg.png 197 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Win_Resize.png 218 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Skin.xml 5067 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Toast.xml 1496 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\UserDetail.xml 2782 bytes
File C:\Program Files\MySpace\IM\Skins\ClassicXP\Voicemail.xml 883 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Call.xml 870 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Chat.xml 10434 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Chat_Room.xml 14452 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Common 0 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Common\UI_Bg.xml 5765 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Common\UI_Titlebar.xml 7273 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Config 0 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Config\Static.xml 68216 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\ContactsDetail.xml 2598 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\ContactsList.xml 7467 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\EventHistory.xml 902 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images 0 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Bg.png 231 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Bg_Down.png 249 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Bg_Grayed.png 208 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Bg_Roll.png 252 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Collapse-B_Dn.png 419 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Collapse-B_Up.png 419 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_CollapseGrp_Closed_Down.png 420 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_CollapseGrp_Closed_Up.png 431 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_CollapseGrp_Open_Down.png 423 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_CollapseGrp_Open_Up.png 424 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_DDL.png 490 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_DDL_Down.png 595 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_DDL_Roll.png 605 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Lt.png 330 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Lt_Down.png 442 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Lt_Grayed.png 274 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Lt_Roll.png 460 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Rt.png 341 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Rt_Down.png 460 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Rt_Grayed.png 299 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Mnu_Bg.png 199 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Bg.png 215 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Down.png 387 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Down_Roll.png 391 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_JumpDown.png 440 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_JumpDown_Down.png 457 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_JumpDown_Flash.png 464 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_JumpDown_Roll.png 431 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Knob_Bg.png 233 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Knob_Bt.png 288 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Knob_Md.png 357 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Knob_Tp.png 291 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Up.png 347 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Up_On.png 393 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Up_Roll.png 378 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Bg.png 427 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar.png 1706 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_Close.png 1001 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_Close_Down.png 1113 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_Close_Roll.png 1117 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_DDL.png 294 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_DDL_Down.png 689 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Toast_Titlebar_Btn_DDL_Roll.png 706 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Avatar_Bg_55.png 556 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Bg_Bt.png 190 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Bg_Lt.png 189 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Bg_Rt.png 188 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Resize.png 270 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Btn_Rt_Roll.png 445 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Scroll_Down_On.png 418 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\SelectUserInput_Bg.png 213 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Bg.png 261 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Bg_NoFocus.png 261 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Close.png 945 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Close_Down.png 1180 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Close_NoFocus.png 860 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Close_Roll.png 1173 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Min.png 663 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Min_Down.png 924 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Min_NoFocus.png 615 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Btn_Min_Roll.png 875 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Lt.png 656 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Lt_NoFocus.png 621 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Rt.png 629 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Win_Titlebar_Rt_NoFocus.png 625 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Skin.xml 5088 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Toast.xml 1655 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\UserDetail.xml 2782 bytes
File C:\Program Files\MySpace\IM\Skins\NewBlue\Voicemail.xml 884 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\10x10_131313.png 138 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\5x5_131313.png 135 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations 0 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f01.png 334 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f02.png 374 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f03.png 375 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f04.png 367 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f05.png 372 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f06.png 389 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f07.png 384 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f08.png 376 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f09.png 359 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f10.png 384 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f11.png 384 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f12.png 378 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f13.png 379 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f14.png 387 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f15.png 382 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Loading_f16.png 371 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Bg_CmdBar.png 219 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Bg_Input.png 200 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_AlertsSound.png 621 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_AlertsSound_Down.png 864 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_AlertsSound_Roll.png 635 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Bg.png 224 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Bg_Down.png 221 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Bg_Roll.png 232 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_ChatViewToggle.png 590 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_ChatViewToggle_Down.png 587 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_ChatViewToggle_Roll.png 597 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_CloseSmall.png 499 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_CloseSmall_Down.png 469 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_CloseSmall_Roll.png 554 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Collapse-A_Dn.png 2860 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Collapse-A_Up.png 2857 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Collapse-B_Dn.png 2870 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Collapse-B_Up.png 2866 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL-B.png 235 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL-B_Down.png 317 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL-B_Roll.png 317 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL.png 345 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL_Down.png 354 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_DDL_Roll.png 358 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_FindUser-B.png 467 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Grabber.png 247 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_Comments.png 497 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_Events.png 315 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_FRs.png 499 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_Messages.png 510 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_PicComments.png 483 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_Update.png 447 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_EventHistory.png 600 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Lt.png 460 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Lt_Down.png 435 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Lt_Roll.png 572 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Bg_Down.png 220 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Bg_Roll.png 222 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Lt.png 202 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Lt_Down.png 197 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Lt_Roll.png 201 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_RoomPicView.png 582 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_RoomPicView_Down.png 616 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_RoomPicView_Roll.png 617 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Rt.png 474 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Rt_Roll.png 612 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_No.png 2894 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_No_Down.png 2899 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_No_Roll.png 2967 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_Yes.png 2957 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_Yes_Down.png 2963 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Cbx_Yes_Roll.png 3087 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Chat_BalloonTail_Contact.png 261 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Ddl_Btn.png 2894 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Ddl_Btn_Down.png 2898 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Ico_Alert_BlogComments.png 506 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Main_Bg.png 223 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Btn_Rt_Down.png 458 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Ddl_Btn_Roll.png 2894 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Color.png 737 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Size_Down.png 568 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Ico_FindUser.png 424 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Mnu_Bg.png 2819 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_No.png 3089 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_No_Down.png 3089 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_No_Roll.png 3092 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_Yes.png 3162 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_Yes_Down.png 3148 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Rbl_Yes_Roll.png 3146 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bg.png 868 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bg_Down.png 893 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bg_Roll.png 873 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BIU.png 459 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BIU_Down.png 616 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BIU_Roll.png 500 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkColor.png 322 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkColor_Down.png 344 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkColor_Roll.png 332 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkPic.png 806 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkPic_Down.png 817 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_BkPic_Roll.png 813 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bold.png 391 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bold_Down.png 516 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Bold_Roll.png 457 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Color_Down.png 726 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Color_Roll.png 756 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Emoticons.png 757 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Emoticons_Down.png 752 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Emoticons_Roll.png 768 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Family.png 349 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Family_Down.png 437 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Family_Roll.png 386 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_File.png 473 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_File_Down.png 500 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_File_Roll.png 468 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Italic.png 336 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Italic_Down.png 408 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Italic_Roll.png 341 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Size.png 424 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Size_Roll.png 491 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Underline.png 337 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Underline_Down.png 400 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Underline_Roll.png 342 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Zaps.png 546 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Zaps_Down.png 588 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Btn_Zaps_Roll.png 556 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\RTE_Divider.png 195 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Bg.png 2823 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Down.png 3013 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Down_On.png 3013 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_JumpDown.png 416 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_JumpDown_Flash.png 578 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_JumpDown_On.png 417 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Knob_Bg.png 2823 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Knob_Bt.png 2854 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Knob_Md.png 2841 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Knob_Tp.png 2855 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Up.png 3008 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Scroll_Up_On.png 3002 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Toast_Bg.png 2975 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Toast_Titlebar.png 389 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_Divider.png 2814 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_Logo.png 2769 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_Resize.png 201 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Close.png 3106 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Close_Down.png 3120 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Close_Roll.png 3120 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Min.png 2924 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Min_Down.png 2931 bytes
File C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Win_TitleBar_Btn_Min_Roll.png 2931 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\BaseLua.lua 2424 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\DbUtils.lua 22806 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\Migration.lua 3564 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\Rdbms.lua 5031 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfo.lua 5379 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoAccess.lua 5155 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoGeneric.lua 5114 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoMaxdb.lua 12648 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoMssql.lua 12542 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoMysql.lua 45103 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoOracle.lua 13647 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsInfoSybase.lua 13460 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\RdbmsManagement.lua 9930 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\_library.lua 10785 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\_query.lua 5759 bytes
File C:\Program Files\MySQL\MySQL Tools for 5.0\lua\_textforms.lua 6120 bytes
File C:\Program Files\Nvu\defaults\wallet\DistinguishedSchema.tbl 201 bytes
File C:\Program Files\Nvu\defaults\wallet\FieldSchema.tbl 27605 bytes
File C:\Program Files\Nvu\defaults\wallet\PositionalSchema.tbl 1572 bytes
File C:\Program Files\Nvu\defaults\wallet\SchemaConcat.tbl 19660 bytes
File C:\Program Files\Nvu\defaults\wallet\SchemaStrings.tbl 1138 bytes
File C:\Program Files\Nvu\defaults\wallet\StateSchema.tbl 3985 bytes
File C:\Program Files\Nvu\defaults\wallet\VcardSchema.tbl 835 bytes
File C:\Program Files\Nvu\extensions\Extensions.rdf 1205 bytes
File C:\Program Files\Nvu\extensions\installed-extensions-processed.txt 45 bytes
File C:\Program Files\Nvu\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} 0 bytes
File C:\Program Files\Nvu\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\chrome 0 bytes
File C:\Program Files\Nvu\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf 1164 bytes
File C:\Program Files\Nvu\res\forms.css 11919 bytes
File C:\Program Files\Nvu\res\arrow.gif 49 bytes
File C:\Program Files\Nvu\res\arrowd.gif 52 bytes
File C:\Program Files\Nvu\res\bloatcycle.html 1015 bytes
File C:\Program Files\Nvu\res\broken-image.gif 165 bytes
File C:\Program Files\Nvu\res\builtin 0 bytes
File C:\Program Files\Nvu\res\charsetalias.properties 0 bytes
File C:\Program Files\Nvu\res\charsetData.properties 0 bytes
File C:\Program Files\Nvu\res\cmessage.txt 0 bytes
File C:\Program Files\Nvu\res\dtd 0 bytes
File C:\Program Files\Nvu\res\EditorOverride.css 0 bytes
File C:\Program Files\Nvu\res\entityTables 0 bytes
File C:\Program Files\Nvu\res\fonts 0 bytes

---- EOF - GMER 1.0.15 ----


Thanks,
Bob

[jmw3]

Hello Bob

Could I see the ComboFix log please? You will find it at C:\ComboFix.txt. Copy/paste the contents in your next reply.

Thanks

[rhoar]

Sorry about that. I don't know what I was thinking. The combofix log is below:

ComboFix 09-06-23.01 - Dad 06/24/09 17:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.187 [GMT -4:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090624-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CzjEUUdRW2kCB7F.vbs
c:\windows\system32\dwStg32.dll
c:\windows\system32\qzHRzZRG3iFqSan.vbs
c:\documents and settings\Clean\Application Data\02000000aebf5f19620C.manifest
c:\documents and settings\Clean\Application Data\02000000aebf5f19620O.manifest
c:\documents and settings\Clean\Application Data\02000000aebf5f19620P.manifest
c:\documents and settings\Clean\Application Data\02000000aebf5f19620S.manifest
c:\documents and settings\Dad\Application Data\02000000aebf5f19620C.manifest
c:\documents and settings\Dad\Application Data\02000000aebf5f19620O.manifest
c:\documents and settings\Dad\Application Data\02000000aebf5f19620P.manifest
c:\documents and settings\Dad\Application Data\02000000aebf5f19620S.manifest
c:\program files\HP\Digital Imaging\bin\LFBMP13N.DLL
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\_000121_.tmp.dll
c:\windows\system32\_000122_.tmp.dll
c:\windows\system32\_000238_.tmp.dll
c:\windows\system32\_004194_.tmp.dll
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004207_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004212_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004236_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004254_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004256_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004258_.tmp.dll
c:\windows\system32\_004259_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004262_.tmp.dll
c:\windows\system32\_004263_.tmp.dll
c:\windows\system32\_004264_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004267_.tmp.dll
c:\windows\system32\_004269_.tmp.dll
c:\windows\system32\_004270_.tmp.dll
c:\windows\system32\_004271_.tmp.dll
c:\windows\system32\_004272_.tmp.dll
c:\windows\system32\_004274_.tmp.dll
c:\windows\system32\_004275_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_004277_.tmp.dll
c:\windows\system32\_004278_.tmp.dll
c:\windows\system32\_004279_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004282_.tmp.dll
c:\windows\system32\_004283_.tmp.dll
c:\windows\system32\_004284_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004287_.tmp.dll
c:\windows\system32\_004289_.tmp.dll
c:\windows\system32\_004291_.tmp.dll
c:\windows\system32\_004292_.tmp.dll
c:\windows\system32\_004293_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004298_.tmp.dll
c:\windows\system32\_004299_.tmp.dll
c:\windows\system32\_004301_.tmp.dll
c:\windows\system32\_004304_.tmp.dll
c:\windows\system32\_004306_.tmp.dll
c:\windows\system32\_004307_.tmp.dll
c:\windows\system32\_004308_.tmp.dll
c:\windows\system32\_004309_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004315_.tmp.dll
c:\windows\system32\_004316_.tmp.dll
c:\windows\system32\_004321_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\dwStg32.dll
c:\windows\system32\FTPx.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 20:52 . 2009-06-24 20:52 -------- d-sh--w- c:\windows\system32\SystemX86
2009-06-24 19:57 . 2009-06-24 19:57 -------- d-----w- c:\program files\HOTALBUMMyBOX
2009-06-21 01:48 . 2009-06-21 01:48 -------- d-----w- c:\program files\Trend Micro
2009-06-20 22:26 . 2009-06-20 22:26 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2009-06-20 22:26 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 22:26 . 2009-06-20 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 22:26 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-20 22:26 . 2009-06-20 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 21:25 . 2009-06-20 21:43 152576 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-20 21:04 . 2009-06-20 21:04 -------- d-sh--w- c:\documents and settings\Clean\PrivacIE
2009-06-20 21:02 . 2009-06-20 21:02 -------- d-sh--w- c:\documents and settings\Clean\IETldCache
2009-06-20 19:02 . 2009-06-20 19:02 -------- d-sh--w- c:\documents and settings\Dad\PrivacIE
2009-06-20 19:01 . 2009-06-20 19:01 -------- d-sh--w- c:\documents and settings\Dad\IETldCache
2009-06-20 18:57 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-20 18:57 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-20 18:56 . 2009-06-20 18:57 -------- d-----w- c:\windows\ie8updates
2009-06-20 18:56 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-20 18:53 . 2009-06-20 18:55 -------- dc-h--w- c:\windows\ie8
2009-06-20 18:16 . 2009-06-20 18:16 -------- d-----w- c:\program files\Lavasoft
2009-05-27 19:09 . 2009-05-27 19:20 -------- d-----w- c:\program files\MetaTrader - Alpari (US)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 19:57 . 2008-03-16 21:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 18:26 . 2009-06-23 18:26 0 ----a-w- c:\windows\system32\2A.tmp
2009-06-23 18:26 . 2009-06-23 18:26 0 ----a-w- c:\windows\system32\139.tmp
2009-06-21 21:36 . 2009-06-21 21:36 0 ----a-w- c:\windows\system32\E.tmp
2009-06-21 21:36 . 2009-06-21 21:36 0 ----a-w- c:\windows\system32\144.tmp
2009-06-21 02:20 . 2008-03-16 21:10 -------- d-----w- c:\program files\JetAudio
2009-06-21 02:20 . 2008-03-16 20:14 -------- d-----w- c:\documents and settings\Dad\Application Data\COWON
2009-06-20 23:38 . 2008-04-13 20:48 -------- d-----w- c:\program files\CCleaner
2009-06-20 21:45 . 2008-12-31 16:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 21:45 . 2008-03-16 21:08 -------- d-----w- c:\program files\Java
2009-06-20 21:23 . 2009-05-15 20:17 152576 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-20 19:16 . 2008-03-16 21:11 -------- d-----w- c:\program files\LimeWire
2009-06-20 18:53 . 2005-01-05 21:29 62312 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 18:14 . 2008-03-16 20:14 -------- d-----w- c:\documents and settings\Dad\Application Data\Lavasoft
2009-06-20 02:59 . 2009-06-20 02:59 0 ----a-w- c:\windows\system32\20.tmp
2009-05-27 18:53 . 2009-05-01 23:06 -------- d-----w- c:\program files\MetaTrader 4
2009-05-17 03:41 . 2004-08-10 19:13 77915 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-05-17 02:53 . 2009-05-17 02:53 -------- d-----w- c:\program files\Windows Resource Kits
2009-05-13 05:15 . 2004-08-12 14:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:56 . 2009-05-12 21:55 8 ----a-w- c:\windows\system32\nvModes.dat
2009-05-12 21:54 . 2009-05-12 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-12 21:34 . 2009-05-12 21:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-12 21:34 . 2009-05-12 21:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-07 15:32 . 2009-05-17 02:19 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2009-05-17 02:19 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-12 14:04 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 19:02 . 2009-04-12 19:02 4761896 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Downloads\TaxCutMA.exe
2009-04-12 18:59 . 2009-04-12 18:57 29813256 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US68017101cupd.exe
2009-03-28 04:03 . 2009-05-12 21:15 453152 ----a-w- c:\windows\system32\nvuninst.exe
2009-03-28 04:03 . 2009-05-12 21:15 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-03-28 04:03 . 2009-03-28 04:03 401408 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-20 23:35 . 2005-08-24 21:08 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-06-20 23:35 . 2005-08-24 21:08 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-06-20 23:35 . 2008-05-28 01:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-06-20 23:35 . 2008-05-28 01:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-06-20 23:35 . 2005-08-24 21:08 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-12-13 17:49 . 2007-09-06 10:06 79224 c:\program files\Alwil Software\Avast4\bak\ashDisp.exe
2005-12-13 17:49 . 2009-02-05 21:08 81000 c:\program files\Alwil Software\Avast4\ashDisp.exe

2004-12-31 05:13 . 2004-06-30 19:33 1388544 c:\program files\Analog Devices\SoundMAX\bak\SMax4PNP.exe

2004-12-31 05:13 . 2004-08-25 18:52 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2004-06-16 12:03 . 2004-06-16 12:03 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

2004-06-16 10:03 . 2004-06-16 10:03 221184 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

2005-02-20 23:43 . 2005-12-26 00:13 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2004-01-07 06:01 . 2004-01-07 06:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

2006-12-20 19:36 . 2006-03-08 13:56 278528 c:\program files\Creative\MediaSource5\bak\MtdAcqu.exe

2007-03-15 15:09 . 2007-03-15 15:09 460784 c:\program files\DellSupport\bak\DSAgnt.exe

2005-02-17 03:11 . 2005-02-17 03:11 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

2005-01-12 19:54 . 2005-01-12 19:54 241664 c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe

2004-12-31 05:13 . 2004-03-23 18:16 135168 c:\program files\Intel\Intel Application Accelerator\bak\iaanotif.exe

2004-12-31 05:14 . 2003-09-04 02:12 221184 c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe

2005-10-18 16:58 . 2005-10-18 16:58 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2008-11-20 18:20 . 2008-11-20 18:20 290088 c:\program files\iTunes\iTunesHelper.exe

2007-09-27 12:57 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2005-08-26 15:47 . 2005-08-26 15:52 11538 c:\program files\Liberty BASIC v4.02\BAK\ladybug.bak

2005-08-26 14:44 . 2005-08-26 14:55 217943 c:\program files\Liberty BASIC v4.02\BAK\lb4tutorial.bak

2005-08-26 15:44 . 2005-08-26 15:44 2708 c:\program files\Liberty BASIC v4.02\BAK\untitled.bak

2005-04-07 17:07 . 2005-08-12 21:16 1121792 c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe

2006-09-01 20:57 . 2006-09-01 20:57 282624 c:\program files\QuickTime\bak\qttask.exe
2008-11-04 15:30 . 2008-11-04 15:30 413696 c:\program files\QuickTime\QTTask.exe

2006-04-29 22:10 . 2006-03-07 04:52 36864 c:\program files\Ulead Systems\Ulead VideoStudio 10\bak\uvPL.exe

2006-11-03 23:20 . 2006-11-03 23:20 866584 c:\program files\Windows Defender\bak\MSASCui.exe

2004-08-12 13:56 . 2004-08-12 13:56 15360 c:\windows\SYSTEM32\bak\ctfmon.exe
2004-08-12 13:56 . 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe

2007-03-20 20:56 . 2004-11-16 05:05 127035 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"P2kAutostart"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-12-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Monitor Apache Servers.lnk - g:\webserver\bin\ApacheMonitor.exe [2008-6-13 41041]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_client_release.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [04/07/08 3:12 PM 114768]
R2 Apache2.2;Apache2.2;g:\webserver\bin\httpd.exe [06/13/08 4:05 AM 24635]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [04/07/08 3:12 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/03/06 7:19 PM 13592]
R3 DVR2INS;ADS Instant DVD 2.0;c:\windows\SYSTEM32\DRIVERS\dvr2ins.sys [04/14/03 6:42 PM 34240]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [10/24/08 8:29 PM 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2008-04-13 00:12]

2008-09-20 c:\windows\Tasks\$~$Sys1$.job
- c:\windows\System32\SchedSvc.dll [2008-04-13 00:12]

2008-09-20 c:\windows\Tasks\$~$Sys2$.job
- c:\windows\System32\SchedSvc.dll [2008-04-13 00:12]

2009-05-17 c:\windows\Tasks\$~$Sys3$.job
- c:\windows\System32\SchedSvc.dll [2008-04-13 00:12]

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2005-02-06 c:\windows\Tasks\HP DArC Task 2005-01-12 09:20ewlett-Packard2005-01-12 09:20p psc 2400 series1A27E83E7A731CB1FD8ABAD5272A9B91E11387A6104970546.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2005-01-12 19:54]

2009-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aol.com\free
Trusted Zone: whataboutadog.com
Trusted Zone: musicmatch.com\online
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 17:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Dad\LOCALS~1\Temp\Perflib_Perfdata_5c8.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"g:\webserver\MySQL\bin\mysqld-nt\" --defaults-file=\"g:\webserver\MySQL\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
g:\webserver\MySQL\bin\mysqld-nt.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\msiexec.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-24 17:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 21:40

Pre-Run: 8,529,903,616 bytes free
Post-Run: 9,522,343,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
355 --- E O F --- 2009-06-22 17:13

[jmw3]

Hi
Apologies for the late reply. I needed to get some clarification on some things in your ComboFix log.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all

File::
c:\windows\system32\2A.tmp
c:\windows\system32\139.tmp
c:\windows\system32\E.tmp
c:\windows\system32\144.tmp
c:\windows\system32\20.tmp
Folder::
c:\windows\system32\SystemX86
c:\program files\LimeWire
c:\program files\Alwil Software\Avast4\bak
c:\program files\Analog Devices\SoundMAX\bak
c:\program files\ATI Technologies\ATI Control Panel\bak
c:\program files\Common Files\InstallShield\UpdateService\bak
c:\program files\Common Files\Real\Update_OB\bak
c:\program files\HP\HP Software Update\bak
c:\program files\Intel\Intel Application Accelerator\bak
c:\program files\iTunes\bak
c:\program files\Java\jre1.6.0_02\bin\bak
c:\program files\Liberty BASIC v4.02\BAK
c:\program files\McAfee\SpamKiller\bak
c:\program files\QuickTime\bak
c:\program files\Ulead Systems\Ulead VideoStudio 10\bak
c:\program files\Windows Defender\bak
c:\windows\SYSTEM32\bak
c:\windows\SYSTEM32\dla\bak
AWF::
c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
c:\program files\Creative\MediaSource5\bak\MtdAcqu.exe
c:\program files\DellSupport\bak\DSAgnt.exe
c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe
c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"=-
DDS::
Trusted Zone: aol.com\free
Trusted Zone: whataboutadog.com
Trusted Zone: musicmatch.com\online

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

See if you can unistall all the old Java versions now. If not then try this:

JavaRa
Download JavaRa Here & unzip it to your desktop.
***Close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program
• From the drop-down menu, choose English and click on Select
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK
• A logfile will pop up. Save it to a convenient location
• Click on Additional Tasks then tick Remove Useless JRE Files
• Click Go then OK when prompted & close the program

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<

• Read through the requirements and privacy statement and click on Accept button
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
• When the downloads have finished, click on Settings
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan
• Once the scan is complete, it will display the results. Click on View Scan Report
• You will see a list of infected items there. Click on Save Report As...
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
• Please post this log in your next reply

To post in next reply:
ComboFix log
Kaspersky Scan log

[rhoar]

I was able to remove the old java versions ,except J2SE Develepmont Kit, w/ JavaRa.

ComboFix Log:

ComboFix 09-06-25.01 - Dad 06/25/09 21:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.275 [GMT -4:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\139.tmp"
"c:\windows\system32\144.tmp"
"c:\windows\system32\20.tmp"
"c:\windows\system32\2A.tmp"
"c:\windows\system32\E.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software\Avast4\bak\ashDisp.exe
c:\program files\Analog Devices\SoundMAX\bak
c:\program files\Analog Devices\SoundMAX\bak\SMax4PNP.exe
c:\program files\ATI Technologies\ATI Control Panel\bak
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\Common Files\InstallShield\UpdateService\bak
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
c:\program files\Common Files\Real\Update_OB\bak
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\HP\HP Software Update\bak
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\Intel\Intel Application Accelerator\bak
c:\program files\Intel\Intel Application Accelerator\bak\iaanotif.exe
c:\program files\iTunes\bak
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Liberty BASIC v4.02\BAK
c:\program files\Liberty BASIC v4.02\BAK\ladybug.bak
c:\program files\Liberty BASIC v4.02\BAK\lb4tutorial.bak
c:\program files\Liberty BASIC v4.02\BAK\untitled.bak
c:\program files\LimeWire
c:\program files\LimeWire\limewire.m3u
c:\program files\McAfee\SpamKiller\bak
c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe
c:\program files\QuickTime\bak
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Ulead Systems\Ulead VideoStudio 10\bak
c:\program files\Ulead Systems\Ulead VideoStudio 10\bak\uvPL.exe
c:\program files\Windows Defender\bak
c:\program files\Windows Defender\bak\MSASCui.exe
c:\windows\system32\139.tmp
c:\windows\system32\144.tmp
c:\windows\system32\20.tmp
c:\windows\system32\2A.tmp
c:\windows\SYSTEM32\bak
c:\windows\SYSTEM32\bak\ctfmon.exe
c:\windows\SYSTEM32\dla\bak
c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
c:\windows\system32\E.tmp
c:\windows\system32\SystemX86
c:\windows\system32\SystemX86\147.tmp
c:\program files\Alwil Software\Avast4\bak . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-24 21:37 . 2009-06-24 21:37 -------- d-----w- c:\windows\system32\dllcache\cache
2009-06-24 19:57 . 2009-06-24 19:57 -------- d-----w- c:\program files\HOTALBUMMyBOX
2009-06-21 01:48 . 2009-06-21 01:48 -------- d-----w- c:\program files\Trend Micro
2009-06-20 22:26 . 2009-06-20 22:26 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2009-06-20 22:26 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 22:26 . 2009-06-20 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 22:26 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-20 22:26 . 2009-06-20 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 21:25 . 2009-06-20 21:43 152576 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-20 21:04 . 2009-06-20 21:04 -------- d-sh--w- c:\documents and settings\Clean\PrivacIE
2009-06-20 21:02 . 2009-06-20 21:02 -------- d-sh--w- c:\documents and settings\Clean\IETldCache
2009-06-20 19:02 . 2009-06-20 19:02 -------- d-sh--w- c:\documents and settings\Dad\PrivacIE
2009-06-20 19:01 . 2009-06-20 19:01 -------- d-sh--w- c:\documents and settings\Dad\IETldCache
2009-06-20 18:57 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-20 18:57 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-20 18:56 . 2009-06-20 18:57 -------- d-----w- c:\windows\ie8updates
2009-06-20 18:56 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-20 18:53 . 2009-06-20 18:55 -------- dc-h--w- c:\windows\ie8
2009-06-20 18:16 . 2009-06-20 18:16 -------- d-----w- c:\program files\Lavasoft
2009-05-27 19:09 . 2009-05-27 19:20 -------- d-----w- c:\program files\MetaTrader - Alpari (US)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 01:32 . 2008-03-16 21:22 -------- d-----w- c:\program files\Windows Defender
2009-06-26 01:32 . 2008-03-16 21:14 -------- d-----w- c:\program files\QuickTime
2009-06-26 01:32 . 2008-03-16 21:11 -------- d-----w- c:\program files\Liberty BASIC v4.02
2009-06-26 01:32 . 2008-03-16 21:08 -------- d-----w- c:\program files\iTunes
2009-06-26 01:26 . 2008-03-16 21:06 -------- d-----w- c:\program files\DellSupport
2009-06-25 03:01 . 2008-03-16 21:08 -------- d-----w- c:\program files\Java
2009-06-24 19:57 . 2008-03-16 21:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 02:20 . 2008-03-16 21:10 -------- d-----w- c:\program files\JetAudio
2009-06-21 02:20 . 2008-03-16 20:14 -------- d-----w- c:\documents and settings\Dad\Application Data\COWON
2009-06-20 23:38 . 2008-04-13 20:48 -------- d-----w- c:\program files\CCleaner
2009-06-20 21:45 . 2008-12-31 16:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 21:23 . 2009-05-15 20:17 152576 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-20 18:53 . 2005-01-05 21:29 62312 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 18:14 . 2008-03-16 20:14 -------- d-----w- c:\documents and settings\Dad\Application Data\Lavasoft
2009-05-27 18:53 . 2009-05-01 23:06 -------- d-----w- c:\program files\MetaTrader 4
2009-05-17 03:41 . 2004-08-10 19:13 77915 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-05-17 02:53 . 2009-05-17 02:53 -------- d-----w- c:\program files\Windows Resource Kits
2009-05-13 05:15 . 2004-08-12 14:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:56 . 2009-05-12 21:55 8 ----a-w- c:\windows\system32\nvModes.dat
2009-05-12 21:54 . 2009-05-12 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-12 21:34 . 2009-05-12 21:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-12 21:34 . 2009-05-12 21:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-07 15:32 . 2009-05-17 02:19 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2009-05-17 02:19 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-12 14:04 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 19:02 . 2009-04-12 19:02 4761896 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Downloads\TaxCutMA.exe
2009-04-12 18:59 . 2009-04-12 18:57 29813256 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US68017101cupd.exe
2009-03-28 04:03 . 2009-05-12 21:15 453152 ----a-w- c:\windows\system32\nvuninst.exe
2009-03-28 04:03 . 2009-05-12 21:15 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-03-28 04:03 . 2009-03-28 04:03 401408 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-20 23:35 . 2005-08-24 21:08 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-06-20 23:35 . 2005-08-24 21:08 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-06-20 23:35 . 2008-05-28 01:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-06-20 23:35 . 2008-05-28 01:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-06-20 23:35 . 2005-08-24 21:08 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-24_21.34.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 01:34 . 2009-06-26 01:34 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2009-06-26 01:34 . 2009-06-26 01:34 16384 c:\windows\Temp\Perflib_Perfdata_1d4.dat
+ 2009-06-24 21:37 . 2008-10-16 19:09 51224 c:\windows\SYSTEM32\DLLCACHE\cache\wuauclt.exe
+ 2009-06-24 21:37 . 2008-04-14 00:12 82432 c:\windows\SYSTEM32\DLLCACHE\cache\ws2_32.dll
+ 2009-06-24 21:37 . 2008-04-14 00:12 26112 c:\windows\SYSTEM32\DLLCACHE\cache\userinit.exe
+ 2009-06-24 21:37 . 2008-04-14 00:12 14336 c:\windows\SYSTEM32\DLLCACHE\cache\svchost.exe
+ 2009-06-24 21:37 . 2008-04-14 00:12 57856 c:\windows\SYSTEM32\DLLCACHE\cache\spoolsv.exe
+ 2009-06-24 21:37 . 2008-04-14 00:12 17408 c:\windows\SYSTEM32\DLLCACHE\cache\powrprof.dll
+ 2009-06-24 21:37 . 2008-04-14 00:12 13312 c:\windows\SYSTEM32\DLLCACHE\cache\lsass.exe
+ 2009-06-24 21:37 . 2008-04-13 18:39 24576 c:\windows\SYSTEM32\DLLCACHE\cache\kbdclass.sys
+ 2009-06-24 21:37 . 2008-04-13 18:53 36608 c:\windows\SYSTEM32\DLLCACHE\cache\ip6fw.sys
+ 2009-06-24 21:37 . 2008-04-14 00:12 15360 c:\windows\SYSTEM32\DLLCACHE\cache\ctfmon.exe
+ 2009-06-24 21:37 . 2008-04-14 00:12 507904 c:\windows\SYSTEM32\DLLCACHE\cache\winlogon.exe
+ 2009-06-24 21:37 . 2009-05-13 05:15 915456 c:\windows\SYSTEM32\DLLCACHE\cache\wininet.dll
+ 2009-06-24 21:37 . 2008-04-14 00:12 578560 c:\windows\SYSTEM32\DLLCACHE\cache\user32.dll
+ 2009-06-24 21:37 . 2008-04-14 00:12 295424 c:\windows\SYSTEM32\DLLCACHE\cache\termsrv.dll
+ 2009-06-24 21:37 . 2008-06-20 11:51 361600 c:\windows\SYSTEM32\DLLCACHE\cache\tcpip.sys
+ 2009-06-24 21:37 . 2009-02-06 11:11 110592 c:\windows\SYSTEM32\DLLCACHE\cache\services.exe
+ 2009-06-24 21:37 . 2008-04-13 19:20 182656 c:\windows\SYSTEM32\DLLCACHE\cache\ndis.sys
+ 2009-06-24 21:37 . 2009-03-21 14:06 989696 c:\windows\SYSTEM32\DLLCACHE\cache\kernel32.dll
+ 2009-06-24 21:37 . 2008-04-14 00:11 110080 c:\windows\SYSTEM32\DLLCACHE\cache\imm32.dll
+ 2009-06-24 21:37 . 2008-04-14 00:12 1614848 c:\windows\SYSTEM32\DLLCACHE\cache\sfcfiles.dll
+ 2009-06-24 21:37 . 2009-02-06 11:06 2145280 c:\windows\SYSTEM32\DLLCACHE\cache\ntoskrnl.exe
+ 2009-06-24 21:37 . 2009-02-06 10:32 2023936 c:\windows\SYSTEM32\DLLCACHE\cache\ntkrnlpa.exe
+ 2009-06-24 21:37 . 2008-04-14 00:12 1033728 c:\windows\SYSTEM32\DLLCACHE\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-12-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Monitor Apache Servers.lnk - g:\webserver\bin\ApacheMonitor.exe [2008-6-13 41041]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_client_release.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [04/07/08 3:12 PM 114768]
R2 Apache2.2;Apache2.2;g:\webserver\bin\httpd.exe [06/13/08 4:05 AM 24635]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [04/07/08 3:12 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/03/06 7:19 PM 13592]
R3 DVR2INS;ADS Instant DVD 2.0;c:\windows\SYSTEM32\DRIVERS\dvr2ins.sys [04/14/03 6:42 PM 34240]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [10/24/08 8:29 PM 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2008-04-13 00:12]

2008-09-20 c:\windows\Tasks\$~$Sys1$.job
- c:\windows\System32\SchedSvc.dll [2008-04-13 00:12]

2008-09-20 c:\windows\Tasks\$~$Sys2$.job
- c:\windows\System32\SchedSvc.dll [2008-04-13 00:12]

2009-05-17 c:\windows\Tasks\$~$Sys3$.job
- c:\windows\System32\SchedSvc.dll [2008-04-13 00:12]

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2005-02-06 c:\windows\Tasks\HP DArC Task 2005-01-12 09:20ewlett-Packard2005-01-12 09:20p psc 2400 series1A27E83E7A731CB1FD8ABAD5272A9B91E11387A6104970546.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2005-01-12 19:54]

2009-06-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 21:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"g:\webserver\MySQL\bin\mysqld-nt\" --defaults-file=\"g:\webserver\MySQL\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(836)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WudfHost.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
g:\webserver\MySQL\bin\mysqld-nt.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\msiexec.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-26 21:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 01:40
ComboFix2.txt 2009-06-24 21:40

Pre-Run: 9,900,310,528 bytes free
Post-Run: 9,895,931,904 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
273 --- E O F --- 2009-06-25 22:53


Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 26, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, June 26, 2009 03:30:21
Records in database: 2389954
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 198689
Threat name: 6
Infected objects: 7
Suspicious objects: 9
Duration of the scan: 04:25:09


File name / Threat name / Threats count
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 6
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Paylap.bg 1
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\paypal.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\paypal.dbx Infected: Trojan-Spy.HTML.Paylap.dl 1
C:\Documents and Settings\Dad\My Documents\My Videos\daylight slaving time.mpg Infected: Trojan-Downloader.WMA.GetCodec.p 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_dwStg32_.dll.zip Infected: P2P-Worm.Win32.Nugg.bk 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000356.dll Infected: P2P-Worm.Win32.Nugg.bk 1

The selected area was scanned.

[jmw3]

Hi

ComboFix log looks good. Kaspersky scan is telling us you may have som infected emails:

C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 6
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Paylap.bg 1
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\paypal.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\Dad\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\paypal.dbx Infected: Trojan-Spy.HTML.Paylap.dl 1

Unfortunately it does not tell us which emails may be infected, though they appear to be in the Inbox & a PayPal folder?? I would suggest cleaning out all folders in Outlook Express keeping only what you deem to be important.

Delete Files & Folders
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete them (some may not be present after previous steps):

C:\Documents and Settings\Dad\My Documents\My Videos\daylight slaving time.mpg

Malwarebytes' Anti-Malware

• Open Malwarebytes Anti-Malware, click the Update tab then Check for Updates
• If an update is found, it will download and install the latest version & data base version
• Once the program has updated click the Scanner tab, select Perform full scan then click Scan
• When the scan is complete, click OK, then Show Results to view the results
• Be sure that everything is checked, and click Remove Selected
• When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
  Note:
• The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tab

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once & does not need to be reported unless it returns on future reboots.

Are you still getting error messages when trying to uninstall J2SE Development Kit 5.0 Update 6? If so what are they?
To post in next reply:
Malwarebytes log
Update on how the computer is running

[rhoar]

Deleted C:\Documents and Settings\Dad\My Documents\My Videos\daylight slaving time.mpg

Deleted Paypal folder in Outlook Express and most of the messages in Inbox

Finally able to remove J2SE Development Kit 5.0 Update 6

Computer seems to be running fine. No blocked sites. No redirects when browsing the web. Everything seems normal.

Here's the Malwarebytes log:


Malwarebytes' Anti-Malware 1.38
Database version: 2340
Windows 5.1.2600 Service Pack 3

06/26/09 6:31:19 PM
mbam-log-2009-06-26 (18-31-19).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 306786
Time elapsed: 52 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp1\A0000356.dll (Trojan.Tracur) -> Quarantined and deleted successfully.


Thanks,
Bob

[jmw3]

Hello Bob

Computer seems to be running fine. No blocked sites. No redirects when browsing the web. Everything seems normal.

Excellent... Good to hear.

Update Spybot Search & Destroy
I see your Spybot Search & Destroy is out of date. The most current version is Spybot Search & Destroy 1.6.0. If you want to continue using this program I would recommend uninstalling the outdated version/s of Spybot & downloading & installing the new version.
You can download Spybot Search & Destroy 1.6.0 Here.

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version: Adobe Reader 9.1
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 3 instead from http://www.foxitsoftware.com/pdf/rd_intro.php

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove Combofix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /u
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
DDS.scr
JavaRa
The Gmer.exe file (it will be randomly named .exe file)
Any logs that may have been saved to your desktop
If you haven't already done so, open Malwarebytes' Anti-Malware, click Quarantine then Delete All. Close the program.
You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis

• Double click HijackThis.exe
• From the Main menu click Open the Misc Tools section
• Using the scroll bar, scroll down to Uninstall HijackThis
• Click Uninstall HijackThis & exit then click Yes at the prompt

You can either keep or delete ATF-Cleaner. It's a handy tool for cleaning out temporary folders.

All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here. I would recommend scanning with this at least once a week.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work):

• A short distance down the page in the centre, click on the Download button
• Agree to the license
• On the next page, to the right side of where it says Download Estimates, right click on the underlined word Hosts Manager choose Save Target As and download the installer Hosts20setup.exe to your desktop
• Double click the Installer on your desktop and let it Install the Hosts Manager
• After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
• When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
• Click Disable DNS Service. This is important
• In the Left Pane, click Download
• It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save

You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Web of Trust
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and Internet Explorer.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums

[NonSuch]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.