Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help

Unread postby joannefromwork » June 21st, 2009, 5:53 pm

help with virus
joannefromwork
Active Member
 
Posts: 14
Joined: June 21st, 2009, 5:04 pm
Advertisement
Register to Remove

Re: help

Unread postby Axephilic » June 22nd, 2009, 2:26 pm

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

Download HijackThis
  • Download HJTInstall.exe to your desktop and run it.
  • Following the on-screen prompts.
  • After the installation has finished, browse to C:\Program Files\Trend Micro
  • Now start HijackThis.
  • Click Do a system scan and save a log file.
  • Post the log file here. (Notepad will automatically open with the log file once HijackThis! has finished scanning). Do not attach the log file.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: help

Unread postby joannefromwork » June 23rd, 2009, 10:27 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:15 PM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Application Data\pcdefender.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\criss.dll/sp.html#10213%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {006D0367-56A7-6546-49D8-7B6D4D791008} - (no file)
O2 - BHO: (no name) - {007A6846-97DC-92B1-9E5A-E8BBFBC955C7} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00B78A2F-66BE-9875-FBF9-E1F486C65401} - (no file)
O2 - BHO: (no name) - {01575B9F-13D1-712F-6453-1A4855B87338} - (no file)
O2 - BHO: (no name) - {0285204B-8462-73CB-ADC6-BEB4CDC9ED99} - (no file)
O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)
O2 - BHO: (no name) - {03433DF4-52B3-D7BA-CE65-5B6EADF47ABE} - (no file)
O2 - BHO: (no name) - {0398569A-F6D9-89D9-F9B7-ADD52E2E6CE9} - (no file)
O2 - BHO: (no name) - {0408BD9F-FBE0-566C-EBDA-DBC97DA7E144} - (no file)
O2 - BHO: (no name) - {042575C4-89CE-6A75-2FA8-6D9D7DB2B344} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0722E1E7-9CF5-22E4-20A0-89CFDD194B32} - (no file)
O2 - BHO: (no name) - {0846276E-4539-F77E-477A-1EF23204BFBA} - (no file)
O2 - BHO: (no name) - {0847B820-A398-4483-B942-36760D79FD59} - (no file)
O2 - BHO: (no name) - {08672C48-A150-AFA8-7101-3AF575D1EB75} - (no file)
O2 - BHO: (no name) - {091C4038-4788-1043-264B-D7631428A6CA} - (no file)
O2 - BHO: (no name) - {0B945A0E-5A30-2CC6-C0B3-D102E3D0FBCD} - (no file)
O2 - BHO: (no name) - {0D74D509-86ED-D9B2-0B70-264B010B3016} - (no file)
O2 - BHO: (no name) - {0DCB9E68-E0DA-5BCC-27DD-E95405C09A42} - (no file)
O2 - BHO: (no name) - {0E09149B-AF00-347C-FBA9-72BF9910B01C} - (no file)
O2 - BHO: (no name) - {0FC10DA6-621C-EEAE-0E43-CB4CCFC5B848} - (no file)
O2 - BHO: (no name) - {0FF735ED-18CB-AF19-21F7-AC40587668DD} - (no file)
O2 - BHO: (no name) - {10123428-A96D-94DF-C71E-72AD4E1826F7} - (no file)
O2 - BHO: (no name) - {11370574-D9D8-E8CA-D626-4D6350899CDF} - (no file)
O2 - BHO: (no name) - {11897CC4-53D0-91EC-CD00-264D5155B63E} - (no file)
O2 - BHO: (no name) - {12FA8EE3-A02B-CF1E-DA5F-AEB55869AB79} - (no file)
O2 - BHO: (no name) - {150DD6A2-741C-3AC1-86EF-B9F0211447BA} - (no file)
O2 - BHO: (no name) - {15E2E41C-150E-DE06-1B0B-17338DEDCF17} - (no file)
O2 - BHO: (no name) - {169ABCBE-6762-3759-96F3-9CB54E0F3180} - (no file)
O2 - BHO: (no name) - {16D4CBB8-F877-9359-8EAD-E66E92B5C746} - (no file)
O2 - BHO: (no name) - {1792B9FA-3E36-BF91-3865-81817401288F} - (no file)
O2 - BHO: (no name) - {17AF3D30-061C-15C3-F3DD-FF77212FA819} - (no file)
O2 - BHO: (no name) - {19915FBD-83F1-27DA-3219-B044C7088F73} - (no file)
O2 - BHO: (no name) - {19925772-DE39-9691-D57F-EDB5A0FE9C94} - (no file)
O2 - BHO: (no name) - {1AF59910-7EE1-072B-A5CE-DCC5213E655E} - (no file)
O2 - BHO: (no name) - {1D0D8469-DE38-6B08-0B53-CEC13868F0DB} - (no file)
O2 - BHO: (no name) - {1DFC720A-AB9E-FEAE-2659-8F202D6BFB10} - (no file)
O2 - BHO: (no name) - {1E1674D2-E929-6572-0A8F-011D1685381B} - (no file)
O2 - BHO: (no name) - {1EB56009-AF4A-F988-33DF-14DB193479ED} - (no file)
O2 - BHO: (no name) - {1F538EA8-B9CA-F988-6EE4-567DFA2D8761} - (no file)
O2 - BHO: (no name) - {1F9CE5DA-289C-2E20-1D11-2FA0CC12FBA6} - (no file)
O2 - BHO: (no name) - {23422573-6529-05F3-758A-83DFD576733B} - (no file)
O2 - BHO: (no name) - {234598CB-5651-C6B2-5F18-5E60FF9E4057} - (no file)
O2 - BHO: (no name) - {255C0A8C-FFCB-9E14-D824-A3CA6BB01C10} - (no file)
O2 - BHO: (no name) - {25B7934D-6070-5C5F-2B54-43F1C4F8F773} - (no file)
O2 - BHO: (no name) - {27C21ADB-5220-7AE7-F703-FC7FC5F20739} - (no file)
O2 - BHO: (no name) - {28223167-A6CC-2F8F-758F-1F424FBB380E} - (no file)
O2 - BHO: (no name) - {288490AB-B9EF-D3C0-464C-36A4F2E0FE93} - (no file)
O2 - BHO: Class - {29FC7713-0FBF-1255-5EAC-A7424B375C72} - C:\WINDOWS\system32\apich32.dll (file missing)
O2 - BHO: (no name) - {2ABBD56B-11A6-D514-E153-52F711D31C89} - (no file)
O2 - BHO: (no name) - {2AD24E17-DC95-0574-2570-F62AB80C0093} - (no file)
O2 - BHO: (no name) - {2B6EC21E-CA49-C0FD-8F90-B7E4F4625626} - (no file)
O2 - BHO: (no name) - {2C0087A1-5D6B-3765-B30B-8A302FBA4596} - (no file)
O2 - BHO: (no name) - {2CF3BB33-A8D7-079C-312F-ABCFF55DD77D} - (no file)
O2 - BHO: (no name) - {2CFF1A43-5FD6-E2DC-32A4-463460127E12} - (no file)
O2 - BHO: (no name) - {2DA97AF8-D336-F788-CDA7-8EC1522A9322} - (no file)
O2 - BHO: (no name) - {2FA09459-FBD9-B08C-81EF-6EA62F5DB101} - (no file)
O2 - BHO: (no name) - {302BD18C-5709-F540-1484-1D5734FA8BCE} - (no file)
O2 - BHO: (no name) - {30A95DF7-FBEA-D763-E682-9D786EF30062} - (no file)
O2 - BHO: (no name) - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - (no file)
O2 - BHO: (no name) - {31504A42-7F23-2B60-97E8-0A7435E36855} - (no file)
O2 - BHO: (no name) - {31C94FA3-13E4-1D4B-B350-6A09F9B4EDDA} - (no file)
O2 - BHO: (no name) - {322C211D-6009-B07E-961D-2717AF0D733B} - (no file)
O2 - BHO: (no name) - {32CEA936-E07D-3518-1265-BED8174E16CE} - (no file)
O2 - BHO: (no name) - {34563B77-50A7-B32B-750C-907E592AD1F7} - (no file)
O2 - BHO: (no name) - {34A8CD29-0291-456B-C7E0-3FD293B0AE90} - (no file)
O2 - BHO: (no name) - {35E6F3EB-98D4-8805-B758-063AEB55AB54} - (no file)
O2 - BHO: (no name) - {366B2B49-46A5-CC46-2F98-6DD344CC10DF} - (no file)
O2 - BHO: (no name) - {3708D630-F75A-A94E-CC74-1A00A8A13D28} - (no file)
O2 - BHO: (no name) - {37CF5456-717A-C95A-6D5F-7653A2E09649} - (no file)
O2 - BHO: (no name) - {38C7E16E-F3BB-831A-1230-372B1E0B4CDF} - (no file)
O2 - BHO: (no name) - {38D49E75-22AD-792C-2E36-24F44A9A7E2D} - (no file)
O2 - BHO: (no name) - {38EA0CAA-4D49-69DB-E8BB-183E8C5DF74E} - (no file)
O2 - BHO: (no name) - {3966C64B-A81F-E339-FCB7-FADA509397A0} - (no file)
O2 - BHO: (no name) - {39DE0716-6F8E-C7E3-C153-96F9D87C6701} - (no file)
O2 - BHO: (no name) - {3BBF5CF1-894A-B6F8-92B6-EFB8F4B6478F} - (no file)
O2 - BHO: (no name) - {3C69E401-83BA-7846-3959-9348791DBFD2} - (no file)
O2 - BHO: (no name) - {3C6CC514-0686-8D4A-3795-115CE35C21E9} - (no file)
O2 - BHO: (no name) - {3D0423F1-07E5-F3F2-99CC-1F7A196C6518} - (no file)
O2 - BHO: (no name) - {3E5873BE-1492-F72B-6B5A-6BFA24C941F4} - (no file)
O2 - BHO: (no name) - {3E7E5F4A-D54C-BA7F-16E3-59118D0D4537} - (no file)
O2 - BHO: (no name) - {3E9299CE-589B-4D8F-1BB7-1BB410CBAC8C} - (no file)
O2 - BHO: (no name) - {3EE97F31-5E94-78B0-8A51-18BEDACA18C9} - (no file)
O2 - BHO: (no name) - {3F787872-61C2-E14A-5458-CFF5381DEA94} - (no file)
O2 - BHO: (no name) - {40435204-5FF3-A72D-C4F6-26F9B7CF3238} - (no file)
O2 - BHO: (no name) - {41D2B4DA-7A72-4D83-2AB1-ABC9369BAC74} - (no file)
O2 - BHO: (no name) - {426F9880-9CAD-66DD-F6D8-7B9E676227E9} - (no file)
O2 - BHO: (no name) - {427DC0FE-1732-761D-24CD-41DBCD4FA0C4} - (no file)
O2 - BHO: (no name) - {456A6CEE-8316-4A72-DFA8-73971797E2FD} - (no file)
O2 - BHO: (no name) - {4572D733-0BB8-CDBF-7B5C-C350E3677E41} - (no file)
O2 - BHO: (no name) - {4658D29C-3757-D839-4290-F6B07C07A97C} - (no file)
O2 - BHO: (no name) - {47AC66D0-CE97-D311-E35F-40428823161F} - (no file)
O2 - BHO: (no name) - {4821F0A9-6325-2CAF-5670-EDC8BD318C5D} - (no file)
O2 - BHO: (no name) - {483BB598-6B58-345A-9D87-E58BE73678B1} - (no file)
O2 - BHO: (no name) - {4873121D-827E-1BD4-1A2C-B5A0C13C9785} - (no file)
O2 - BHO: (no name) - {498499E4-2F9A-DCBE-1470-CEC340E0B528} - (no file)
O2 - BHO: (no name) - {49F8F604-B7AC-5876-933A-2E3729E47B49} - (no file)
O2 - BHO: (no name) - {4AA78A1C-2787-A2EF-75B3-675D072C942A} - (no file)
O2 - BHO: (no name) - {4B49C233-41E6-542A-7DCB-BB3C0869BABE} - (no file)
O2 - BHO: (no name) - {4B4BF72B-6C7F-079E-30DB-E0CDC91EBCF6} - (no file)
O2 - BHO: (no name) - {4BFC7FE6-B35F-3704-E7D3-2A70AD25A4A7} - (no file)
O2 - BHO: (no name) - {4D3C3AFE-BB7F-ECE3-B414-B58B6B0A02B0} - (no file)
O2 - BHO: (no name) - {4D7C2D84-2B00-146D-CAF2-38E8743204A2} - (no file)
O2 - BHO: (no name) - {4D9B404B-055C-B793-064E-D6C64CC0CE64} - (no file)
O2 - BHO: (no name) - {4E367784-F4CD-00AD-8490-A4619B7AAF21} - (no file)
O2 - BHO: (no name) - {4ED85423-FEC4-7CF6-EF19-3934F47AD27B} - (no file)
O2 - BHO: (no name) - {4EE57E98-2B5C-B792-7B77-6A09FFB2DB5D} - (no file)
O2 - BHO: (no name) - {4F5FD300-8951-6232-0D6D-80B285FE1802} - (no file)
O2 - BHO: (no name) - {50AB10A9-D9E5-C675-37D6-7214CC18DEDC} - (no file)
O2 - BHO: (no name) - {51367E92-AA2E-16A5-49FF-93BFC70C151B} - (no file)
O2 - BHO: (no name) - {513E86B0-D516-B255-E656-DEF35121232E} - (no file)
O2 - BHO: (no name) - {5143F0E1-B003-516B-A5FE-961EDECF25BE} - (no file)
O2 - BHO: (no name) - {514AD317-D072-49A6-8F45-BCC1983F2289} - (no file)
O2 - BHO: (no name) - {52CD0F8D-B479-321E-14B5-AAC47839633C} - (no file)
O2 - BHO: (no name) - {52F8F9CD-14A9-B376-D6F1-0CF3B6100277} - (no file)
O2 - BHO: (no name) - {5341F52F-9CCF-343D-25AE-3C3DC70625D1} - (no file)
O2 - BHO: (no name) - {5364ABD3-3300-341C-1D26-05C46F9627DD} - (no file)
O2 - BHO: (no name) - {545644A9-6FBE-18E7-255E-29EE10D8F3B7} - (no file)
O2 - BHO: (no name) - {5485EF8B-02AF-D770-F042-41C97146169F} - (no file)
O2 - BHO: (no name) - {55C2A982-5FB8-705D-AB13-7616770AA2ED} - (no file)
O2 - BHO: (no name) - {55FDE9FB-433B-10B5-55CC-366744EC0C21} - (no file)
O2 - BHO: (no name) - {5677AA14-4828-04F9-BE46-9B83A0F0652F} - (no file)
O2 - BHO: (no name) - {5713EC5F-5F51-7D50-B10E-763DD1BC0ABC} - (no file)
O2 - BHO: (no name) - {589C2260-26D5-FF39-DD1D-9A4F791A1C96} - (no file)
O2 - BHO: (no name) - {595AD4D2-88BB-5563-8BB4-F6F7AC5BB382} - (no file)
O2 - BHO: (no name) - {5973AE8B-B1D4-58C7-0629-E633DD3F8550} - (no file)
O2 - BHO: (no name) - {5A0FBFB4-9E43-D3EA-1A21-B85429F80041} - (no file)
O2 - BHO: (no name) - {5A0FD565-802B-E900-AEE8-0B54D63166B3} - (no file)
O2 - BHO: (no name) - {5AC1207D-C0DC-989C-3C2A-6A2FD0424A63} - (no file)
O2 - BHO: (no name) - {5ADBC662-7902-CAC4-D18A-CD699FB2A6CD} - (no file)
O2 - BHO: (no name) - {5B608D3F-ABAC-DD59-87F8-B4D199FA3D0E} - (no file)
O2 - BHO: (no name) - {5C32B1F7-AC71-BBEE-CC0B-2FA5E116AA6C} - (no file)
O2 - BHO: (no name) - {5D1F9D91-369E-9436-1F3D-1D229ECB536B} - (no file)
O2 - BHO: (no name) - {5E401E95-F815-BE2D-118F-4939794C5869} - (no file)
O2 - BHO: (no name) - {61B9FC5F-C646-B4CB-869C-F785091D313E} - (no file)
O2 - BHO: (no name) - {651DA460-C8D1-926D-7E35-8258A39BB7C2} - (no file)
O2 - BHO: (no name) - {655D9CE4-1199-9A9A-0FBD-E8A5D9B1F5E2} - (no file)
O2 - BHO: (no name) - {65E6A8E0-A67C-0CE3-B885-D53EA9292B40} - (no file)
O2 - BHO: (no name) - {66059432-BCBA-0EE4-3589-73A184B410A7} - (no file)
O2 - BHO: (no name) - {66EF3492-6791-E464-2878-82061A226166} - (no file)
O2 - BHO: (no name) - {66FE21E9-AAFF-8176-C0E2-D570E58BD83C} - (no file)
O2 - BHO: (no name) - {6710E207-EFC7-1C96-3147-541E4D262257} - (no file)
O2 - BHO: (no name) - {675A16BB-A0C2-544F-5D5E-A550A9BAAF78} - (no file)
O2 - BHO: (no name) - {67AEDFB1-0043-97AE-1698-E8CD34535DC1} - (no file)
O2 - BHO: (no name) - {684A4F84-6F56-6515-3E4E-6D61D0429D9D} - (no file)
O2 - BHO: (no name) - {6A13ADA3-C5ED-A8BF-31FF-6DF2066F992B} - (no file)
O2 - BHO: (no name) - {6A9852CC-FCBB-61A5-41A1-2EDA8230AEC5} - (no file)
O2 - BHO: (no name) - {6AA2FAA7-58D2-CF49-456B-FCAAE70B8816} - (no file)
O2 - BHO: (no name) - {6AA46007-7E40-353F-4B29-4EB589B6027B} - (no file)
O2 - BHO: (no name) - {6AB04E20-C7FB-1976-45F0-4507AA485E64} - (no file)
O2 - BHO: (no name) - {6CC44B15-6905-EBA8-53C9-7C5E5A25BE5F} - (no file)
O2 - BHO: (no name) - {6D4FA3A0-BE29-2407-A0C1-4CFF3DD6BA5D} - (no file)
O2 - BHO: (no name) - {6D5086FD-B70A-A21D-970A-511772E1A75C} - (no file)
O2 - BHO: (no name) - {6E0F0093-EF04-1478-FE8A-D4B3176F0CE3} - (no file)
O2 - BHO: (no name) - {6EE656A7-0F99-3D1A-3DF9-EA00C07DD460} - (no file)
O2 - BHO: (no name) - {6F455C0C-D11A-ABFC-AD04-0AE9398535D9} - (no file)
O2 - BHO: (no name) - {6F61BA9A-5EA1-7903-5454-DCA081431490} - (no file)
O2 - BHO: (no name) - {6FA4B57A-E37E-8AFD-A982-153401F912D4} - (no file)
O2 - BHO: (no name) - {70B6D242-A76A-A3E8-4E2F-D03FF4541BA9} - (no file)
O2 - BHO: (no name) - {71167969-C63A-6FB0-2E12-19AC38D1B9B1} - (no file)
O2 - BHO: (no name) - {7210B24D-AB6E-A171-175B-8519DCC2086A} - (no file)
O2 - BHO: (no name) - {72A9B624-8C5D-2A66-F77F-2A9004EE69D5} - (no file)
O2 - BHO: (no name) - {73398CA1-1198-D3C3-EB62-35E5F0CEC53B} - (no file)
O2 - BHO: (no name) - {7344A8E6-E22B-8BD1-9691-FA3952D9BAEA} - (no file)
O2 - BHO: (no name) - {735E0709-7FBF-C9AF-B86A-F1F99F1C9617} - (no file)
O2 - BHO: (no name) - {739966E1-825B-10D9-49B8-69B4A3A6EFC4} - (no file)
O2 - BHO: (no name) - {75C7424E-E5B4-289A-16E2-5131C7F1BFA8} - (no file)
O2 - BHO: (no name) - {76606205-203F-F6F7-470B-FCD352D4D917} - (no file)
O2 - BHO: (no name) - {76792940-AC80-0C6D-2058-621D0D46A3D2} - (no file)
O2 - BHO: (no name) - {76B65772-6456-05AC-575B-9D567678D55E} - (no file)
O2 - BHO: (no name) - {77C394B2-8756-A4B7-D790-69CC6A75E989} - (no file)
O2 - BHO: (no name) - {786B4BBD-2875-0E73-6FA4-33EBB3208A2D} - (no file)
O2 - BHO: (no name) - {789633A1-F496-8010-8FAA-259360894C00} - (no file)
O2 - BHO: (no name) - {78A39036-DAA5-D02D-B64C-3078507E6538} - (no file)
O2 - BHO: (no name) - {78D4C8D4-B5A0-4883-C6D7-F97D04BE0876} - (no file)
O2 - BHO: (no name) - {792A8CA5-55BB-B3E8-EADD-488F2058805F} - (no file)
O2 - BHO: (no name) - {798A2A6B-B2B1-0E2F-80FF-30D52F286EFB} - (no file)
O2 - BHO: (no name) - {7B535868-EE7F-6295-94EF-17FD6F5241DC} - (no file)
O2 - BHO: (no name) - {7B9BF766-007B-0B90-4541-058C2A5DF9CD} - (no file)
O2 - BHO: (no name) - {7C25DF9E-175A-AEBC-1715-65139942B8A6} - (no file)
O2 - BHO: (no name) - {7D492E22-3773-8826-65FC-BCDE3BE460F9} - (no file)
O2 - BHO: (no name) - {7D5146F6-D764-3E31-81C8-7A0CAC5FDC8D} - (no file)
O2 - BHO: (no name) - {7D8E9033-94CD-739D-8A5B-376572E16A8C} - (no file)
O2 - BHO: (no name) - {7E64477B-18F5-69A6-A75B-60A4F6D56551} - (no file)
O2 - BHO: (no name) - {7E64AD57-7394-3483-CB89-72A7E2A76478} - (no file)
O2 - BHO: (no name) - {7E669911-FE7D-F3E4-78BC-DB3681A1083A} - (no file)
O2 - BHO: (no name) - {81B13E5A-B27C-6BB2-7C2F-E42B321541D2} - (no file)
O2 - BHO: (no name) - {81B81988-0B92-CDBD-621E-176F486E2127} - (no file)
O2 - BHO: (no name) - {81D6F3D0-B042-45A2-5F05-8B41F30D8043} - (no file)
O2 - BHO: (no name) - {81ECDBCA-1DE3-27FD-325A-F6E0C0C236CF} - (no file)
O2 - BHO: (no name) - {82592D9C-E8A7-DA3B-8BEE-BCAEAF5128CD} - (no file)
O2 - BHO: (no name) - {83241F15-A38D-4603-9874-0E32E3A2D544} - (no file)
O2 - BHO: (no name) - {8349086E-3F47-DF2F-515E-324A161E8B39} - (no file)
O2 - BHO: (no name) - {844E08A0-4257-24A4-9CC5-809E2B1A3DEB} - (no file)
O2 - BHO: (no name) - {85138801-518D-CEC2-27AE-83F4E12401F3} - (no file)
O2 - BHO: (no name) - {85350E27-DDF3-4D24-ABE1-57F9792608C9} - (no file)
O2 - BHO: (no name) - {85389C19-9846-3EB7-FED8-ECFDDEB7598A} - (no file)
O2 - BHO: (no name) - {85E56198-1317-4AA3-031F-529D9C16FA79} - (no file)
O2 - BHO: (no name) - {86041CA1-6D62-16AB-85F3-D49D60FDF6D8} - (no file)
O2 - BHO: (no name) - {86A0C09D-1B74-868D-C89A-093479621C99} - (no file)
O2 - BHO: (no name) - {87902B7F-B6D3-A213-F6A4-36452B599351} - (no file)
O2 - BHO: (no name) - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - (no file)
O2 - BHO: (no name) - {8A74F6B2-6F75-88F4-4D28-2B4D81644795} - (no file)
O2 - BHO: (no name) - {8BE3EDB0-AA55-CD1F-575D-499FFCAF6D33} - (no file)
O2 - BHO: (no name) - {8D289FF6-E61A-1E60-2906-81C70B869541} - (no file)
O2 - BHO: (no name) - {8EBA8990-F4A5-C5B5-572F-A9AAD1E6241E} - (no file)
O2 - BHO: (no name) - {8EDE058C-72DA-1A48-9FA1-88C735AA037F} - (no file)
O2 - BHO: (no name) - {8EF1A389-7342-F785-A50A-A3C78BA42012} - (no file)
O2 - BHO: (no name) - {8F602CAF-ED9C-5DE3-54F4-0D9DCC6602BF} - (no file)
O2 - BHO: (no name) - {8FA69B0F-F5CC-7651-8220-05AB77E3AF7A} - (no file)
O2 - BHO: (no name) - {905B7852-2793-427E-4E08-1C880E04C988} - (no file)
O2 - BHO: (no name) - {9066F229-F7AF-E70B-FF84-8167AE9683C7} - (no file)
O2 - BHO: (no name) - {90706F45-D241-085D-C3F4-2CA0366EF00C} - (no file)
O2 - BHO: (no name) - {9109E5D9-787B-A1A7-174B-D844BE131994} - (no file)
O2 - BHO: (no name) - {9125713D-ABCD-6F47-1A15-550E5B5622AF} - (no file)
O2 - BHO: (no name) - {9131706F-D034-5F4E-62F6-C060F737064C} - (no file)
O2 - BHO: (no name) - {91ACFEB4-563E-7346-F46B-988AF1C8F8C5} - (no file)
O2 - BHO: (no name) - {91F5C0F0-E710-7DC7-0147-FE1448C119B5} - (no file)
O2 - BHO: (no name) - {92B23F23-DA2F-827C-5375-D1C2EFF447A2} - (no file)
O2 - BHO: (no name) - {934022E3-4A67-7059-D032-46007A715210} - (no file)
O2 - BHO: (no name) - {9341B059-25B9-C093-AEB4-FF0CB478B147} - (no file)
O2 - BHO: (no name) - {95AF234B-24B1-1F78-C5C4-74F8C68C766A} - (no file)
O2 - BHO: (no name) - {95DF6FEF-35F1-2B06-F180-C457E36FD6E1} - (no file)
O2 - BHO: (no name) - {963172C1-9CFB-90AB-260B-ADEE79CDF55E} - (no file)
O2 - BHO: (no name) - {96540400-C364-871F-2E14-83ED06818F50} - (no file)
O2 - BHO: (no name) - {96F5147D-AA6C-A828-0147-591C3BA9A927} - (no file)
O2 - BHO: (no name) - {97ADA2E0-5C10-1C68-6762-039DC911BD1A} - (no file)
O2 - BHO: (no name) - {98992BEF-C386-CF53-DECE-D2A0FB2B61D0} - (no file)
O2 - BHO: (no name) - {99399FD2-2312-C70A-9033-A6E121F22B6E} - (no file)
O2 - BHO: (no name) - {99FA4172-70BA-F5F0-EB8D-3E910E0ADD26} - (no file)
O2 - BHO: (no name) - {9ABBF8BA-C35E-205B-6D84-95401DED6DAD} - (no file)
O2 - BHO: (no name) - {9CAA18AE-D292-6BEC-6BD6-BA8F78834AD3} - (no file)
O2 - BHO: (no name) - {9D7AD1A1-D86E-4CC3-76A8-49207E8BA72B} - (no file)
O2 - BHO: (no name) - {9EFD6041-C2FA-2E20-4602-C5ADBED78A3D} - (no file)
O2 - BHO: (no name) - {A24D83B9-E094-6A21-B590-76540C92DC0F} - (no file)
O2 - BHO: (no name) - {A3C98512-09FD-0565-9A8D-2101086F6A76} - (no file)
O2 - BHO: (no name) - {A5181EB4-FBCD-5B6F-4454-F9FEB6BD85FB} - (no file)
O2 - BHO: (no name) - {A65F11A0-3D1B-37FD-F86D-9AB8607151F1} - (no file)
O2 - BHO: (no name) - {A711CA3B-7C45-E209-9CFD-AA0DA8F81A41} - (no file)
O2 - BHO: (no name) - {A758BCB9-66D2-5737-DE37-3927CE58D302} - (no file)
O2 - BHO: (no name) - {A788B74B-4D59-8481-0B32-600C153729CD} - (no file)
O2 - BHO: (no name) - {A8F2321D-CD1A-6308-ECF1-C5B55DAA6D84} - (no file)
O2 - BHO: (no name) - {AB6BF02B-429E-5DB1-A63A-6E88F4899C0E} - (no file)
O2 - BHO: (no name) - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - (no file)
O2 - BHO: (no name) - {AC2FD346-B35C-A896-4487-916D3E911455} - (no file)
O2 - BHO: (no name) - {AC81EC14-3EEC-6538-2603-BABEF1F75A24} - (no file)
O2 - BHO: (no name) - {AD327E2E-D82F-9587-7D79-960A66983C17} - (no file)
O2 - BHO: (no name) - {AE9AEB8F-0E7F-D767-F3C7-AF22C0FBA643} - (no file)
O2 - BHO: (no name) - {AEBAA38C-A5F4-D0FD-904B-5A1C7FCA25AF} - (no file)
O2 - BHO: (no name) - {AF21C402-9A63-03A6-CE89-A6BBEABCD013} - (no file)
O2 - BHO: (no name) - {AFF226D4-6484-3652-603F-005908E0DFD4} - (no file)
O2 - BHO: (no name) - {B0030846-0596-1454-D1AE-FC69B7F19AC8} - (no file)
O2 - BHO: (no name) - {B10A9A8A-BFE0-3A30-47B5-BF3A196D2B94} - (no file)
O2 - BHO: (no name) - {B1E7A707-24E5-6544-421B-A738C2B36E3A} - (no file)
O2 - BHO: (no name) - {B26E180E-6248-2EE2-55AE-C6CB785F21C4} - (no file)
O2 - BHO: (no name) - {B4BF9C14-1EE5-510F-78CB-D256DA9572AA} - (no file)
O2 - BHO: (no name) - {B4D52BE0-DBD6-4F46-2633-72E374BFCB90} - (no file)
O2 - BHO: (no name) - {B64CDD57-7D96-5C6B-FBD6-F71DA48862A9} - (no file)
O2 - BHO: (no name) - {B6FBF6C9-510D-F04F-75C4-47B77E2085E8} - (no file)
O2 - BHO: (no name) - {B74FC677-1BFA-DEF5-DEB7-DBD24D544D78} - (no file)
O2 - BHO: (no name) - {B8E989AC-570B-BFD4-F982-B6FA8BC18348} - (no file)
O2 - BHO: (no name) - {B94286B3-9087-D351-F81A-C5079026EC35} - (no file)
O2 - BHO: (no name) - {B990B770-D62A-B542-EDA6-516033B76258} - (no file)
O2 - BHO: (no name) - {B9B28B37-0877-7E49-286C-63D980817566} - (no file)
O2 - BHO: (no name) - {B9FCA0E1-7B64-E16E-A3DC-00928170618E} - (no file)
O2 - BHO: (no name) - {BA8F9F33-8F0C-9419-0792-F6767ACBCD1A} - (no file)
O2 - BHO: (no name) - {BA997092-5DFF-A91F-6516-A449FC336452} - (no file)
O2 - BHO: (no name) - {BB64CF1B-EDD6-054C-3EC4-EDBA6BF43D9B} - (no file)
O2 - BHO: (no name) - {BCB3F18B-A3EB-BE2C-7060-80B3226DEA98} - (no file)
O2 - BHO: (no name) - {BE40D43B-1323-AC09-FD3D-F5F0CEEAF506} - (no file)
O2 - BHO: (no name) - {BEDE43F2-3A12-9DD6-5372-F4A978605A01} - (no file)
O2 - BHO: (no name) - {BFBFF9AA-22B3-FF5F-0EE0-C9538197D788} - (no file)
O2 - BHO: (no name) - {C0AB6C34-D1BC-32E6-9A1B-1F47822FD32E} - (no file)
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
O2 - BHO: (no name) - {C2FA3EAF-821F-A9B6-25C2-AF456704EDC8} - (no file)
O2 - BHO: (no name) - {C35AADB0-FE0C-8B29-3DF2-80B00335B70D} - (no file)
O2 - BHO: (no name) - {C37464FB-795E-818F-1740-07FBCEB881C8} - (no file)
O2 - BHO: (no name) - {C47E6517-9FEE-B27A-3EA8-BB572B11D25B} - (no file)
O2 - BHO: (no name) - {C5E5AAF1-E338-ED8E-4D57-DC8FB2DE04CB} - (no file)
O2 - BHO: (no name) - {C680FC92-CC8D-3933-941C-DB2ADEAD27D8} - (no file)
O2 - BHO: (no name) - {C68539AC-6CD1-A082-BEB2-8A3A1C72F103} - (no file)
O2 - BHO: (no name) - {C738A371-0430-6A14-07D8-FF8D00747F0E} - (no file)
O2 - BHO: (no name) - {C7D694A6-A289-DECF-ABB2-E43C2010FD00} - (no file)
O2 - BHO: (no name) - {C7E5DEDD-D9B0-41ED-404D-7720BA941F24} - (no file)
O2 - BHO: (no name) - {C8EE100B-191A-611C-5766-34F50DE08954} - (no file)
O2 - BHO: (no name) - {C8F6D58E-315A-D77E-18F7-70C0FC6A733D} - (no file)
O2 - BHO: (no name) - {CA14850C-FA9C-DE0D-27DA-8BD9DA485F0B} - (no file)
O2 - BHO: (no name) - {CA4938DF-EDB2-708B-0183-B1EF0CF56539} - (no file)
O2 - BHO: (no name) - {CAF6E144-63FF-5169-432A-A4605DE3B9A4} - (no file)
O2 - BHO: (no name) - {CBE5F226-BD90-1454-83F4-2686C681720C} - (no file)
O2 - BHO: (no name) - {CC5F15C0-4FA5-2B34-9D3E-0BB480B5C834} - (no file)
O2 - BHO: (no name) - {CDBCDF8D-F3C6-EE7D-C673-A31C7CDFB1F3} - (no file)
O2 - BHO: (no name) - {CDD86D3D-AA27-ABC8-6C93-9E5DB990A866} - (no file)
O2 - BHO: (no name) - {CEDF9A95-F8C2-F7C7-AF6C-402C203A3A1A} - (no file)
O2 - BHO: (no name) - {CF55FDE9-BA43-BE10-5455-CE366744EC0C} - (no file)
O2 - BHO: (no name) - {D017A1A4-51FE-686D-883E-896573BFFC91} - (no file)
O2 - BHO: (no name) - {D0255E6F-0063-155E-E155-8DEDD32646C8} - (no file)
O2 - BHO: (no name) - {D0369D6C-3958-4CAD-4A2F-3BD8395C5178} - (no file)
O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - (no file)
O2 - BHO: (no name) - {D30F1D3E-9A80-B7B8-660D-9D89FEB47648} - (no file)
O2 - BHO: (no name) - {D4C0E433-46E1-FD19-92D7-09B1F788A00A} - (no file)
O2 - BHO: (no name) - {D4D6E938-A715-0A71-38BD-176F21ADA2F9} - (no file)
O2 - BHO: (no name) - {D4FD3E7F-134B-3265-8C6A-C70ABD1A2E09} - (no file)
O2 - BHO: (no name) - {D54F6CB9-5429-9A95-7B59-D291228E70B8} - (no file)
O2 - BHO: (no name) - {D5728176-9B28-959A-7D04-F70661EB2619} - (no file)
O2 - BHO: (no name) - {D5803A75-94E4-D765-5CDA-5E6515E89C3E} - (no file)
O2 - BHO: (no name) - {D6D1C592-0365-F3E6-489A-C2F01E89B1E7} - (no file)
O2 - BHO: (no name) - {D6D41230-B4B7-D9FC-EDDA-A50821C38898} - (no file)
O2 - BHO: (no name) - {D7873985-8475-B74C-A508-68D1C961F6C3} - (no file)
O2 - BHO: (no name) - {D822877E-46BD-178B-A721-897CC4553D02} - (no file)
O2 - BHO: (no name) - {D83E8454-F737-08C7-6BBB-9567C0B82257} - (no file)
O2 - BHO: (no name) - {D8F83F56-26F9-C667-A9AA-64C24DF449D6} - (no file)
O2 - BHO: (no name) - {DA673768-1F75-6A22-E683-513D32CF86C7} - (no file)
O2 - BHO: (no name) - {DA69B312-479E-04FF-2B2B-F34795A0072E} - (no file)
O2 - BHO: (no name) - {DB4FEFF3-7F23-D1EC-252C-4321FF47BA66} - (no file)
O2 - BHO: (no name) - {DC7F0147-FE14-8C11-B567-602ED4468C81} - (no file)
O2 - BHO: (no name) - {DCAB9C0C-A653-82EF-F2B8-5AF28CEE929C} - (no file)
O2 - BHO: (no name) - {DDDF9214-0C39-2401-5681-788C67AD3397} - (no file)
O2 - BHO: (no name) - {DECD8E91-E600-DF80-A5DB-061BB58F74D4} - (no file)
O2 - BHO: (no name) - {DF77D786-7899-DE17-AC07-FBA8FA5E3372} - (no file)
O2 - BHO: (no name) - {E09E50A9-C957-586A-F4AB-55E38F81CBDB} - (no file)
O2 - BHO: (no name) - {E0AC35E4-96DF-00AC-6608-D6C41D33EEC8} - (no file)
O2 - BHO: (no name) - {E118C993-3E95-588B-3737-DEFDC8EAC743} - (no file)
O2 - BHO: (no name) - {E1E57F1D-C6B0-62EC-101F-B10073BE2A67} - (no file)
O2 - BHO: (no name) - {E2D1983C-BABF-2AAE-DED6-6001C5E50B35} - (no file)
O2 - BHO: (no name) - {E2EFF47C-CEA2-977D-C18B-68F6CAB7C5FD} - (no file)
O2 - BHO: (no name) - {E2FA5ADF-2EE4-349E-8197-095C5E7C1822} - (no file)
O2 - BHO: (no name) - {E2FF7285-6F6F-9283-CBCD-D4E370856A52} - (no file)
O2 - BHO: (no name) - {E487650B-242B-EE1E-0BF6-E88C8D4757E3} - (no file)
O2 - BHO: (no name) - {E4C8B99E-0103-FBC9-F6CA-7D83FF55910C} - (no file)
O2 - BHO: (no name) - {E4D02D4D-F4CA-5C75-BF5E-2EB5899148E7} - (no file)
O2 - BHO: (no name) - {E5AEC6A2-E0DA-BCCF-46E8-C8D57F1BAB09} - (no file)
O2 - BHO: (no name) - {E6793744-4C7D-13BC-5DB0-7657683A0CE5} - (no file)
O2 - BHO: (no name) - {E72D55D9-D0F9-5060-B321-D4B6575AD029} - (no file)
O2 - BHO: (no name) - {E7EA31BC-040D-2E4D-88EF-40381EB92CB7} - (no file)
O2 - BHO: (no name) - {E8BE2A5E-CEBC-9AC3-3766-2818EC5177F1} - (no file)
O2 - BHO: (no name) - {E92FEBA8-E69D-A240-4CB7-26F77F353A3E} - (no file)
O2 - BHO: (no name) - {EDD230B8-C13C-3C16-B2A6-6E905B7AAD8B} - (no file)
O2 - BHO: (no name) - {EDE089D9-4761-83C8-F9D7-A5FD309350A8} - (no file)
O2 - BHO: (no name) - {EE2AA0F1-F20F-6C4E-D617-5455B3E75016} - (no file)
O2 - BHO: (no name) - {EEBD9A89-4BF8-ABEE-35B7-D9119850B905} - (no file)
O2 - BHO: (no name) - {EF00589F-4853-36A5-3704-A19633EDC95B} - (no file)
O2 - BHO: (no name) - {EF309E36-716B-7280-E846-0F0341C2FC93} - (no file)
O2 - BHO: (no name) - {F18ECF04-6CA0-EC37-AC5B-4D74C64A9794} - (no file)
O2 - BHO: (no name) - {F2904D7B-BCC4-BBED-BEC0-AC10A5DDF462} - (no file)
O2 - BHO: (no name) - {F2AEE8C6-488F-FB83-41DC-7207FA4758DF} - (no file)
O2 - BHO: (no name) - {F4991605-C957-0BAE-49B7-A7115B539ABB} - (no file)
O2 - BHO: (no name) - {F607095C-FD2B-4343-1C4F-F77394A2E39A} - (no file)
O2 - BHO: (no name) - {F6956773-B906-6B4E-BC0B-5426597C4595} - (no file)
O2 - BHO: (no name) - {F9A8EAE7-B06F-2EC0-E63F-ED8F8566CDEA} - (no file)
O2 - BHO: (no name) - {FB04EF28-D55C-A95A-794F-75DA8F4D83AF} - (no file)
O2 - BHO: (no name) - {FB33A6C8-433D-5DBC-4293-C2A5BAD25729} - (no file)
O2 - BHO: (no name) - {FC615C15-94A5-9786-9573-BEB7DB4CC211} - (no file)
O2 - BHO: (no name) - {FD28144A-BE74-ABB6-5C2B-E60BF82588B7} - (no file)
O2 - BHO: (no name) - {FEF289B2-6015-9A71-D02D-8394ED825678} - (no file)
O2 - BHO: (no name) - {FF234288-3F3D-AAD1-5406-2B255A30CA94} - (no file)
O2 - BHO: (no name) - {FF5CE8D6-15E7-9320-B39B-A35B6BCEE89D} - (no file)
O2 - BHO: (no name) - {FF82035F-0086-8DD2-C7FF-4F5E2A38F671} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.5.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free People Search Agent] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HHJKZI5Z\FreePeopleSearchAgent_v1[1].exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [sysav] C:\Documents and Settings\Owner\Application Data\pcdefender.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {203F7D8D-F0F9-4F03-907B-1CF7BF61A327} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Poker - http://origin.games.yahoo.net/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download2.games.yahoo.com/games/ ... /dt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0686735062
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/softwa ... Plugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 38760 bytes
joannefromwork
Active Member
 
Posts: 14
Joined: June 21st, 2009, 5:04 pm

Re: help

Unread postby joannefromwork » June 23rd, 2009, 10:27 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:15 PM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Application Data\pcdefender.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\criss.dll/sp.html#10213%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {006D0367-56A7-6546-49D8-7B6D4D791008} - (no file)
O2 - BHO: (no name) - {007A6846-97DC-92B1-9E5A-E8BBFBC955C7} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00B78A2F-66BE-9875-FBF9-E1F486C65401} - (no file)
O2 - BHO: (no name) - {01575B9F-13D1-712F-6453-1A4855B87338} - (no file)
O2 - BHO: (no name) - {0285204B-8462-73CB-ADC6-BEB4CDC9ED99} - (no file)
O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)
O2 - BHO: (no name) - {03433DF4-52B3-D7BA-CE65-5B6EADF47ABE} - (no file)
O2 - BHO: (no name) - {0398569A-F6D9-89D9-F9B7-ADD52E2E6CE9} - (no file)
O2 - BHO: (no name) - {0408BD9F-FBE0-566C-EBDA-DBC97DA7E144} - (no file)
O2 - BHO: (no name) - {042575C4-89CE-6A75-2FA8-6D9D7DB2B344} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0722E1E7-9CF5-22E4-20A0-89CFDD194B32} - (no file)
O2 - BHO: (no name) - {0846276E-4539-F77E-477A-1EF23204BFBA} - (no file)
O2 - BHO: (no name) - {0847B820-A398-4483-B942-36760D79FD59} - (no file)
O2 - BHO: (no name) - {08672C48-A150-AFA8-7101-3AF575D1EB75} - (no file)
O2 - BHO: (no name) - {091C4038-4788-1043-264B-D7631428A6CA} - (no file)
O2 - BHO: (no name) - {0B945A0E-5A30-2CC6-C0B3-D102E3D0FBCD} - (no file)
O2 - BHO: (no name) - {0D74D509-86ED-D9B2-0B70-264B010B3016} - (no file)
O2 - BHO: (no name) - {0DCB9E68-E0DA-5BCC-27DD-E95405C09A42} - (no file)
O2 - BHO: (no name) - {0E09149B-AF00-347C-FBA9-72BF9910B01C} - (no file)
O2 - BHO: (no name) - {0FC10DA6-621C-EEAE-0E43-CB4CCFC5B848} - (no file)
O2 - BHO: (no name) - {0FF735ED-18CB-AF19-21F7-AC40587668DD} - (no file)
O2 - BHO: (no name) - {10123428-A96D-94DF-C71E-72AD4E1826F7} - (no file)
O2 - BHO: (no name) - {11370574-D9D8-E8CA-D626-4D6350899CDF} - (no file)
O2 - BHO: (no name) - {11897CC4-53D0-91EC-CD00-264D5155B63E} - (no file)
O2 - BHO: (no name) - {12FA8EE3-A02B-CF1E-DA5F-AEB55869AB79} - (no file)
O2 - BHO: (no name) - {150DD6A2-741C-3AC1-86EF-B9F0211447BA} - (no file)
O2 - BHO: (no name) - {15E2E41C-150E-DE06-1B0B-17338DEDCF17} - (no file)
O2 - BHO: (no name) - {169ABCBE-6762-3759-96F3-9CB54E0F3180} - (no file)
O2 - BHO: (no name) - {16D4CBB8-F877-9359-8EAD-E66E92B5C746} - (no file)
O2 - BHO: (no name) - {1792B9FA-3E36-BF91-3865-81817401288F} - (no file)
O2 - BHO: (no name) - {17AF3D30-061C-15C3-F3DD-FF77212FA819} - (no file)
O2 - BHO: (no name) - {19915FBD-83F1-27DA-3219-B044C7088F73} - (no file)
O2 - BHO: (no name) - {19925772-DE39-9691-D57F-EDB5A0FE9C94} - (no file)
O2 - BHO: (no name) - {1AF59910-7EE1-072B-A5CE-DCC5213E655E} - (no file)
O2 - BHO: (no name) - {1D0D8469-DE38-6B08-0B53-CEC13868F0DB} - (no file)
O2 - BHO: (no name) - {1DFC720A-AB9E-FEAE-2659-8F202D6BFB10} - (no file)
O2 - BHO: (no name) - {1E1674D2-E929-6572-0A8F-011D1685381B} - (no file)
O2 - BHO: (no name) - {1EB56009-AF4A-F988-33DF-14DB193479ED} - (no file)
O2 - BHO: (no name) - {1F538EA8-B9CA-F988-6EE4-567DFA2D8761} - (no file)
O2 - BHO: (no name) - {1F9CE5DA-289C-2E20-1D11-2FA0CC12FBA6} - (no file)
O2 - BHO: (no name) - {23422573-6529-05F3-758A-83DFD576733B} - (no file)
O2 - BHO: (no name) - {234598CB-5651-C6B2-5F18-5E60FF9E4057} - (no file)
O2 - BHO: (no name) - {255C0A8C-FFCB-9E14-D824-A3CA6BB01C10} - (no file)
O2 - BHO: (no name) - {25B7934D-6070-5C5F-2B54-43F1C4F8F773} - (no file)
O2 - BHO: (no name) - {27C21ADB-5220-7AE7-F703-FC7FC5F20739} - (no file)
O2 - BHO: (no name) - {28223167-A6CC-2F8F-758F-1F424FBB380E} - (no file)
O2 - BHO: (no name) - {288490AB-B9EF-D3C0-464C-36A4F2E0FE93} - (no file)
O2 - BHO: Class - {29FC7713-0FBF-1255-5EAC-A7424B375C72} - C:\WINDOWS\system32\apich32.dll (file missing)
O2 - BHO: (no name) - {2ABBD56B-11A6-D514-E153-52F711D31C89} - (no file)
O2 - BHO: (no name) - {2AD24E17-DC95-0574-2570-F62AB80C0093} - (no file)
O2 - BHO: (no name) - {2B6EC21E-CA49-C0FD-8F90-B7E4F4625626} - (no file)
O2 - BHO: (no name) - {2C0087A1-5D6B-3765-B30B-8A302FBA4596} - (no file)
O2 - BHO: (no name) - {2CF3BB33-A8D7-079C-312F-ABCFF55DD77D} - (no file)
O2 - BHO: (no name) - {2CFF1A43-5FD6-E2DC-32A4-463460127E12} - (no file)
O2 - BHO: (no name) - {2DA97AF8-D336-F788-CDA7-8EC1522A9322} - (no file)
O2 - BHO: (no name) - {2FA09459-FBD9-B08C-81EF-6EA62F5DB101} - (no file)
O2 - BHO: (no name) - {302BD18C-5709-F540-1484-1D5734FA8BCE} - (no file)
O2 - BHO: (no name) - {30A95DF7-FBEA-D763-E682-9D786EF30062} - (no file)
O2 - BHO: (no name) - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - (no file)
O2 - BHO: (no name) - {31504A42-7F23-2B60-97E8-0A7435E36855} - (no file)
O2 - BHO: (no name) - {31C94FA3-13E4-1D4B-B350-6A09F9B4EDDA} - (no file)
O2 - BHO: (no name) - {322C211D-6009-B07E-961D-2717AF0D733B} - (no file)
O2 - BHO: (no name) - {32CEA936-E07D-3518-1265-BED8174E16CE} - (no file)
O2 - BHO: (no name) - {34563B77-50A7-B32B-750C-907E592AD1F7} - (no file)
O2 - BHO: (no name) - {34A8CD29-0291-456B-C7E0-3FD293B0AE90} - (no file)
O2 - BHO: (no name) - {35E6F3EB-98D4-8805-B758-063AEB55AB54} - (no file)
O2 - BHO: (no name) - {366B2B49-46A5-CC46-2F98-6DD344CC10DF} - (no file)
O2 - BHO: (no name) - {3708D630-F75A-A94E-CC74-1A00A8A13D28} - (no file)
O2 - BHO: (no name) - {37CF5456-717A-C95A-6D5F-7653A2E09649} - (no file)
O2 - BHO: (no name) - {38C7E16E-F3BB-831A-1230-372B1E0B4CDF} - (no file)
O2 - BHO: (no name) - {38D49E75-22AD-792C-2E36-24F44A9A7E2D} - (no file)
O2 - BHO: (no name) - {38EA0CAA-4D49-69DB-E8BB-183E8C5DF74E} - (no file)
O2 - BHO: (no name) - {3966C64B-A81F-E339-FCB7-FADA509397A0} - (no file)
O2 - BHO: (no name) - {39DE0716-6F8E-C7E3-C153-96F9D87C6701} - (no file)
O2 - BHO: (no name) - {3BBF5CF1-894A-B6F8-92B6-EFB8F4B6478F} - (no file)
O2 - BHO: (no name) - {3C69E401-83BA-7846-3959-9348791DBFD2} - (no file)
O2 - BHO: (no name) - {3C6CC514-0686-8D4A-3795-115CE35C21E9} - (no file)
O2 - BHO: (no name) - {3D0423F1-07E5-F3F2-99CC-1F7A196C6518} - (no file)
O2 - BHO: (no name) - {3E5873BE-1492-F72B-6B5A-6BFA24C941F4} - (no file)
O2 - BHO: (no name) - {3E7E5F4A-D54C-BA7F-16E3-59118D0D4537} - (no file)
O2 - BHO: (no name) - {3E9299CE-589B-4D8F-1BB7-1BB410CBAC8C} - (no file)
O2 - BHO: (no name) - {3EE97F31-5E94-78B0-8A51-18BEDACA18C9} - (no file)
O2 - BHO: (no name) - {3F787872-61C2-E14A-5458-CFF5381DEA94} - (no file)
O2 - BHO: (no name) - {40435204-5FF3-A72D-C4F6-26F9B7CF3238} - (no file)
O2 - BHO: (no name) - {41D2B4DA-7A72-4D83-2AB1-ABC9369BAC74} - (no file)
O2 - BHO: (no name) - {426F9880-9CAD-66DD-F6D8-7B9E676227E9} - (no file)
O2 - BHO: (no name) - {427DC0FE-1732-761D-24CD-41DBCD4FA0C4} - (no file)
O2 - BHO: (no name) - {456A6CEE-8316-4A72-DFA8-73971797E2FD} - (no file)
O2 - BHO: (no name) - {4572D733-0BB8-CDBF-7B5C-C350E3677E41} - (no file)
O2 - BHO: (no name) - {4658D29C-3757-D839-4290-F6B07C07A97C} - (no file)
O2 - BHO: (no name) - {47AC66D0-CE97-D311-E35F-40428823161F} - (no file)
O2 - BHO: (no name) - {4821F0A9-6325-2CAF-5670-EDC8BD318C5D} - (no file)
O2 - BHO: (no name) - {483BB598-6B58-345A-9D87-E58BE73678B1} - (no file)
O2 - BHO: (no name) - {4873121D-827E-1BD4-1A2C-B5A0C13C9785} - (no file)
O2 - BHO: (no name) - {498499E4-2F9A-DCBE-1470-CEC340E0B528} - (no file)
O2 - BHO: (no name) - {49F8F604-B7AC-5876-933A-2E3729E47B49} - (no file)
O2 - BHO: (no name) - {4AA78A1C-2787-A2EF-75B3-675D072C942A} - (no file)
O2 - BHO: (no name) - {4B49C233-41E6-542A-7DCB-BB3C0869BABE} - (no file)
O2 - BHO: (no name) - {4B4BF72B-6C7F-079E-30DB-E0CDC91EBCF6} - (no file)
O2 - BHO: (no name) - {4BFC7FE6-B35F-3704-E7D3-2A70AD25A4A7} - (no file)
O2 - BHO: (no name) - {4D3C3AFE-BB7F-ECE3-B414-B58B6B0A02B0} - (no file)
O2 - BHO: (no name) - {4D7C2D84-2B00-146D-CAF2-38E8743204A2} - (no file)
O2 - BHO: (no name) - {4D9B404B-055C-B793-064E-D6C64CC0CE64} - (no file)
O2 - BHO: (no name) - {4E367784-F4CD-00AD-8490-A4619B7AAF21} - (no file)
O2 - BHO: (no name) - {4ED85423-FEC4-7CF6-EF19-3934F47AD27B} - (no file)
O2 - BHO: (no name) - {4EE57E98-2B5C-B792-7B77-6A09FFB2DB5D} - (no file)
O2 - BHO: (no name) - {4F5FD300-8951-6232-0D6D-80B285FE1802} - (no file)
O2 - BHO: (no name) - {50AB10A9-D9E5-C675-37D6-7214CC18DEDC} - (no file)
O2 - BHO: (no name) - {51367E92-AA2E-16A5-49FF-93BFC70C151B} - (no file)
O2 - BHO: (no name) - {513E86B0-D516-B255-E656-DEF35121232E} - (no file)
O2 - BHO: (no name) - {5143F0E1-B003-516B-A5FE-961EDECF25BE} - (no file)
O2 - BHO: (no name) - {514AD317-D072-49A6-8F45-BCC1983F2289} - (no file)
O2 - BHO: (no name) - {52CD0F8D-B479-321E-14B5-AAC47839633C} - (no file)
O2 - BHO: (no name) - {52F8F9CD-14A9-B376-D6F1-0CF3B6100277} - (no file)
O2 - BHO: (no name) - {5341F52F-9CCF-343D-25AE-3C3DC70625D1} - (no file)
O2 - BHO: (no name) - {5364ABD3-3300-341C-1D26-05C46F9627DD} - (no file)
O2 - BHO: (no name) - {545644A9-6FBE-18E7-255E-29EE10D8F3B7} - (no file)
O2 - BHO: (no name) - {5485EF8B-02AF-D770-F042-41C97146169F} - (no file)
O2 - BHO: (no name) - {55C2A982-5FB8-705D-AB13-7616770AA2ED} - (no file)
O2 - BHO: (no name) - {55FDE9FB-433B-10B5-55CC-366744EC0C21} - (no file)
O2 - BHO: (no name) - {5677AA14-4828-04F9-BE46-9B83A0F0652F} - (no file)
O2 - BHO: (no name) - {5713EC5F-5F51-7D50-B10E-763DD1BC0ABC} - (no file)
O2 - BHO: (no name) - {589C2260-26D5-FF39-DD1D-9A4F791A1C96} - (no file)
O2 - BHO: (no name) - {595AD4D2-88BB-5563-8BB4-F6F7AC5BB382} - (no file)
O2 - BHO: (no name) - {5973AE8B-B1D4-58C7-0629-E633DD3F8550} - (no file)
O2 - BHO: (no name) - {5A0FBFB4-9E43-D3EA-1A21-B85429F80041} - (no file)
O2 - BHO: (no name) - {5A0FD565-802B-E900-AEE8-0B54D63166B3} - (no file)
O2 - BHO: (no name) - {5AC1207D-C0DC-989C-3C2A-6A2FD0424A63} - (no file)
O2 - BHO: (no name) - {5ADBC662-7902-CAC4-D18A-CD699FB2A6CD} - (no file)
O2 - BHO: (no name) - {5B608D3F-ABAC-DD59-87F8-B4D199FA3D0E} - (no file)
O2 - BHO: (no name) - {5C32B1F7-AC71-BBEE-CC0B-2FA5E116AA6C} - (no file)
O2 - BHO: (no name) - {5D1F9D91-369E-9436-1F3D-1D229ECB536B} - (no file)
O2 - BHO: (no name) - {5E401E95-F815-BE2D-118F-4939794C5869} - (no file)
O2 - BHO: (no name) - {61B9FC5F-C646-B4CB-869C-F785091D313E} - (no file)
O2 - BHO: (no name) - {651DA460-C8D1-926D-7E35-8258A39BB7C2} - (no file)
O2 - BHO: (no name) - {655D9CE4-1199-9A9A-0FBD-E8A5D9B1F5E2} - (no file)
O2 - BHO: (no name) - {65E6A8E0-A67C-0CE3-B885-D53EA9292B40} - (no file)
O2 - BHO: (no name) - {66059432-BCBA-0EE4-3589-73A184B410A7} - (no file)
O2 - BHO: (no name) - {66EF3492-6791-E464-2878-82061A226166} - (no file)
O2 - BHO: (no name) - {66FE21E9-AAFF-8176-C0E2-D570E58BD83C} - (no file)
O2 - BHO: (no name) - {6710E207-EFC7-1C96-3147-541E4D262257} - (no file)
O2 - BHO: (no name) - {675A16BB-A0C2-544F-5D5E-A550A9BAAF78} - (no file)
O2 - BHO: (no name) - {67AEDFB1-0043-97AE-1698-E8CD34535DC1} - (no file)
O2 - BHO: (no name) - {684A4F84-6F56-6515-3E4E-6D61D0429D9D} - (no file)
O2 - BHO: (no name) - {6A13ADA3-C5ED-A8BF-31FF-6DF2066F992B} - (no file)
O2 - BHO: (no name) - {6A9852CC-FCBB-61A5-41A1-2EDA8230AEC5} - (no file)
O2 - BHO: (no name) - {6AA2FAA7-58D2-CF49-456B-FCAAE70B8816} - (no file)
O2 - BHO: (no name) - {6AA46007-7E40-353F-4B29-4EB589B6027B} - (no file)
O2 - BHO: (no name) - {6AB04E20-C7FB-1976-45F0-4507AA485E64} - (no file)
O2 - BHO: (no name) - {6CC44B15-6905-EBA8-53C9-7C5E5A25BE5F} - (no file)
O2 - BHO: (no name) - {6D4FA3A0-BE29-2407-A0C1-4CFF3DD6BA5D} - (no file)
O2 - BHO: (no name) - {6D5086FD-B70A-A21D-970A-511772E1A75C} - (no file)
O2 - BHO: (no name) - {6E0F0093-EF04-1478-FE8A-D4B3176F0CE3} - (no file)
O2 - BHO: (no name) - {6EE656A7-0F99-3D1A-3DF9-EA00C07DD460} - (no file)
O2 - BHO: (no name) - {6F455C0C-D11A-ABFC-AD04-0AE9398535D9} - (no file)
O2 - BHO: (no name) - {6F61BA9A-5EA1-7903-5454-DCA081431490} - (no file)
O2 - BHO: (no name) - {6FA4B57A-E37E-8AFD-A982-153401F912D4} - (no file)
O2 - BHO: (no name) - {70B6D242-A76A-A3E8-4E2F-D03FF4541BA9} - (no file)
O2 - BHO: (no name) - {71167969-C63A-6FB0-2E12-19AC38D1B9B1} - (no file)
O2 - BHO: (no name) - {7210B24D-AB6E-A171-175B-8519DCC2086A} - (no file)
O2 - BHO: (no name) - {72A9B624-8C5D-2A66-F77F-2A9004EE69D5} - (no file)
O2 - BHO: (no name) - {73398CA1-1198-D3C3-EB62-35E5F0CEC53B} - (no file)
O2 - BHO: (no name) - {7344A8E6-E22B-8BD1-9691-FA3952D9BAEA} - (no file)
O2 - BHO: (no name) - {735E0709-7FBF-C9AF-B86A-F1F99F1C9617} - (no file)
O2 - BHO: (no name) - {739966E1-825B-10D9-49B8-69B4A3A6EFC4} - (no file)
O2 - BHO: (no name) - {75C7424E-E5B4-289A-16E2-5131C7F1BFA8} - (no file)
O2 - BHO: (no name) - {76606205-203F-F6F7-470B-FCD352D4D917} - (no file)
O2 - BHO: (no name) - {76792940-AC80-0C6D-2058-621D0D46A3D2} - (no file)
O2 - BHO: (no name) - {76B65772-6456-05AC-575B-9D567678D55E} - (no file)
O2 - BHO: (no name) - {77C394B2-8756-A4B7-D790-69CC6A75E989} - (no file)
O2 - BHO: (no name) - {786B4BBD-2875-0E73-6FA4-33EBB3208A2D} - (no file)
O2 - BHO: (no name) - {789633A1-F496-8010-8FAA-259360894C00} - (no file)
O2 - BHO: (no name) - {78A39036-DAA5-D02D-B64C-3078507E6538} - (no file)
O2 - BHO: (no name) - {78D4C8D4-B5A0-4883-C6D7-F97D04BE0876} - (no file)
O2 - BHO: (no name) - {792A8CA5-55BB-B3E8-EADD-488F2058805F} - (no file)
O2 - BHO: (no name) - {798A2A6B-B2B1-0E2F-80FF-30D52F286EFB} - (no file)
O2 - BHO: (no name) - {7B535868-EE7F-6295-94EF-17FD6F5241DC} - (no file)
O2 - BHO: (no name) - {7B9BF766-007B-0B90-4541-058C2A5DF9CD} - (no file)
O2 - BHO: (no name) - {7C25DF9E-175A-AEBC-1715-65139942B8A6} - (no file)
O2 - BHO: (no name) - {7D492E22-3773-8826-65FC-BCDE3BE460F9} - (no file)
O2 - BHO: (no name) - {7D5146F6-D764-3E31-81C8-7A0CAC5FDC8D} - (no file)
O2 - BHO: (no name) - {7D8E9033-94CD-739D-8A5B-376572E16A8C} - (no file)
O2 - BHO: (no name) - {7E64477B-18F5-69A6-A75B-60A4F6D56551} - (no file)
O2 - BHO: (no name) - {7E64AD57-7394-3483-CB89-72A7E2A76478} - (no file)
O2 - BHO: (no name) - {7E669911-FE7D-F3E4-78BC-DB3681A1083A} - (no file)
O2 - BHO: (no name) - {81B13E5A-B27C-6BB2-7C2F-E42B321541D2} - (no file)
O2 - BHO: (no name) - {81B81988-0B92-CDBD-621E-176F486E2127} - (no file)
O2 - BHO: (no name) - {81D6F3D0-B042-45A2-5F05-8B41F30D8043} - (no file)
O2 - BHO: (no name) - {81ECDBCA-1DE3-27FD-325A-F6E0C0C236CF} - (no file)
O2 - BHO: (no name) - {82592D9C-E8A7-DA3B-8BEE-BCAEAF5128CD} - (no file)
O2 - BHO: (no name) - {83241F15-A38D-4603-9874-0E32E3A2D544} - (no file)
O2 - BHO: (no name) - {8349086E-3F47-DF2F-515E-324A161E8B39} - (no file)
O2 - BHO: (no name) - {844E08A0-4257-24A4-9CC5-809E2B1A3DEB} - (no file)
O2 - BHO: (no name) - {85138801-518D-CEC2-27AE-83F4E12401F3} - (no file)
O2 - BHO: (no name) - {85350E27-DDF3-4D24-ABE1-57F9792608C9} - (no file)
O2 - BHO: (no name) - {85389C19-9846-3EB7-FED8-ECFDDEB7598A} - (no file)
O2 - BHO: (no name) - {85E56198-1317-4AA3-031F-529D9C16FA79} - (no file)
O2 - BHO: (no name) - {86041CA1-6D62-16AB-85F3-D49D60FDF6D8} - (no file)
O2 - BHO: (no name) - {86A0C09D-1B74-868D-C89A-093479621C99} - (no file)
O2 - BHO: (no name) - {87902B7F-B6D3-A213-F6A4-36452B599351} - (no file)
O2 - BHO: (no name) - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - (no file)
O2 - BHO: (no name) - {8A74F6B2-6F75-88F4-4D28-2B4D81644795} - (no file)
O2 - BHO: (no name) - {8BE3EDB0-AA55-CD1F-575D-499FFCAF6D33} - (no file)
O2 - BHO: (no name) - {8D289FF6-E61A-1E60-2906-81C70B869541} - (no file)
O2 - BHO: (no name) - {8EBA8990-F4A5-C5B5-572F-A9AAD1E6241E} - (no file)
O2 - BHO: (no name) - {8EDE058C-72DA-1A48-9FA1-88C735AA037F} - (no file)
O2 - BHO: (no name) - {8EF1A389-7342-F785-A50A-A3C78BA42012} - (no file)
O2 - BHO: (no name) - {8F602CAF-ED9C-5DE3-54F4-0D9DCC6602BF} - (no file)
O2 - BHO: (no name) - {8FA69B0F-F5CC-7651-8220-05AB77E3AF7A} - (no file)
O2 - BHO: (no name) - {905B7852-2793-427E-4E08-1C880E04C988} - (no file)
O2 - BHO: (no name) - {9066F229-F7AF-E70B-FF84-8167AE9683C7} - (no file)
O2 - BHO: (no name) - {90706F45-D241-085D-C3F4-2CA0366EF00C} - (no file)
O2 - BHO: (no name) - {9109E5D9-787B-A1A7-174B-D844BE131994} - (no file)
O2 - BHO: (no name) - {9125713D-ABCD-6F47-1A15-550E5B5622AF} - (no file)
O2 - BHO: (no name) - {9131706F-D034-5F4E-62F6-C060F737064C} - (no file)
O2 - BHO: (no name) - {91ACFEB4-563E-7346-F46B-988AF1C8F8C5} - (no file)
O2 - BHO: (no name) - {91F5C0F0-E710-7DC7-0147-FE1448C119B5} - (no file)
O2 - BHO: (no name) - {92B23F23-DA2F-827C-5375-D1C2EFF447A2} - (no file)
O2 - BHO: (no name) - {934022E3-4A67-7059-D032-46007A715210} - (no file)
O2 - BHO: (no name) - {9341B059-25B9-C093-AEB4-FF0CB478B147} - (no file)
O2 - BHO: (no name) - {95AF234B-24B1-1F78-C5C4-74F8C68C766A} - (no file)
O2 - BHO: (no name) - {95DF6FEF-35F1-2B06-F180-C457E36FD6E1} - (no file)
O2 - BHO: (no name) - {963172C1-9CFB-90AB-260B-ADEE79CDF55E} - (no file)
O2 - BHO: (no name) - {96540400-C364-871F-2E14-83ED06818F50} - (no file)
O2 - BHO: (no name) - {96F5147D-AA6C-A828-0147-591C3BA9A927} - (no file)
O2 - BHO: (no name) - {97ADA2E0-5C10-1C68-6762-039DC911BD1A} - (no file)
O2 - BHO: (no name) - {98992BEF-C386-CF53-DECE-D2A0FB2B61D0} - (no file)
O2 - BHO: (no name) - {99399FD2-2312-C70A-9033-A6E121F22B6E} - (no file)
O2 - BHO: (no name) - {99FA4172-70BA-F5F0-EB8D-3E910E0ADD26} - (no file)
O2 - BHO: (no name) - {9ABBF8BA-C35E-205B-6D84-95401DED6DAD} - (no file)
O2 - BHO: (no name) - {9CAA18AE-D292-6BEC-6BD6-BA8F78834AD3} - (no file)
O2 - BHO: (no name) - {9D7AD1A1-D86E-4CC3-76A8-49207E8BA72B} - (no file)
O2 - BHO: (no name) - {9EFD6041-C2FA-2E20-4602-C5ADBED78A3D} - (no file)
O2 - BHO: (no name) - {A24D83B9-E094-6A21-B590-76540C92DC0F} - (no file)
O2 - BHO: (no name) - {A3C98512-09FD-0565-9A8D-2101086F6A76} - (no file)
O2 - BHO: (no name) - {A5181EB4-FBCD-5B6F-4454-F9FEB6BD85FB} - (no file)
O2 - BHO: (no name) - {A65F11A0-3D1B-37FD-F86D-9AB8607151F1} - (no file)
O2 - BHO: (no name) - {A711CA3B-7C45-E209-9CFD-AA0DA8F81A41} - (no file)
O2 - BHO: (no name) - {A758BCB9-66D2-5737-DE37-3927CE58D302} - (no file)
O2 - BHO: (no name) - {A788B74B-4D59-8481-0B32-600C153729CD} - (no file)
O2 - BHO: (no name) - {A8F2321D-CD1A-6308-ECF1-C5B55DAA6D84} - (no file)
O2 - BHO: (no name) - {AB6BF02B-429E-5DB1-A63A-6E88F4899C0E} - (no file)
O2 - BHO: (no name) - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - (no file)
O2 - BHO: (no name) - {AC2FD346-B35C-A896-4487-916D3E911455} - (no file)
O2 - BHO: (no name) - {AC81EC14-3EEC-6538-2603-BABEF1F75A24} - (no file)
O2 - BHO: (no name) - {AD327E2E-D82F-9587-7D79-960A66983C17} - (no file)
O2 - BHO: (no name) - {AE9AEB8F-0E7F-D767-F3C7-AF22C0FBA643} - (no file)
O2 - BHO: (no name) - {AEBAA38C-A5F4-D0FD-904B-5A1C7FCA25AF} - (no file)
O2 - BHO: (no name) - {AF21C402-9A63-03A6-CE89-A6BBEABCD013} - (no file)
O2 - BHO: (no name) - {AFF226D4-6484-3652-603F-005908E0DFD4} - (no file)
O2 - BHO: (no name) - {B0030846-0596-1454-D1AE-FC69B7F19AC8} - (no file)
O2 - BHO: (no name) - {B10A9A8A-BFE0-3A30-47B5-BF3A196D2B94} - (no file)
O2 - BHO: (no name) - {B1E7A707-24E5-6544-421B-A738C2B36E3A} - (no file)
O2 - BHO: (no name) - {B26E180E-6248-2EE2-55AE-C6CB785F21C4} - (no file)
O2 - BHO: (no name) - {B4BF9C14-1EE5-510F-78CB-D256DA9572AA} - (no file)
O2 - BHO: (no name) - {B4D52BE0-DBD6-4F46-2633-72E374BFCB90} - (no file)
O2 - BHO: (no name) - {B64CDD57-7D96-5C6B-FBD6-F71DA48862A9} - (no file)
O2 - BHO: (no name) - {B6FBF6C9-510D-F04F-75C4-47B77E2085E8} - (no file)
O2 - BHO: (no name) - {B74FC677-1BFA-DEF5-DEB7-DBD24D544D78} - (no file)
O2 - BHO: (no name) - {B8E989AC-570B-BFD4-F982-B6FA8BC18348} - (no file)
O2 - BHO: (no name) - {B94286B3-9087-D351-F81A-C5079026EC35} - (no file)
O2 - BHO: (no name) - {B990B770-D62A-B542-EDA6-516033B76258} - (no file)
O2 - BHO: (no name) - {B9B28B37-0877-7E49-286C-63D980817566} - (no file)
O2 - BHO: (no name) - {B9FCA0E1-7B64-E16E-A3DC-00928170618E} - (no file)
O2 - BHO: (no name) - {BA8F9F33-8F0C-9419-0792-F6767ACBCD1A} - (no file)
O2 - BHO: (no name) - {BA997092-5DFF-A91F-6516-A449FC336452} - (no file)
O2 - BHO: (no name) - {BB64CF1B-EDD6-054C-3EC4-EDBA6BF43D9B} - (no file)
O2 - BHO: (no name) - {BCB3F18B-A3EB-BE2C-7060-80B3226DEA98} - (no file)
O2 - BHO: (no name) - {BE40D43B-1323-AC09-FD3D-F5F0CEEAF506} - (no file)
O2 - BHO: (no name) - {BEDE43F2-3A12-9DD6-5372-F4A978605A01} - (no file)
O2 - BHO: (no name) - {BFBFF9AA-22B3-FF5F-0EE0-C9538197D788} - (no file)
O2 - BHO: (no name) - {C0AB6C34-D1BC-32E6-9A1B-1F47822FD32E} - (no file)
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
O2 - BHO: (no name) - {C2FA3EAF-821F-A9B6-25C2-AF456704EDC8} - (no file)
O2 - BHO: (no name) - {C35AADB0-FE0C-8B29-3DF2-80B00335B70D} - (no file)
O2 - BHO: (no name) - {C37464FB-795E-818F-1740-07FBCEB881C8} - (no file)
O2 - BHO: (no name) - {C47E6517-9FEE-B27A-3EA8-BB572B11D25B} - (no file)
O2 - BHO: (no name) - {C5E5AAF1-E338-ED8E-4D57-DC8FB2DE04CB} - (no file)
O2 - BHO: (no name) - {C680FC92-CC8D-3933-941C-DB2ADEAD27D8} - (no file)
O2 - BHO: (no name) - {C68539AC-6CD1-A082-BEB2-8A3A1C72F103} - (no file)
O2 - BHO: (no name) - {C738A371-0430-6A14-07D8-FF8D00747F0E} - (no file)
O2 - BHO: (no name) - {C7D694A6-A289-DECF-ABB2-E43C2010FD00} - (no file)
O2 - BHO: (no name) - {C7E5DEDD-D9B0-41ED-404D-7720BA941F24} - (no file)
O2 - BHO: (no name) - {C8EE100B-191A-611C-5766-34F50DE08954} - (no file)
O2 - BHO: (no name) - {C8F6D58E-315A-D77E-18F7-70C0FC6A733D} - (no file)
O2 - BHO: (no name) - {CA14850C-FA9C-DE0D-27DA-8BD9DA485F0B} - (no file)
O2 - BHO: (no name) - {CA4938DF-EDB2-708B-0183-B1EF0CF56539} - (no file)
O2 - BHO: (no name) - {CAF6E144-63FF-5169-432A-A4605DE3B9A4} - (no file)
O2 - BHO: (no name) - {CBE5F226-BD90-1454-83F4-2686C681720C} - (no file)
O2 - BHO: (no name) - {CC5F15C0-4FA5-2B34-9D3E-0BB480B5C834} - (no file)
O2 - BHO: (no name) - {CDBCDF8D-F3C6-EE7D-C673-A31C7CDFB1F3} - (no file)
O2 - BHO: (no name) - {CDD86D3D-AA27-ABC8-6C93-9E5DB990A866} - (no file)
O2 - BHO: (no name) - {CEDF9A95-F8C2-F7C7-AF6C-402C203A3A1A} - (no file)
O2 - BHO: (no name) - {CF55FDE9-BA43-BE10-5455-CE366744EC0C} - (no file)
O2 - BHO: (no name) - {D017A1A4-51FE-686D-883E-896573BFFC91} - (no file)
O2 - BHO: (no name) - {D0255E6F-0063-155E-E155-8DEDD32646C8} - (no file)
O2 - BHO: (no name) - {D0369D6C-3958-4CAD-4A2F-3BD8395C5178} - (no file)
O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - (no file)
O2 - BHO: (no name) - {D30F1D3E-9A80-B7B8-660D-9D89FEB47648} - (no file)
O2 - BHO: (no name) - {D4C0E433-46E1-FD19-92D7-09B1F788A00A} - (no file)
O2 - BHO: (no name) - {D4D6E938-A715-0A71-38BD-176F21ADA2F9} - (no file)
O2 - BHO: (no name) - {D4FD3E7F-134B-3265-8C6A-C70ABD1A2E09} - (no file)
O2 - BHO: (no name) - {D54F6CB9-5429-9A95-7B59-D291228E70B8} - (no file)
O2 - BHO: (no name) - {D5728176-9B28-959A-7D04-F70661EB2619} - (no file)
O2 - BHO: (no name) - {D5803A75-94E4-D765-5CDA-5E6515E89C3E} - (no file)
O2 - BHO: (no name) - {D6D1C592-0365-F3E6-489A-C2F01E89B1E7} - (no file)
O2 - BHO: (no name) - {D6D41230-B4B7-D9FC-EDDA-A50821C38898} - (no file)
O2 - BHO: (no name) - {D7873985-8475-B74C-A508-68D1C961F6C3} - (no file)
O2 - BHO: (no name) - {D822877E-46BD-178B-A721-897CC4553D02} - (no file)
O2 - BHO: (no name) - {D83E8454-F737-08C7-6BBB-9567C0B82257} - (no file)
O2 - BHO: (no name) - {D8F83F56-26F9-C667-A9AA-64C24DF449D6} - (no file)
O2 - BHO: (no name) - {DA673768-1F75-6A22-E683-513D32CF86C7} - (no file)
O2 - BHO: (no name) - {DA69B312-479E-04FF-2B2B-F34795A0072E} - (no file)
O2 - BHO: (no name) - {DB4FEFF3-7F23-D1EC-252C-4321FF47BA66} - (no file)
O2 - BHO: (no name) - {DC7F0147-FE14-8C11-B567-602ED4468C81} - (no file)
O2 - BHO: (no name) - {DCAB9C0C-A653-82EF-F2B8-5AF28CEE929C} - (no file)
O2 - BHO: (no name) - {DDDF9214-0C39-2401-5681-788C67AD3397} - (no file)
O2 - BHO: (no name) - {DECD8E91-E600-DF80-A5DB-061BB58F74D4} - (no file)
O2 - BHO: (no name) - {DF77D786-7899-DE17-AC07-FBA8FA5E3372} - (no file)
O2 - BHO: (no name) - {E09E50A9-C957-586A-F4AB-55E38F81CBDB} - (no file)
O2 - BHO: (no name) - {E0AC35E4-96DF-00AC-6608-D6C41D33EEC8} - (no file)
O2 - BHO: (no name) - {E118C993-3E95-588B-3737-DEFDC8EAC743} - (no file)
O2 - BHO: (no name) - {E1E57F1D-C6B0-62EC-101F-B10073BE2A67} - (no file)
O2 - BHO: (no name) - {E2D1983C-BABF-2AAE-DED6-6001C5E50B35} - (no file)
O2 - BHO: (no name) - {E2EFF47C-CEA2-977D-C18B-68F6CAB7C5FD} - (no file)
O2 - BHO: (no name) - {E2FA5ADF-2EE4-349E-8197-095C5E7C1822} - (no file)
O2 - BHO: (no name) - {E2FF7285-6F6F-9283-CBCD-D4E370856A52} - (no file)
O2 - BHO: (no name) - {E487650B-242B-EE1E-0BF6-E88C8D4757E3} - (no file)
O2 - BHO: (no name) - {E4C8B99E-0103-FBC9-F6CA-7D83FF55910C} - (no file)
O2 - BHO: (no name) - {E4D02D4D-F4CA-5C75-BF5E-2EB5899148E7} - (no file)
O2 - BHO: (no name) - {E5AEC6A2-E0DA-BCCF-46E8-C8D57F1BAB09} - (no file)
O2 - BHO: (no name) - {E6793744-4C7D-13BC-5DB0-7657683A0CE5} - (no file)
O2 - BHO: (no name) - {E72D55D9-D0F9-5060-B321-D4B6575AD029} - (no file)
O2 - BHO: (no name) - {E7EA31BC-040D-2E4D-88EF-40381EB92CB7} - (no file)
O2 - BHO: (no name) - {E8BE2A5E-CEBC-9AC3-3766-2818EC5177F1} - (no file)
O2 - BHO: (no name) - {E92FEBA8-E69D-A240-4CB7-26F77F353A3E} - (no file)
O2 - BHO: (no name) - {EDD230B8-C13C-3C16-B2A6-6E905B7AAD8B} - (no file)
O2 - BHO: (no name) - {EDE089D9-4761-83C8-F9D7-A5FD309350A8} - (no file)
O2 - BHO: (no name) - {EE2AA0F1-F20F-6C4E-D617-5455B3E75016} - (no file)
O2 - BHO: (no name) - {EEBD9A89-4BF8-ABEE-35B7-D9119850B905} - (no file)
O2 - BHO: (no name) - {EF00589F-4853-36A5-3704-A19633EDC95B} - (no file)
O2 - BHO: (no name) - {EF309E36-716B-7280-E846-0F0341C2FC93} - (no file)
O2 - BHO: (no name) - {F18ECF04-6CA0-EC37-AC5B-4D74C64A9794} - (no file)
O2 - BHO: (no name) - {F2904D7B-BCC4-BBED-BEC0-AC10A5DDF462} - (no file)
O2 - BHO: (no name) - {F2AEE8C6-488F-FB83-41DC-7207FA4758DF} - (no file)
O2 - BHO: (no name) - {F4991605-C957-0BAE-49B7-A7115B539ABB} - (no file)
O2 - BHO: (no name) - {F607095C-FD2B-4343-1C4F-F77394A2E39A} - (no file)
O2 - BHO: (no name) - {F6956773-B906-6B4E-BC0B-5426597C4595} - (no file)
O2 - BHO: (no name) - {F9A8EAE7-B06F-2EC0-E63F-ED8F8566CDEA} - (no file)
O2 - BHO: (no name) - {FB04EF28-D55C-A95A-794F-75DA8F4D83AF} - (no file)
O2 - BHO: (no name) - {FB33A6C8-433D-5DBC-4293-C2A5BAD25729} - (no file)
O2 - BHO: (no name) - {FC615C15-94A5-9786-9573-BEB7DB4CC211} - (no file)
O2 - BHO: (no name) - {FD28144A-BE74-ABB6-5C2B-E60BF82588B7} - (no file)
O2 - BHO: (no name) - {FEF289B2-6015-9A71-D02D-8394ED825678} - (no file)
O2 - BHO: (no name) - {FF234288-3F3D-AAD1-5406-2B255A30CA94} - (no file)
O2 - BHO: (no name) - {FF5CE8D6-15E7-9320-B39B-A35B6BCEE89D} - (no file)
O2 - BHO: (no name) - {FF82035F-0086-8DD2-C7FF-4F5E2A38F671} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.5.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free People Search Agent] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HHJKZI5Z\FreePeopleSearchAgent_v1[1].exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [sysav] C:\Documents and Settings\Owner\Application Data\pcdefender.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {203F7D8D-F0F9-4F03-907B-1CF7BF61A327} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Poker - http://origin.games.yahoo.net/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download2.games.yahoo.com/games/ ... /dt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0686735062
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/softwa ... Plugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 38760 bytes
joannefromwork
Active Member
 
Posts: 14
Joined: June 21st, 2009, 5:04 pm

Re: help

Unread postby Axephilic » June 24th, 2009, 1:34 pm

Download and Run ComboFix
Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.

    Image

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: help

Unread postby joannefromwork » June 24th, 2009, 10:01 pm

the log on notepad is too long to send, now what?
joannefromwork
Active Member
 
Posts: 14
Joined: June 21st, 2009, 5:04 pm

Re: help

Unread postby Axephilic » June 25th, 2009, 12:06 am

Email it to me please - *email removed for security*
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: help

Unread postby Axephilic » June 25th, 2009, 4:39 pm

Thank you for emailing me that. :)

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. Kaspersky log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: help

Unread postby joannefromwork » June 26th, 2009, 10:52 pm

can't do it
joannefromwork
Active Member
 
Posts: 14
Joined: June 21st, 2009, 5:04 pm

Re: help

Unread postby Axephilic » June 27th, 2009, 1:10 am

Alright, try this one:

Eset Online Scanner

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

In your next reply, please include:
  1. ESET log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: help

Unread postby joannefromwork » June 27th, 2009, 8:53 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=06cde4056ce0cd4fbfec1f75d7d4a442
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-06-27 12:19:59
# local_time=2009-06-27 07:19:59 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=4866 61 60 57 75173379375000
# scanned=57584
# found=21
# cleaned=0
# scan_time=3185
C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll Win32/Adware.Toolbar.Shopper application 7943E364A38DEDC4E706730BD5BB7D12
C:\Program Files\ShopperReports\Uninst.exe probably a variant of Win32/Adware.Agent application 4CCF3ECB060D0D247892566E4C772AAA
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\pcdefender.exe.vir Win32/Adware.WinPCDefender application 3128D89607CCD233AF0A90B790EDE964
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\svchost_32.exe.vir Win32/Olmarik.HG trojan BA59DCEC25DDA490FD0A235A47A06AC1
C:\Qoobox\Quarantine\C\Program Files\HbTools\Bin\4.7.5.0\Cml.exe.vir probably a variant of Win32/Adware.HotBar application 6C0C38F99A2141660AF6059F62151681
C:\Qoobox\Quarantine\C\Program Files\HbTools\Bin\4.7.5.0\dBenderC.dll.vir Win32/Adware.HotBar application B58BCC6BB0BF8D12D1185FA8F7D7BEEC
C:\Qoobox\Quarantine\C\Program Files\HbTools\Bin\4.7.5.0\HbtAds.dll.vir Win32/Adware.HotBar application B2B7CFB8F3F725001AFC6E5865AEDC98
C:\Qoobox\Quarantine\C\Program Files\HbTools\Bin\4.7.5.0\HbtGuard.exe.vir probably a variant of Win32/Adware.HotBar application AF7187A3CF86803B3CD964D17E0C1D9F
C:\Qoobox\Quarantine\C\Program Files\HbTools\Bin\4.7.5.0\HbtHostIE.dll.vir probably a variant of Win32/Adware.HotBar application A39BB72BB7AB63A056809BDDDE91A20D
C:\Qoobox\Quarantine\C\Program Files\HbTools\Bin\4.7.5.0\HbtHostOE.dll.vir Win32/Adware.HotBar application 6077A0AB7375C28C1837D832C0E6EB0C
C:\Qoobox\Quarantine\C\Program Files\HbTools\Bin\4.7.5.0\HbtOEAddOn.exe.vir Win32/Adware.HotBar application 497DC7504E538A8E6DF4EEB3ECE0C1CF
C:\Qoobox\Quarantine\C\Program Files\HbTools\Bin\4.7.5.0\ShopperReports.exe.vir multiple threats 9205B70A3DF70DB88870EBDF6F08D150
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application 9ABBE6F791C0B599A7128C9ACA27C094
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application 0B6E3C1726AF3892FA282AE448A50378
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application 9ABBE6F791C0B599A7128C9ACA27C094
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application 9ABBE6F791C0B599A7128C9ACA27C094
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application 4CD346697529EFC743A608B2F5D0CC94
C:\Qoobox\Quarantine\C\WINDOWS\ieocx.dll.vir Win32/Adware.WinPCDefender application 6F3EE130FF7AF2665495A6E5BB6A7BEA
C:\WINDOWS\DIALPASS\Internet Sex Provider\ACCESS.exe a variant of Win32/Dialer.EgroupDial application 926B2DB5D52B05C3601229616E322193
C:\WINDOWS\system32\javaew.dll Win32/TrojanDownloader.Agent.NCF trojan 22C8356C4208F02B23E9E6C3725EDD86
C:\WINDOWS\system32\ntki.dll Win32/TrojanDownloader.Agent.NCF trojan 22C8356C4208F02B23E9E6C3725EDD86

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:31 AM, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {006D0367-56A7-6546-49D8-7B6D4D791008} - (no file)
O2 - BHO: (no name) - {007A6846-97DC-92B1-9E5A-E8BBFBC955C7} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00B78A2F-66BE-9875-FBF9-E1F486C65401} - (no file)
O2 - BHO: (no name) - {01575B9F-13D1-712F-6453-1A4855B87338} - (no file)
O2 - BHO: (no name) - {0285204B-8462-73CB-ADC6-BEB4CDC9ED99} - (no file)
O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)
O2 - BHO: (no name) - {03433DF4-52B3-D7BA-CE65-5B6EADF47ABE} - (no file)
O2 - BHO: (no name) - {0398569A-F6D9-89D9-F9B7-ADD52E2E6CE9} - (no file)
O2 - BHO: (no name) - {0408BD9F-FBE0-566C-EBDA-DBC97DA7E144} - (no file)
O2 - BHO: (no name) - {042575C4-89CE-6A75-2FA8-6D9D7DB2B344} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0722E1E7-9CF5-22E4-20A0-89CFDD194B32} - (no file)
O2 - BHO: (no name) - {0846276E-4539-F77E-477A-1EF23204BFBA} - (no file)
O2 - BHO: (no name) - {0847B820-A398-4483-B942-36760D79FD59} - (no file)
O2 - BHO: (no name) - {08672C48-A150-AFA8-7101-3AF575D1EB75} - (no file)
O2 - BHO: (no name) - {091C4038-4788-1043-264B-D7631428A6CA} - (no file)
O2 - BHO: (no name) - {0B945A0E-5A30-2CC6-C0B3-D102E3D0FBCD} - (no file)
O2 - BHO: (no name) - {0D74D509-86ED-D9B2-0B70-264B010B3016} - (no file)
O2 - BHO: (no name) - {0DCB9E68-E0DA-5BCC-27DD-E95405C09A42} - (no file)
O2 - BHO: (no name) - {0E09149B-AF00-347C-FBA9-72BF9910B01C} - (no file)
O2 - BHO: (no name) - {0FC10DA6-621C-EEAE-0E43-CB4CCFC5B848} - (no file)
O2 - BHO: (no name) - {0FF735ED-18CB-AF19-21F7-AC40587668DD} - (no file)
O2 - BHO: (no name) - {10123428-A96D-94DF-C71E-72AD4E1826F7} - (no file)
O2 - BHO: (no name) - {11370574-D9D8-E8CA-D626-4D6350899CDF} - (no file)
O2 - BHO: (no name) - {11897CC4-53D0-91EC-CD00-264D5155B63E} - (no file)
O2 - BHO: (no name) - {12FA8EE3-A02B-CF1E-DA5F-AEB55869AB79} - (no file)
O2 - BHO: (no name) - {150DD6A2-741C-3AC1-86EF-B9F0211447BA} - (no file)
O2 - BHO: (no name) - {15E2E41C-150E-DE06-1B0B-17338DEDCF17} - (no file)
O2 - BHO: (no name) - {169ABCBE-6762-3759-96F3-9CB54E0F3180} - (no file)
O2 - BHO: (no name) - {16D4CBB8-F877-9359-8EAD-E66E92B5C746} - (no file)
O2 - BHO: (no name) - {1792B9FA-3E36-BF91-3865-81817401288F} - (no file)
O2 - BHO: (no name) - {17AF3D30-061C-15C3-F3DD-FF77212FA819} - (no file)
O2 - BHO: (no name) - {19915FBD-83F1-27DA-3219-B044C7088F73} - (no file)
O2 - BHO: (no name) - {19925772-DE39-9691-D57F-EDB5A0FE9C94} - (no file)
O2 - BHO: (no name) - {1AF59910-7EE1-072B-A5CE-DCC5213E655E} - (no file)
O2 - BHO: (no name) - {1D0D8469-DE38-6B08-0B53-CEC13868F0DB} - (no file)
O2 - BHO: (no name) - {1DFC720A-AB9E-FEAE-2659-8F202D6BFB10} - (no file)
O2 - BHO: (no name) - {1E1674D2-E929-6572-0A8F-011D1685381B} - (no file)
O2 - BHO: (no name) - {1EB56009-AF4A-F988-33DF-14DB193479ED} - (no file)
O2 - BHO: (no name) - {1F538EA8-B9CA-F988-6EE4-567DFA2D8761} - (no file)
O2 - BHO: (no name) - {1F9CE5DA-289C-2E20-1D11-2FA0CC12FBA6} - (no file)
O2 - BHO: (no name) - {23422573-6529-05F3-758A-83DFD576733B} - (no file)
O2 - BHO: (no name) - {234598CB-5651-C6B2-5F18-5E60FF9E4057} - (no file)
O2 - BHO: (no name) - {255C0A8C-FFCB-9E14-D824-A3CA6BB01C10} - (no file)
O2 - BHO: (no name) - {25B7934D-6070-5C5F-2B54-43F1C4F8F773} - (no file)
O2 - BHO: (no name) - {27C21ADB-5220-7AE7-F703-FC7FC5F20739} - (no file)
O2 - BHO: (no name) - {28223167-A6CC-2F8F-758F-1F424FBB380E} - (no file)
O2 - BHO: (no name) - {288490AB-B9EF-D3C0-464C-36A4F2E0FE93} - (no file)
O2 - BHO: (no name) - {29FC7713-0FBF-1255-5EAC-A7424B375C72} - (no file)
O2 - BHO: (no name) - {2ABBD56B-11A6-D514-E153-52F711D31C89} - (no file)
O2 - BHO: (no name) - {2AD24E17-DC95-0574-2570-F62AB80C0093} - (no file)
O2 - BHO: (no name) - {2B6EC21E-CA49-C0FD-8F90-B7E4F4625626} - (no file)
O2 - BHO: (no name) - {2C0087A1-5D6B-3765-B30B-8A302FBA4596} - (no file)
O2 - BHO: (no name) - {2CF3BB33-A8D7-079C-312F-ABCFF55DD77D} - (no file)
O2 - BHO: (no name) - {2CFF1A43-5FD6-E2DC-32A4-463460127E12} - (no file)
O2 - BHO: (no name) - {2DA97AF8-D336-F788-CDA7-8EC1522A9322} - (no file)
O2 - BHO: (no name) - {2FA09459-FBD9-B08C-81EF-6EA62F5DB101} - (no file)
O2 - BHO: (no name) - {302BD18C-5709-F540-1484-1D5734FA8BCE} - (no file)
O2 - BHO: (no name) - {30A95DF7-FBEA-D763-E682-9D786EF30062} - (no file)
O2 - BHO: (no name) - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - (no file)
O2 - BHO: (no name) - {31504A42-7F23-2B60-97E8-0A7435E36855} - (no file)
O2 - BHO: (no name) - {31C94FA3-13E4-1D4B-B350-6A09F9B4EDDA} - (no file)
O2 - BHO: (no name) - {322C211D-6009-B07E-961D-2717AF0D733B} - (no file)
O2 - BHO: (no name) - {32CEA936-E07D-3518-1265-BED8174E16CE} - (no file)
O2 - BHO: (no name) - {34563B77-50A7-B32B-750C-907E592AD1F7} - (no file)
O2 - BHO: (no name) - {34A8CD29-0291-456B-C7E0-3FD293B0AE90} - (no file)
O2 - BHO: (no name) - {35E6F3EB-98D4-8805-B758-063AEB55AB54} - (no file)
O2 - BHO: (no name) - {366B2B49-46A5-CC46-2F98-6DD344CC10DF} - (no file)
O2 - BHO: (no name) - {3708D630-F75A-A94E-CC74-1A00A8A13D28} - (no file)
O2 - BHO: (no name) - {37CF5456-717A-C95A-6D5F-7653A2E09649} - (no file)
O2 - BHO: (no name) - {38C7E16E-F3BB-831A-1230-372B1E0B4CDF} - (no file)
O2 - BHO: (no name) - {38D49E75-22AD-792C-2E36-24F44A9A7E2D} - (no file)
O2 - BHO: (no name) - {38EA0CAA-4D49-69DB-E8BB-183E8C5DF74E} - (no file)
O2 - BHO: (no name) - {3966C64B-A81F-E339-FCB7-FADA509397A0} - (no file)
O2 - BHO: (no name) - {39DE0716-6F8E-C7E3-C153-96F9D87C6701} - (no file)
O2 - BHO: (no name) - {3BBF5CF1-894A-B6F8-92B6-EFB8F4B6478F} - (no file)
O2 - BHO: (no name) - {3C69E401-83BA-7846-3959-9348791DBFD2} - (no file)
O2 - BHO: (no name) - {3C6CC514-0686-8D4A-3795-115CE35C21E9} - (no file)
O2 - BHO: (no name) - {3D0423F1-07E5-F3F2-99CC-1F7A196C6518} - (no file)
O2 - BHO: (no name) - {3E5873BE-1492-F72B-6B5A-6BFA24C941F4} - (no file)
O2 - BHO: (no name) - {3E7E5F4A-D54C-BA7F-16E3-59118D0D4537} - (no file)
O2 - BHO: (no name) - {3E9299CE-589B-4D8F-1BB7-1BB410CBAC8C} - (no file)
O2 - BHO: (no name) - {3EE97F31-5E94-78B0-8A51-18BEDACA18C9} - (no file)
O2 - BHO: (no name) - {3F787872-61C2-E14A-5458-CFF5381DEA94} - (no file)
O2 - BHO: (no name) - {40435204-5FF3-A72D-C4F6-26F9B7CF3238} - (no file)
O2 - BHO: (no name) - {41D2B4DA-7A72-4D83-2AB1-ABC9369BAC74} - (no file)
O2 - BHO: (no name) - {426F9880-9CAD-66DD-F6D8-7B9E676227E9} - (no file)
O2 - BHO: (no name) - {427DC0FE-1732-761D-24CD-41DBCD4FA0C4} - (no file)
O2 - BHO: (no name) - {456A6CEE-8316-4A72-DFA8-73971797E2FD} - (no file)
O2 - BHO: (no name) - {4572D733-0BB8-CDBF-7B5C-C350E3677E41} - (no file)
O2 - BHO: (no name) - {4658D29C-3757-D839-4290-F6B07C07A97C} - (no file)
O2 - BHO: (no name) - {47AC66D0-CE97-D311-E35F-40428823161F} - (no file)
O2 - BHO: (no name) - {4821F0A9-6325-2CAF-5670-EDC8BD318C5D} - (no file)
O2 - BHO: (no name) - {483BB598-6B58-345A-9D87-E58BE73678B1} - (no file)
O2 - BHO: (no name) - {4873121D-827E-1BD4-1A2C-B5A0C13C9785} - (no file)
O2 - BHO: (no name) - {498499E4-2F9A-DCBE-1470-CEC340E0B528} - (no file)
O2 - BHO: (no name) - {49F8F604-B7AC-5876-933A-2E3729E47B49} - (no file)
O2 - BHO: (no name) - {4AA78A1C-2787-A2EF-75B3-675D072C942A} - (no file)
O2 - BHO: (no name) - {4B49C233-41E6-542A-7DCB-BB3C0869BABE} - (no file)
O2 - BHO: (no name) - {4B4BF72B-6C7F-079E-30DB-E0CDC91EBCF6} - (no file)
O2 - BHO: (no name) - {4BFC7FE6-B35F-3704-E7D3-2A70AD25A4A7} - (no file)
O2 - BHO: (no name) - {4D3C3AFE-BB7F-ECE3-B414-B58B6B0A02B0} - (no file)
O2 - BHO: (no name) - {4D7C2D84-2B00-146D-CAF2-38E8743204A2} - (no file)
O2 - BHO: (no name) - {4D9B404B-055C-B793-064E-D6C64CC0CE64} - (no file)
O2 - BHO: (no name) - {4E367784-F4CD-00AD-8490-A4619B7AAF21} - (no file)
O2 - BHO: (no name) - {4ED85423-FEC4-7CF6-EF19-3934F47AD27B} - (no file)
O2 - BHO: (no name) - {4EE57E98-2B5C-B792-7B77-6A09FFB2DB5D} - (no file)
O2 - BHO: (no name) - {4F5FD300-8951-6232-0D6D-80B285FE1802} - (no file)
O2 - BHO: (no name) - {50AB10A9-D9E5-C675-37D6-7214CC18DEDC} - (no file)
O2 - BHO: (no name) - {51367E92-AA2E-16A5-49FF-93BFC70C151B} - (no file)
O2 - BHO: (no name) - {513E86B0-D516-B255-E656-DEF35121232E} - (no file)
O2 - BHO: (no name) - {5143F0E1-B003-516B-A5FE-961EDECF25BE} - (no file)
O2 - BHO: (no name) - {514AD317-D072-49A6-8F45-BCC1983F2289} - (no file)
O2 - BHO: (no name) - {52CD0F8D-B479-321E-14B5-AAC47839633C} - (no file)
O2 - BHO: (no name) - {52F8F9CD-14A9-B376-D6F1-0CF3B6100277} - (no file)
O2 - BHO: (no name) - {5341F52F-9CCF-343D-25AE-3C3DC70625D1} - (no file)
O2 - BHO: (no name) - {5364ABD3-3300-341C-1D26-05C46F9627DD} - (no file)
O2 - BHO: (no name) - {545644A9-6FBE-18E7-255E-29EE10D8F3B7} - (no file)
O2 - BHO: (no name) - {5485EF8B-02AF-D770-F042-41C97146169F} - (no file)
O2 - BHO: (no name) - {55C2A982-5FB8-705D-AB13-7616770AA2ED} - (no file)
O2 - BHO: (no name) - {55FDE9FB-433B-10B5-55CC-366744EC0C21} - (no file)
O2 - BHO: (no name) - {5677AA14-4828-04F9-BE46-9B83A0F0652F} - (no file)
O2 - BHO: (no name) - {5713EC5F-5F51-7D50-B10E-763DD1BC0ABC} - (no file)
O2 - BHO: (no name) - {589C2260-26D5-FF39-DD1D-9A4F791A1C96} - (no file)
O2 - BHO: (no name) - {595AD4D2-88BB-5563-8BB4-F6F7AC5BB382} - (no file)
O2 - BHO: (no name) - {5973AE8B-B1D4-58C7-0629-E633DD3F8550} - (no file)
O2 - BHO: (no name) - {5A0FBFB4-9E43-D3EA-1A21-B85429F80041} - (no file)
O2 - BHO: (no name) - {5A0FD565-802B-E900-AEE8-0B54D63166B3} - (no file)
O2 - BHO: (no name) - {5AC1207D-C0DC-989C-3C2A-6A2FD0424A63} - (no file)
O2 - BHO: (no name) - {5ADBC662-7902-CAC4-D18A-CD699FB2A6CD} - (no file)
O2 - BHO: (no name) - {5B608D3F-ABAC-DD59-87F8-B4D199FA3D0E} - (no file)
O2 - BHO: (no name) - {5C32B1F7-AC71-BBEE-CC0B-2FA5E116AA6C} - (no file)
O2 - BHO: (no name) - {5D1F9D91-369E-9436-1F3D-1D229ECB536B} - (no file)
O2 - BHO: (no name) - {5E401E95-F815-BE2D-118F-4939794C5869} - (no file)
O2 - BHO: (no name) - {61B9FC5F-C646-B4CB-869C-F785091D313E} - (no file)
O2 - BHO: (no name) - {651DA460-C8D1-926D-7E35-8258A39BB7C2} - (no file)
O2 - BHO: (no name) - {655D9CE4-1199-9A9A-0FBD-E8A5D9B1F5E2} - (no file)
O2 - BHO: (no name) - {65E6A8E0-A67C-0CE3-B885-D53EA9292B40} - (no file)
O2 - BHO: (no name) - {66059432-BCBA-0EE4-3589-73A184B410A7} - (no file)
O2 - BHO: (no name) - {66EF3492-6791-E464-2878-82061A226166} - (no file)
O2 - BHO: (no name) - {66FE21E9-AAFF-8176-C0E2-D570E58BD83C} - (no file)
O2 - BHO: (no name) - {6710E207-EFC7-1C96-3147-541E4D262257} - (no file)
O2 - BHO: (no name) - {675A16BB-A0C2-544F-5D5E-A550A9BAAF78} - (no file)
O2 - BHO: (no name) - {67AEDFB1-0043-97AE-1698-E8CD34535DC1} - (no file)
O2 - BHO: (no name) - {684A4F84-6F56-6515-3E4E-6D61D0429D9D} - (no file)
O2 - BHO: (no name) - {6A13ADA3-C5ED-A8BF-31FF-6DF2066F992B} - (no file)
O2 - BHO: (no name) - {6A9852CC-FCBB-61A5-41A1-2EDA8230AEC5} - (no file)
O2 - BHO: (no name) - {6AA2FAA7-58D2-CF49-456B-FCAAE70B8816} - (no file)
O2 - BHO: (no name) - {6AA46007-7E40-353F-4B29-4EB589B6027B} - (no file)
O2 - BHO: (no name) - {6AB04E20-C7FB-1976-45F0-4507AA485E64} - (no file)
O2 - BHO: (no name) - {6CC44B15-6905-EBA8-53C9-7C5E5A25BE5F} - (no file)
O2 - BHO: (no name) - {6D4FA3A0-BE29-2407-A0C1-4CFF3DD6BA5D} - (no file)
O2 - BHO: (no name) - {6D5086FD-B70A-A21D-970A-511772E1A75C} - (no file)
O2 - BHO: (no name) - {6E0F0093-EF04-1478-FE8A-D4B3176F0CE3} - (no file)
O2 - BHO: (no name) - {6EE656A7-0F99-3D1A-3DF9-EA00C07DD460} - (no file)
O2 - BHO: (no name) - {6F455C0C-D11A-ABFC-AD04-0AE9398535D9} - (no file)
O2 - BHO: (no name) - {6F61BA9A-5EA1-7903-5454-DCA081431490} - (no file)
O2 - BHO: (no name) - {6FA4B57A-E37E-8AFD-A982-153401F912D4} - (no file)
O2 - BHO: (no name) - {70B6D242-A76A-A3E8-4E2F-D03FF4541BA9} - (no file)
O2 - BHO: (no name) - {71167969-C63A-6FB0-2E12-19AC38D1B9B1} - (no file)
O2 - BHO: (no name) - {7210B24D-AB6E-A171-175B-8519DCC2086A} - (no file)
O2 - BHO: (no name) - {72A9B624-8C5D-2A66-F77F-2A9004EE69D5} - (no file)
O2 - BHO: (no name) - {73398CA1-1198-D3C3-EB62-35E5F0CEC53B} - (no file)
O2 - BHO: (no name) - {7344A8E6-E22B-8BD1-9691-FA3952D9BAEA} - (no file)
O2 - BHO: (no name) - {735E0709-7FBF-C9AF-B86A-F1F99F1C9617} - (no file)
O2 - BHO: (no name) - {739966E1-825B-10D9-49B8-69B4A3A6EFC4} - (no file)
O2 - BHO: (no name) - {75C7424E-E5B4-289A-16E2-5131C7F1BFA8} - (no file)
O2 - BHO: (no name) - {76606205-203F-F6F7-470B-FCD352D4D917} - (no file)
O2 - BHO: (no name) - {76792940-AC80-0C6D-2058-621D0D46A3D2} - (no file)
O2 - BHO: (no name) - {76B65772-6456-05AC-575B-9D567678D55E} - (no file)
O2 - BHO: (no name) - {77C394B2-8756-A4B7-D790-69CC6A75E989} - (no file)
O2 - BHO: (no name) - {786B4BBD-2875-0E73-6FA4-33EBB3208A2D} - (no file)
O2 - BHO: (no name) - {789633A1-F496-8010-8FAA-259360894C00} - (no file)
O2 - BHO: (no name) - {78A39036-DAA5-D02D-B64C-3078507E6538} - (no file)
O2 - BHO: (no name) - {78D4C8D4-B5A0-4883-C6D7-F97D04BE0876} - (no file)
O2 - BHO: (no name) - {792A8CA5-55BB-B3E8-EADD-488F2058805F} - (no file)
O2 - BHO: (no name) - {798A2A6B-B2B1-0E2F-80FF-30D52F286EFB} - (no file)
O2 - BHO: (no name) - {7B535868-EE7F-6295-94EF-17FD6F5241DC} - (no file)
O2 - BHO: (no name) - {7B9BF766-007B-0B90-4541-058C2A5DF9CD} - (no file)
O2 - BHO: (no name) - {7C25DF9E-175A-AEBC-1715-65139942B8A6} - (no file)
O2 - BHO: (no name) - {7D492E22-3773-8826-65FC-BCDE3BE460F9} - (no file)
O2 - BHO: (no name) - {7D5146F6-D764-3E31-81C8-7A0CAC5FDC8D} - (no file)
O2 - BHO: (no name) - {7D8E9033-94CD-739D-8A5B-376572E16A8C} - (no file)
O2 - BHO: (no name) - {7E64477B-18F5-69A6-A75B-60A4F6D56551} - (no file)
O2 - BHO: (no name) - {7E64AD57-7394-3483-CB89-72A7E2A76478} - (no file)
O2 - BHO: (no name) - {7E669911-FE7D-F3E4-78BC-DB3681A1083A} - (no file)
O2 - BHO: (no name) - {81B13E5A-B27C-6BB2-7C2F-E42B321541D2} - (no file)
O2 - BHO: (no name) - {81B81988-0B92-CDBD-621E-176F486E2127} - (no file)
O2 - BHO: (no name) - {81D6F3D0-B042-45A2-5F05-8B41F30D8043} - (no file)
O2 - BHO: (no name) - {81ECDBCA-1DE3-27FD-325A-F6E0C0C236CF} - (no file)
O2 - BHO: (no name) - {82592D9C-E8A7-DA3B-8BEE-BCAEAF5128CD} - (no file)
O2 - BHO: (no name) - {83241F15-A38D-4603-9874-0E32E3A2D544} - (no file)
O2 - BHO: (no name) - {8349086E-3F47-DF2F-515E-324A161E8B39} - (no file)
O2 - BHO: (no name) - {844E08A0-4257-24A4-9CC5-809E2B1A3DEB} - (no file)
O2 - BHO: (no name) - {85138801-518D-CEC2-27AE-83F4E12401F3} - (no file)
O2 - BHO: (no name) - {85350E27-DDF3-4D24-ABE1-57F9792608C9} - (no file)
O2 - BHO: (no name) - {85389C19-9846-3EB7-FED8-ECFDDEB7598A} - (no file)
O2 - BHO: (no name) - {85E56198-1317-4AA3-031F-529D9C16FA79} - (no file)
O2 - BHO: (no name) - {86041CA1-6D62-16AB-85F3-D49D60FDF6D8} - (no file)
O2 - BHO: (no name) - {86A0C09D-1B74-868D-C89A-093479621C99} - (no file)
O2 - BHO: (no name) - {87902B7F-B6D3-A213-F6A4-36452B599351} - (no file)
O2 - BHO: (no name) - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - (no file)
O2 - BHO: (no name) - {8A74F6B2-6F75-88F4-4D28-2B4D81644795} - (no file)
O2 - BHO: (no name) - {8BE3EDB0-AA55-CD1F-575D-499FFCAF6D33} - (no file)
O2 - BHO: (no name) - {8D289FF6-E61A-1E60-2906-81C70B869541} - (no file)
O2 - BHO: (no name) - {8EBA8990-F4A5-C5B5-572F-A9AAD1E6241E} - (no file)
O2 - BHO: (no name) - {8EDE058C-72DA-1A48-9FA1-88C735AA037F} - (no file)
O2 - BHO: (no name) - {8EF1A389-7342-F785-A50A-A3C78BA42012} - (no file)
O2 - BHO: (no name) - {8F602CAF-ED9C-5DE3-54F4-0D9DCC6602BF} - (no file)
O2 - BHO: (no name) - {8FA69B0F-F5CC-7651-8220-05AB77E3AF7A} - (no file)
O2 - BHO: (no name) - {905B7852-2793-427E-4E08-1C880E04C988} - (no file)
O2 - BHO: (no name) - {9066F229-F7AF-E70B-FF84-8167AE9683C7} - (no file)
O2 - BHO: (no name) - {90706F45-D241-085D-C3F4-2CA0366EF00C} - (no file)
O2 - BHO: (no name) - {9109E5D9-787B-A1A7-174B-D844BE131994} - (no file)
O2 - BHO: (no name) - {9125713D-ABCD-6F47-1A15-550E5B5622AF} - (no file)
O2 - BHO: (no name) - {9131706F-D034-5F4E-62F6-C060F737064C} - (no file)
O2 - BHO: (no name) - {91ACFEB4-563E-7346-F46B-988AF1C8F8C5} - (no file)
O2 - BHO: (no name) - {91F5C0F0-E710-7DC7-0147-FE1448C119B5} - (no file)
O2 - BHO: (no name) - {92B23F23-DA2F-827C-5375-D1C2EFF447A2} - (no file)
O2 - BHO: (no name) - {934022E3-4A67-7059-D032-46007A715210} - (no file)
O2 - BHO: (no name) - {9341B059-25B9-C093-AEB4-FF0CB478B147} - (no file)
O2 - BHO: (no name) - {95AF234B-24B1-1F78-C5C4-74F8C68C766A} - (no file)
O2 - BHO: (no name) - {95DF6FEF-35F1-2B06-F180-C457E36FD6E1} - (no file)
O2 - BHO: (no name) - {963172C1-9CFB-90AB-260B-ADEE79CDF55E} - (no file)
O2 - BHO: (no name) - {96540400-C364-871F-2E14-83ED06818F50} - (no file)
O2 - BHO: (no name) - {96F5147D-AA6C-A828-0147-591C3BA9A927} - (no file)
O2 - BHO: (no name) - {97ADA2E0-5C10-1C68-6762-039DC911BD1A} - (no file)
O2 - BHO: (no name) - {98992BEF-C386-CF53-DECE-D2A0FB2B61D0} - (no file)
O2 - BHO: (no name) - {99399FD2-2312-C70A-9033-A6E121F22B6E} - (no file)
O2 - BHO: (no name) - {99FA4172-70BA-F5F0-EB8D-3E910E0ADD26} - (no file)
O2 - BHO: (no name) - {9ABBF8BA-C35E-205B-6D84-95401DED6DAD} - (no file)
O2 - BHO: (no name) - {9CAA18AE-D292-6BEC-6BD6-BA8F78834AD3} - (no file)
O2 - BHO: (no name) - {9D7AD1A1-D86E-4CC3-76A8-49207E8BA72B} - (no file)
O2 - BHO: (no name) - {9EFD6041-C2FA-2E20-4602-C5ADBED78A3D} - (no file)
O2 - BHO: (no name) - {A24D83B9-E094-6A21-B590-76540C92DC0F} - (no file)
O2 - BHO: (no name) - {A3C98512-09FD-0565-9A8D-2101086F6A76} - (no file)
O2 - BHO: (no name) - {A5181EB4-FBCD-5B6F-4454-F9FEB6BD85FB} - (no file)
O2 - BHO: (no name) - {A65F11A0-3D1B-37FD-F86D-9AB8607151F1} - (no file)
O2 - BHO: (no name) - {A711CA3B-7C45-E209-9CFD-AA0DA8F81A41} - (no file)
O2 - BHO: (no name) - {A758BCB9-66D2-5737-DE37-3927CE58D302} - (no file)
O2 - BHO: (no name) - {A788B74B-4D59-8481-0B32-600C153729CD} - (no file)
O2 - BHO: (no name) - {A8F2321D-CD1A-6308-ECF1-C5B55DAA6D84} - (no file)
O2 - BHO: (no name) - {AB6BF02B-429E-5DB1-A63A-6E88F4899C0E} - (no file)
O2 - BHO: (no name) - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} - (no file)
O2 - BHO: (no name) - {AC2FD346-B35C-A896-4487-916D3E911455} - (no file)
O2 - BHO: (no name) - {AC81EC14-3EEC-6538-2603-BABEF1F75A24} - (no file)
O2 - BHO: (no name) - {AD327E2E-D82F-9587-7D79-960A66983C17} - (no file)
O2 - BHO: (no name) - {AE9AEB8F-0E7F-D767-F3C7-AF22C0FBA643} - (no file)
O2 - BHO: (no name) - {AEBAA38C-A5F4-D0FD-904B-5A1C7FCA25AF} - (no file)
O2 - BHO: (no name) - {AF21C402-9A63-03A6-CE89-A6BBEABCD013} - (no file)
O2 - BHO: (no name) - {AFF226D4-6484-3652-603F-005908E0DFD4} - (no file)
O2 - BHO: (no name) - {B0030846-0596-1454-D1AE-FC69B7F19AC8} - (no file)
O2 - BHO: (no name) - {B10A9A8A-BFE0-3A30-47B5-BF3A196D2B94} - (no file)
O2 - BHO: (no name) - {B1E7A707-24E5-6544-421B-A738C2B36E3A} - (no file)
O2 - BHO: (no name) - {B26E180E-6248-2EE2-55AE-C6CB785F21C4} - (no file)
O2 - BHO: (no name) - {B4BF9C14-1EE5-510F-78CB-D256DA9572AA} - (no file)
O2 - BHO: (no name) - {B4D52BE0-DBD6-4F46-2633-72E374BFCB90} - (no file)
O2 - BHO: (no name) - {B64CDD57-7D96-5C6B-FBD6-F71DA48862A9} - (no file)
O2 - BHO: (no name) - {B6FBF6C9-510D-F04F-75C4-47B77E2085E8} - (no file)
O2 - BHO: (no name) - {B74FC677-1BFA-DEF5-DEB7-DBD24D544D78} - (no file)
O2 - BHO: (no name) - {B8E989AC-570B-BFD4-F982-B6FA8BC18348} - (no file)
O2 - BHO: (no name) - {B94286B3-9087-D351-F81A-C5079026EC35} - (no file)
O2 - BHO: (no name) - {B990B770-D62A-B542-EDA6-516033B76258} - (no file)
O2 - BHO: (no name) - {B9B28B37-0877-7E49-286C-63D980817566} - (no file)
O2 - BHO: (no name) - {B9FCA0E1-7B64-E16E-A3DC-00928170618E} - (no file)
O2 - BHO: (no name) - {BA8F9F33-8F0C-9419-0792-F6767ACBCD1A} - (no file)
O2 - BHO: (no name) - {BA997092-5DFF-A91F-6516-A449FC336452} - (no file)
O2 - BHO: (no name) - {BB64CF1B-EDD6-054C-3EC4-EDBA6BF43D9B} - (no file)
O2 - BHO: (no name) - {BCB3F18B-A3EB-BE2C-7060-80B3226DEA98} - (no file)
O2 - BHO: (no name) - {BE40D43B-1323-AC09-FD3D-F5F0CEEAF506} - (no file)
O2 - BHO: (no name) - {BEDE43F2-3A12-9DD6-5372-F4A978605A01} - (no file)
O2 - BHO: (no name) - {BFBFF9AA-22B3-FF5F-0EE0-C9538197D788} - (no file)
O2 - BHO: (no name) - {C0AB6C34-D1BC-32E6-9A1B-1F47822FD32E} - (no file)
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
O2 - BHO: (no name) - {C2FA3EAF-821F-A9B6-25C2-AF456704EDC8} - (no file)
O2 - BHO: (no name) - {C35AADB0-FE0C-8B29-3DF2-80B00335B70D} - (no file)
O2 - BHO: (no name) - {C37464FB-795E-818F-1740-07FBCEB881C8} - (no file)
O2 - BHO: (no name) - {C47E6517-9FEE-B27A-3EA8-BB572B11D25B} - (no file)
O2 - BHO: (no name) - {C5E5AAF1-E338-ED8E-4D57-DC8FB2DE04CB} - (no file)
O2 - BHO: (no name) - {C680FC92-CC8D-3933-941C-DB2ADEAD27D8} - (no file)
O2 - BHO: (no name) - {C68539AC-6CD1-A082-BEB2-8A3A1C72F103} - (no file)
O2 - BHO: (no name) - {C738A371-0430-6A14-07D8-FF8D00747F0E} - (no file)
O2 - BHO: (no name) - {C7D694A6-A289-DECF-ABB2-E43C2010FD00} - (no file)
O2 - BHO: (no name) - {C7E5DEDD-D9B0-41ED-404D-7720BA941F24} - (no file)
O2 - BHO: (no name) - {C8EE100B-191A-611C-5766-34F50DE08954} - (no file)
O2 - BHO: (no name) - {C8F6D58E-315A-D77E-18F7-70C0FC6A733D} - (no file)
O2 - BHO: (no name) - {CA14850C-FA9C-DE0D-27DA-8BD9DA485F0B} - (no file)
O2 - BHO: (no name) - {CA4938DF-EDB2-708B-0183-B1EF0CF56539} - (no file)
O2 - BHO: (no name) - {CAF6E144-63FF-5169-432A-A4605DE3B9A4} - (no file)
O2 - BHO: (no name) - {CBE5F226-BD90-1454-83F4-2686C681720C} - (no file)
O2 - BHO: (no name) - {CC5F15C0-4FA5-2B34-9D3E-0BB480B5C834} - (no file)
O2 - BHO: (no name) - {CDBCDF8D-F3C6-EE7D-C673-A31C7CDFB1F3} - (no file)
O2 - BHO: (no name) - {CDD86D3D-AA27-ABC8-6C93-9E5DB990A866} - (no file)
O2 - BHO: (no name) - {CEDF9A95-F8C2-F7C7-AF6C-402C203A3A1A} - (no file)
O2 - BHO: (no name) - {CF55FDE9-BA43-BE10-5455-CE366744EC0C} - (no file)
O2 - BHO: (no name) - {D017A1A4-51FE-686D-883E-896573BFFC91} - (no file)
O2 - BHO: (no name) - {D0255E6F-0063-155E-E155-8DEDD32646C8} - (no file)
O2 - BHO: (no name) - {D0369D6C-3958-4CAD-4A2F-3BD8395C5178} - (no file)
O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - (no file)
O2 - BHO: (no name) - {D30F1D3E-9A80-B7B8-660D-9D89FEB47648} - (no file)
O2 - BHO: (no name) - {D4C0E433-46E1-FD19-92D7-09B1F788A00A} - (no file)
O2 - BHO: (no name) - {D4D6E938-A715-0A71-38BD-176F21ADA2F9} - (no file)
O2 - BHO: (no name) - {D4FD3E7F-134B-3265-8C6A-C70ABD1A2E09} - (no file)
O2 - BHO: (no name) - {D54F6CB9-5429-9A95-7B59-D291228E70B8} - (no file)
O2 - BHO: (no name) - {D5728176-9B28-959A-7D04-F70661EB2619} - (no file)
O2 - BHO: (no name) - {D5803A75-94E4-D765-5CDA-5E6515E89C3E} - (no file)
O2 - BHO: (no name) - {D6D1C592-0365-F3E6-489A-C2F01E89B1E7} - (no file)
O2 - BHO: (no name) - {D6D41230-B4B7-D9FC-EDDA-A50821C38898} - (no file)
O2 - BHO: (no name) - {D7873985-8475-B74C-A508-68D1C961F6C3} - (no file)
O2 - BHO: (no name) - {D822877E-46BD-178B-A721-897CC4553D02} - (no file)
O2 - BHO: (no name) - {D83E8454-F737-08C7-6BBB-9567C0B82257} - (no file)
O2 - BHO: (no name) - {D8F83F56-26F9-C667-A9AA-64C24DF449D6} - (no file)
O2 - BHO: (no name) - {DA673768-1F75-6A22-E683-513D32CF86C7} - (no file)
O2 - BHO: (no name) - {DA69B312-479E-04FF-2B2B-F34795A0072E} - (no file)
O2 - BHO: (no name) - {DB4FEFF3-7F23-D1EC-252C-4321FF47BA66} - (no file)
O2 - BHO: (no name) - {DC7F0147-FE14-8C11-B567-602ED4468C81} - (no file)
O2 - BHO: (no name) - {DCAB9C0C-A653-82EF-F2B8-5AF28CEE929C} - (no file)
O2 - BHO: (no name) - {DDDF9214-0C39-2401-5681-788C67AD3397} - (no file)
O2 - BHO: (no name) - {DECD8E91-E600-DF80-A5DB-061BB58F74D4} - (no file)
O2 - BHO: (no name) - {DF77D786-7899-DE17-AC07-FBA8FA5E3372} - (no file)
O2 - BHO: (no name) - {E09E50A9-C957-586A-F4AB-55E38F81CBDB} - (no file)
O2 - BHO: (no name) - {E0AC35E4-96DF-00AC-6608-D6C41D33EEC8} - (no file)
O2 - BHO: (no name) - {E118C993-3E95-588B-3737-DEFDC8EAC743} - (no file)
O2 - BHO: (no name) - {E1E57F1D-C6B0-62EC-101F-B10073BE2A67} - (no file)
O2 - BHO: (no name) - {E2D1983C-BABF-2AAE-DED6-6001C5E50B35} - (no file)
O2 - BHO: (no name) - {E2EFF47C-CEA2-977D-C18B-68F6CAB7C5FD} - (no file)
O2 - BHO: (no name) - {E2FA5ADF-2EE4-349E-8197-095C5E7C1822} - (no file)
O2 - BHO: (no name) - {E2FF7285-6F6F-9283-CBCD-D4E370856A52} - (no file)
O2 - BHO: (no name) - {E487650B-242B-EE1E-0BF6-E88C8D4757E3} - (no file)
O2 - BHO: (no name) - {E4C8B99E-0103-FBC9-F6CA-7D83FF55910C} - (no file)
O2 - BHO: (no name) - {E4D02D4D-F4CA-5C75-BF5E-2EB5899148E7} - (no file)
O2 - BHO: (no name) - {E5AEC6A2-E0DA-BCCF-46E8-C8D57F1BAB09} - (no file)
O2 - BHO: (no name) - {E6793744-4C7D-13BC-5DB0-7657683A0CE5} - (no file)
O2 - BHO: (no name) - {E72D55D9-D0F9-5060-B321-D4B6575AD029} - (no file)
O2 - BHO: (no name) - {E7EA31BC-040D-2E4D-88EF-40381EB92CB7} - (no file)
O2 - BHO: (no name) - {E8BE2A5E-CEBC-9AC3-3766-2818EC5177F1} - (no file)
O2 - BHO: (no name) - {E92FEBA8-E69D-A240-4CB7-26F77F353A3E} - (no file)
O2 - BHO: (no name) - {EDD230B8-C13C-3C16-B2A6-6E905B7AAD8B} - (no file)
O2 - BHO: (no name) - {EDE089D9-4761-83C8-F9D7-A5FD309350A8} - (no file)
O2 - BHO: (no name) - {EE2AA0F1-F20F-6C4E-D617-5455B3E75016} - (no file)
O2 - BHO: (no name) - {EEBD9A89-4BF8-ABEE-35B7-D9119850B905} - (no file)
O2 - BHO: (no name) - {EF00589F-4853-36A5-3704-A19633EDC95B} - (no file)
O2 - BHO: (no name) - {EF309E36-716B-7280-E846-0F0341C2FC93} - (no file)
O2 - BHO: (no name) - {F18ECF04-6CA0-EC37-AC5B-4D74C64A9794} - (no file)
O2 - BHO: (no name) - {F2904D7B-BCC4-BBED-BEC0-AC10A5DDF462} - (no file)
O2 - BHO: (no name) - {F2AEE8C6-488F-FB83-41DC-7207FA4758DF} - (no file)
O2 - BHO: (no name) - {F4991605-C957-0BAE-49B7-A7115B539ABB} - (no file)
O2 - BHO: (no name) - {F607095C-FD2B-4343-1C4F-F77394A2E39A} - (no file)
O2 - BHO: (no name) - {F6956773-B906-6B4E-BC0B-5426597C4595} - (no file)
O2 - BHO: (no name) - {F9A8EAE7-B06F-2EC0-E63F-ED8F8566CDEA} - (no file)
O2 - BHO: (no name) - {FB04EF28-D55C-A95A-794F-75DA8F4D83AF} - (no file)
O2 - BHO: (no name) - {FB33A6C8-433D-5DBC-4293-C2A5BAD25729} - (no file)
O2 - BHO: (no name) - {FC615C15-94A5-9786-9573-BEB7DB4CC211} - (no file)
O2 - BHO: (no name) - {FD28144A-BE74-ABB6-5C2B-E60BF82588B7} - (no file)
O2 - BHO: (no name) - {FEF289B2-6015-9A71-D02D-8394ED825678} - (no file)
O2 - BHO: (no name) - {FF234288-3F3D-AAD1-5406-2B255A30CA94} - (no file)
O2 - BHO: (no name) - {FF5CE8D6-15E7-9320-B39B-A35B6BCEE89D} - (no file)
O2 - BHO: (no name) - {FF82035F-0086-8DD2-C7FF-4F5E2A38F671} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {203F7D8D-F0F9-4F03-907B-1CF7BF61A327} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Poker - http://origin.games.yahoo.net/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download2.games.yahoo.com/games/ ... /dt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0686735062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/softwa ... Plugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 37063 bytes
joannefromwork
Active Member
 
Posts: 14
Joined: June 21st, 2009, 5:04 pm

Re: help

Unread postby Axephilic » June 27th, 2009, 2:52 pm

Ok, there were a few more virus files found. Lets get rid of what we can. :)

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\WINDOWS\system32\javaew.dll
C:\WINDOWS\system32\ntki.dll
Folder::
C:\Program Files\ShopperReports
C:\WINDOWS\DIALPASS
Registry::
O2 - BHO: (no name) - {006D0367-56A7-6546-49D8-7B6D4D791008} -
O2 - BHO: (no name) - {007A6846-97DC-92B1-9E5A-E8BBFBC955C7} -
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} -
O2 - BHO: (no name) - {00B78A2F-66BE-9875-FBF9-E1F486C65401} -
O2 - BHO: (no name) - {01575B9F-13D1-712F-6453-1A4855B87338} -
O2 - BHO: (no name) - {0285204B-8462-73CB-ADC6-BEB4CDC9ED99} -
O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} -
O2 - BHO: (no name) - {03433DF4-52B3-D7BA-CE65-5B6EADF47ABE} -
O2 - BHO: (no name) - {0398569A-F6D9-89D9-F9B7-ADD52E2E6CE9} -
O2 - BHO: (no name) - {0408BD9F-FBE0-566C-EBDA-DBC97DA7E144} -
O2 - BHO: (no name) - {042575C4-89CE-6A75-2FA8-6D9D7DB2B344} -
O2 - BHO: (no name) - {0722E1E7-9CF5-22E4-20A0-89CFDD194B32} -
O2 - BHO: (no name) - {0846276E-4539-F77E-477A-1EF23204BFBA} -
O2 - BHO: (no name) - {0847B820-A398-4483-B942-36760D79FD59} -
O2 - BHO: (no name) - {08672C48-A150-AFA8-7101-3AF575D1EB75} -
O2 - BHO: (no name) - {091C4038-4788-1043-264B-D7631428A6CA} -
O2 - BHO: (no name) - {0B945A0E-5A30-2CC6-C0B3-D102E3D0FBCD} -
O2 - BHO: (no name) - {0D74D509-86ED-D9B2-0B70-264B010B3016} -
O2 - BHO: (no name) - {0DCB9E68-E0DA-5BCC-27DD-E95405C09A42} -
O2 - BHO: (no name) - {0E09149B-AF00-347C-FBA9-72BF9910B01C} -
O2 - BHO: (no name) - {0FC10DA6-621C-EEAE-0E43-CB4CCFC5B848} -
O2 - BHO: (no name) - {0FF735ED-18CB-AF19-21F7-AC40587668DD} -
O2 - BHO: (no name) - {10123428-A96D-94DF-C71E-72AD4E1826F7} -
O2 - BHO: (no name) - {11370574-D9D8-E8CA-D626-4D6350899CDF} -
O2 - BHO: (no name) - {11897CC4-53D0-91EC-CD00-264D5155B63E} -
O2 - BHO: (no name) - {12FA8EE3-A02B-CF1E-DA5F-AEB55869AB79} -
O2 - BHO: (no name) - {150DD6A2-741C-3AC1-86EF-B9F0211447BA} -
O2 - BHO: (no name) - {15E2E41C-150E-DE06-1B0B-17338DEDCF17} -
O2 - BHO: (no name) - {169ABCBE-6762-3759-96F3-9CB54E0F3180} -
O2 - BHO: (no name) - {16D4CBB8-F877-9359-8EAD-E66E92B5C746} -
O2 - BHO: (no name) - {1792B9FA-3E36-BF91-3865-81817401288F} -
O2 - BHO: (no name) - {17AF3D30-061C-15C3-F3DD-FF77212FA819} -
O2 - BHO: (no name) - {19915FBD-83F1-27DA-3219-B044C7088F73} -
O2 - BHO: (no name) - {19925772-DE39-9691-D57F-EDB5A0FE9C94} -
O2 - BHO: (no name) - {1AF59910-7EE1-072B-A5CE-DCC5213E655E} -
O2 - BHO: (no name) - {1D0D8469-DE38-6B08-0B53-CEC13868F0DB} -
O2 - BHO: (no name) - {1DFC720A-AB9E-FEAE-2659-8F202D6BFB10} -
O2 - BHO: (no name) - {1E1674D2-E929-6572-0A8F-011D1685381B} -
O2 - BHO: (no name) - {1EB56009-AF4A-F988-33DF-14DB193479ED} -
O2 - BHO: (no name) - {1F538EA8-B9CA-F988-6EE4-567DFA2D8761} -
O2 - BHO: (no name) - {1F9CE5DA-289C-2E20-1D11-2FA0CC12FBA6} -
O2 - BHO: (no name) - {23422573-6529-05F3-758A-83DFD576733B} -
O2 - BHO: (no name) - {234598CB-5651-C6B2-5F18-5E60FF9E4057} -
O2 - BHO: (no name) - {255C0A8C-FFCB-9E14-D824-A3CA6BB01C10} -
O2 - BHO: (no name) - {25B7934D-6070-5C5F-2B54-43F1C4F8F773} -
O2 - BHO: (no name) - {27C21ADB-5220-7AE7-F703-FC7FC5F20739} -
O2 - BHO: (no name) - {28223167-A6CC-2F8F-758F-1F424FBB380E} -
O2 - BHO: (no name) - {288490AB-B9EF-D3C0-464C-36A4F2E0FE93} -
O2 - BHO: (no name) - {29FC7713-0FBF-1255-5EAC-A7424B375C72} -
O2 - BHO: (no name) - {2ABBD56B-11A6-D514-E153-52F711D31C89} -
O2 - BHO: (no name) - {2AD24E17-DC95-0574-2570-F62AB80C0093} -
O2 - BHO: (no name) - {2B6EC21E-CA49-C0FD-8F90-B7E4F4625626} -
O2 - BHO: (no name) - {2C0087A1-5D6B-3765-B30B-8A302FBA4596} -
O2 - BHO: (no name) - {2CF3BB33-A8D7-079C-312F-ABCFF55DD77D} -
O2 - BHO: (no name) - {2CFF1A43-5FD6-E2DC-32A4-463460127E12} -
O2 - BHO: (no name) - {2DA97AF8-D336-F788-CDA7-8EC1522A9322} -
O2 - BHO: (no name) - {2FA09459-FBD9-B08C-81EF-6EA62F5DB101} -
O2 - BHO: (no name) - {302BD18C-5709-F540-1484-1D5734FA8BCE} -
O2 - BHO: (no name) - {30A95DF7-FBEA-D763-E682-9D786EF30062} -
O2 - BHO: (no name) - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} -
O2 - BHO: (no name) - {31504A42-7F23-2B60-97E8-0A7435E36855} -
O2 - BHO: (no name) - {31C94FA3-13E4-1D4B-B350-6A09F9B4EDDA} -
O2 - BHO: (no name) - {322C211D-6009-B07E-961D-2717AF0D733B} -
O2 - BHO: (no name) - {32CEA936-E07D-3518-1265-BED8174E16CE} -
O2 - BHO: (no name) - {34563B77-50A7-B32B-750C-907E592AD1F7} -
O2 - BHO: (no name) - {34A8CD29-0291-456B-C7E0-3FD293B0AE90} -
O2 - BHO: (no name) - {35E6F3EB-98D4-8805-B758-063AEB55AB54} -
O2 - BHO: (no name) - {366B2B49-46A5-CC46-2F98-6DD344CC10DF} -
O2 - BHO: (no name) - {3708D630-F75A-A94E-CC74-1A00A8A13D28} -
O2 - BHO: (no name) - {37CF5456-717A-C95A-6D5F-7653A2E09649} -
O2 - BHO: (no name) - {38C7E16E-F3BB-831A-1230-372B1E0B4CDF} -
O2 - BHO: (no name) - {38D49E75-22AD-792C-2E36-24F44A9A7E2D} -
O2 - BHO: (no name) - {38EA0CAA-4D49-69DB-E8BB-183E8C5DF74E} -
O2 - BHO: (no name) - {3966C64B-A81F-E339-FCB7-FADA509397A0} -
O2 - BHO: (no name) - {39DE0716-6F8E-C7E3-C153-96F9D87C6701} -
O2 - BHO: (no name) - {3BBF5CF1-894A-B6F8-92B6-EFB8F4B6478F} -
O2 - BHO: (no name) - {3C69E401-83BA-7846-3959-9348791DBFD2} -
O2 - BHO: (no name) - {3C6CC514-0686-8D4A-3795-115CE35C21E9} -
O2 - BHO: (no name) - {3D0423F1-07E5-F3F2-99CC-1F7A196C6518} -
O2 - BHO: (no name) - {3E5873BE-1492-F72B-6B5A-6BFA24C941F4} -
O2 - BHO: (no name) - {3E7E5F4A-D54C-BA7F-16E3-59118D0D4537} -
O2 - BHO: (no name) - {3E9299CE-589B-4D8F-1BB7-1BB410CBAC8C} -
O2 - BHO: (no name) - {3EE97F31-5E94-78B0-8A51-18BEDACA18C9} -
O2 - BHO: (no name) - {3F787872-61C2-E14A-5458-CFF5381DEA94} -
O2 - BHO: (no name) - {40435204-5FF3-A72D-C4F6-26F9B7CF3238} -
O2 - BHO: (no name) - {41D2B4DA-7A72-4D83-2AB1-ABC9369BAC74} -
O2 - BHO: (no name) - {426F9880-9CAD-66DD-F6D8-7B9E676227E9} -
O2 - BHO: (no name) - {427DC0FE-1732-761D-24CD-41DBCD4FA0C4} -
O2 - BHO: (no name) - {456A6CEE-8316-4A72-DFA8-73971797E2FD} -
O2 - BHO: (no name) - {4572D733-0BB8-CDBF-7B5C-C350E3677E41} -
O2 - BHO: (no name) - {4658D29C-3757-D839-4290-F6B07C07A97C} -
O2 - BHO: (no name) - {47AC66D0-CE97-D311-E35F-40428823161F} -
O2 - BHO: (no name) - {4821F0A9-6325-2CAF-5670-EDC8BD318C5D} -
O2 - BHO: (no name) - {483BB598-6B58-345A-9D87-E58BE73678B1} -
O2 - BHO: (no name) - {4873121D-827E-1BD4-1A2C-B5A0C13C9785} -
O2 - BHO: (no name) - {498499E4-2F9A-DCBE-1470-CEC340E0B528} -
O2 - BHO: (no name) - {49F8F604-B7AC-5876-933A-2E3729E47B49} -
O2 - BHO: (no name) - {4AA78A1C-2787-A2EF-75B3-675D072C942A} -
O2 - BHO: (no name) - {4B49C233-41E6-542A-7DCB-BB3C0869BABE} -
O2 - BHO: (no name) - {4B4BF72B-6C7F-079E-30DB-E0CDC91EBCF6} -
O2 - BHO: (no name) - {4BFC7FE6-B35F-3704-E7D3-2A70AD25A4A7} -
O2 - BHO: (no name) - {4D3C3AFE-BB7F-ECE3-B414-B58B6B0A02B0} -
O2 - BHO: (no name) - {4D7C2D84-2B00-146D-CAF2-38E8743204A2} -
O2 - BHO: (no name) - {4D9B404B-055C-B793-064E-D6C64CC0CE64} -
O2 - BHO: (no name) - {4E367784-F4CD-00AD-8490-A4619B7AAF21} -
O2 - BHO: (no name) - {4ED85423-FEC4-7CF6-EF19-3934F47AD27B} -
O2 - BHO: (no name) - {4EE57E98-2B5C-B792-7B77-6A09FFB2DB5D} -
O2 - BHO: (no name) - {4F5FD300-8951-6232-0D6D-80B285FE1802} -
O2 - BHO: (no name) - {50AB10A9-D9E5-C675-37D6-7214CC18DEDC} -
O2 - BHO: (no name) - {51367E92-AA2E-16A5-49FF-93BFC70C151B} -
O2 - BHO: (no name) - {513E86B0-D516-B255-E656-DEF35121232E} -
O2 - BHO: (no name) - {5143F0E1-B003-516B-A5FE-961EDECF25BE} -
O2 - BHO: (no name) - {514AD317-D072-49A6-8F45-BCC1983F2289} -
O2 - BHO: (no name) - {52CD0F8D-B479-321E-14B5-AAC47839633C} -
O2 - BHO: (no name) - {52F8F9CD-14A9-B376-D6F1-0CF3B6100277} -
O2 - BHO: (no name) - {5341F52F-9CCF-343D-25AE-3C3DC70625D1} -
O2 - BHO: (no name) - {5364ABD3-3300-341C-1D26-05C46F9627DD} -
O2 - BHO: (no name) - {545644A9-6FBE-18E7-255E-29EE10D8F3B7} -
O2 - BHO: (no name) - {5485EF8B-02AF-D770-F042-41C97146169F} -
O2 - BHO: (no name) - {55C2A982-5FB8-705D-AB13-7616770AA2ED} -
O2 - BHO: (no name) - {55FDE9FB-433B-10B5-55CC-366744EC0C21} -
O2 - BHO: (no name) - {5677AA14-4828-04F9-BE46-9B83A0F0652F} -
O2 - BHO: (no name) - {5713EC5F-5F51-7D50-B10E-763DD1BC0ABC} -
O2 - BHO: (no name) - {589C2260-26D5-FF39-DD1D-9A4F791A1C96} -
O2 - BHO: (no name) - {595AD4D2-88BB-5563-8BB4-F6F7AC5BB382} -
O2 - BHO: (no name) - {5973AE8B-B1D4-58C7-0629-E633DD3F8550} -
O2 - BHO: (no name) - {5A0FBFB4-9E43-D3EA-1A21-B85429F80041} -
O2 - BHO: (no name) - {5A0FD565-802B-E900-AEE8-0B54D63166B3} -
O2 - BHO: (no name) - {5AC1207D-C0DC-989C-3C2A-6A2FD0424A63} -
O2 - BHO: (no name) - {5ADBC662-7902-CAC4-D18A-CD699FB2A6CD} -
O2 - BHO: (no name) - {5B608D3F-ABAC-DD59-87F8-B4D199FA3D0E} -
O2 - BHO: (no name) - {5C32B1F7-AC71-BBEE-CC0B-2FA5E116AA6C} -
O2 - BHO: (no name) - {5D1F9D91-369E-9436-1F3D-1D229ECB536B} -
O2 - BHO: (no name) - {5E401E95-F815-BE2D-118F-4939794C5869} -
O2 - BHO: (no name) - {61B9FC5F-C646-B4CB-869C-F785091D313E} -
O2 - BHO: (no name) - {651DA460-C8D1-926D-7E35-8258A39BB7C2} -
O2 - BHO: (no name) - {655D9CE4-1199-9A9A-0FBD-E8A5D9B1F5E2} -
O2 - BHO: (no name) - {65E6A8E0-A67C-0CE3-B885-D53EA9292B40} -
O2 - BHO: (no name) - {66059432-BCBA-0EE4-3589-73A184B410A7} -
O2 - BHO: (no name) - {66EF3492-6791-E464-2878-82061A226166} -
O2 - BHO: (no name) - {66FE21E9-AAFF-8176-C0E2-D570E58BD83C} -
O2 - BHO: (no name) - {6710E207-EFC7-1C96-3147-541E4D262257} -
O2 - BHO: (no name) - {675A16BB-A0C2-544F-5D5E-A550A9BAAF78} -
O2 - BHO: (no name) - {67AEDFB1-0043-97AE-1698-E8CD34535DC1} -
O2 - BHO: (no name) - {684A4F84-6F56-6515-3E4E-6D61D0429D9D} -
O2 - BHO: (no name) - {6A13ADA3-C5ED-A8BF-31FF-6DF2066F992B} -
O2 - BHO: (no name) - {6A9852CC-FCBB-61A5-41A1-2EDA8230AEC5} -
O2 - BHO: (no name) - {6AA2FAA7-58D2-CF49-456B-FCAAE70B8816} -
O2 - BHO: (no name) - {6AA46007-7E40-353F-4B29-4EB589B6027B} -
O2 - BHO: (no name) - {6AB04E20-C7FB-1976-45F0-4507AA485E64} -
O2 - BHO: (no name) - {6CC44B15-6905-EBA8-53C9-7C5E5A25BE5F} -
O2 - BHO: (no name) - {6D4FA3A0-BE29-2407-A0C1-4CFF3DD6BA5D} -
O2 - BHO: (no name) - {6D5086FD-B70A-A21D-970A-511772E1A75C} -
O2 - BHO: (no name) - {6E0F0093-EF04-1478-FE8A-D4B3176F0CE3} -
O2 - BHO: (no name) - {6EE656A7-0F99-3D1A-3DF9-EA00C07DD460} -
O2 - BHO: (no name) - {6F455C0C-D11A-ABFC-AD04-0AE9398535D9} -
O2 - BHO: (no name) - {6F61BA9A-5EA1-7903-5454-DCA081431490} -
O2 - BHO: (no name) - {6FA4B57A-E37E-8AFD-A982-153401F912D4} -
O2 - BHO: (no name) - {70B6D242-A76A-A3E8-4E2F-D03FF4541BA9} -
O2 - BHO: (no name) - {71167969-C63A-6FB0-2E12-19AC38D1B9B1} -
O2 - BHO: (no name) - {7210B24D-AB6E-A171-175B-8519DCC2086A} -
O2 - BHO: (no name) - {72A9B624-8C5D-2A66-F77F-2A9004EE69D5} -
O2 - BHO: (no name) - {73398CA1-1198-D3C3-EB62-35E5F0CEC53B} -
O2 - BHO: (no name) - {7344A8E6-E22B-8BD1-9691-FA3952D9BAEA} -
O2 - BHO: (no name) - {735E0709-7FBF-C9AF-B86A-F1F99F1C9617} -
O2 - BHO: (no name) - {739966E1-825B-10D9-49B8-69B4A3A6EFC4} -
O2 - BHO: (no name) - {75C7424E-E5B4-289A-16E2-5131C7F1BFA8} -
O2 - BHO: (no name) - {76606205-203F-F6F7-470B-FCD352D4D917} -
O2 - BHO: (no name) - {76792940-AC80-0C6D-2058-621D0D46A3D2} -
O2 - BHO: (no name) - {76B65772-6456-05AC-575B-9D567678D55E} -
O2 - BHO: (no name) - {77C394B2-8756-A4B7-D790-69CC6A75E989} -
O2 - BHO: (no name) - {786B4BBD-2875-0E73-6FA4-33EBB3208A2D} -
O2 - BHO: (no name) - {789633A1-F496-8010-8FAA-259360894C00} -
O2 - BHO: (no name) - {78A39036-DAA5-D02D-B64C-3078507E6538} -
O2 - BHO: (no name) - {78D4C8D4-B5A0-4883-C6D7-F97D04BE0876} -
O2 - BHO: (no name) - {792A8CA5-55BB-B3E8-EADD-488F2058805F} -
O2 - BHO: (no name) - {798A2A6B-B2B1-0E2F-80FF-30D52F286EFB} -
O2 - BHO: (no name) - {7B535868-EE7F-6295-94EF-17FD6F5241DC} -
O2 - BHO: (no name) - {7B9BF766-007B-0B90-4541-058C2A5DF9CD} -
O2 - BHO: (no name) - {7C25DF9E-175A-AEBC-1715-65139942B8A6} -
O2 - BHO: (no name) - {7D492E22-3773-8826-65FC-BCDE3BE460F9} -
O2 - BHO: (no name) - {7D5146F6-D764-3E31-81C8-7A0CAC5FDC8D} -
O2 - BHO: (no name) - {7D8E9033-94CD-739D-8A5B-376572E16A8C} -
O2 - BHO: (no name) - {7E64477B-18F5-69A6-A75B-60A4F6D56551} -
O2 - BHO: (no name) - {7E64AD57-7394-3483-CB89-72A7E2A76478} -
O2 - BHO: (no name) - {7E669911-FE7D-F3E4-78BC-DB3681A1083A} -
O2 - BHO: (no name) - {81B13E5A-B27C-6BB2-7C2F-E42B321541D2} -
O2 - BHO: (no name) - {81B81988-0B92-CDBD-621E-176F486E2127} -
O2 - BHO: (no name) - {81D6F3D0-B042-45A2-5F05-8B41F30D8043} -
O2 - BHO: (no name) - {81ECDBCA-1DE3-27FD-325A-F6E0C0C236CF} -
O2 - BHO: (no name) - {82592D9C-E8A7-DA3B-8BEE-BCAEAF5128CD} -
O2 - BHO: (no name) - {83241F15-A38D-4603-9874-0E32E3A2D544} -
O2 - BHO: (no name) - {8349086E-3F47-DF2F-515E-324A161E8B39} -
O2 - BHO: (no name) - {844E08A0-4257-24A4-9CC5-809E2B1A3DEB} -
O2 - BHO: (no name) - {85138801-518D-CEC2-27AE-83F4E12401F3} -
O2 - BHO: (no name) - {85350E27-DDF3-4D24-ABE1-57F9792608C9} -
O2 - BHO: (no name) - {85389C19-9846-3EB7-FED8-ECFDDEB7598A} -
O2 - BHO: (no name) - {85E56198-1317-4AA3-031F-529D9C16FA79} -
O2 - BHO: (no name) - {86041CA1-6D62-16AB-85F3-D49D60FDF6D8} -
O2 - BHO: (no name) - {86A0C09D-1B74-868D-C89A-093479621C99} -
O2 - BHO: (no name) - {87902B7F-B6D3-A213-F6A4-36452B599351} -
O2 - BHO: (no name) - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} -
O2 - BHO: (no name) - {8A74F6B2-6F75-88F4-4D28-2B4D81644795} -
O2 - BHO: (no name) - {8BE3EDB0-AA55-CD1F-575D-499FFCAF6D33} -
O2 - BHO: (no name) - {8D289FF6-E61A-1E60-2906-81C70B869541} -
O2 - BHO: (no name) - {8EBA8990-F4A5-C5B5-572F-A9AAD1E6241E} -
O2 - BHO: (no name) - {8EDE058C-72DA-1A48-9FA1-88C735AA037F} -
O2 - BHO: (no name) - {8EF1A389-7342-F785-A50A-A3C78BA42012} -
O2 - BHO: (no name) - {8F602CAF-ED9C-5DE3-54F4-0D9DCC6602BF} -
O2 - BHO: (no name) - {8FA69B0F-F5CC-7651-8220-05AB77E3AF7A} -
O2 - BHO: (no name) - {905B7852-2793-427E-4E08-1C880E04C988} -
O2 - BHO: (no name) - {9066F229-F7AF-E70B-FF84-8167AE9683C7} -
O2 - BHO: (no name) - {90706F45-D241-085D-C3F4-2CA0366EF00C} -
O2 - BHO: (no name) - {9109E5D9-787B-A1A7-174B-D844BE131994} -
O2 - BHO: (no name) - {9125713D-ABCD-6F47-1A15-550E5B5622AF} -
O2 - BHO: (no name) - {9131706F-D034-5F4E-62F6-C060F737064C} -
O2 - BHO: (no name) - {91ACFEB4-563E-7346-F46B-988AF1C8F8C5} -
O2 - BHO: (no name) - {91F5C0F0-E710-7DC7-0147-FE1448C119B5} -
O2 - BHO: (no name) - {92B23F23-DA2F-827C-5375-D1C2EFF447A2} -
O2 - BHO: (no name) - {934022E3-4A67-7059-D032-46007A715210} -
O2 - BHO: (no name) - {9341B059-25B9-C093-AEB4-FF0CB478B147} -
O2 - BHO: (no name) - {95AF234B-24B1-1F78-C5C4-74F8C68C766A} -
O2 - BHO: (no name) - {95DF6FEF-35F1-2B06-F180-C457E36FD6E1} -
O2 - BHO: (no name) - {963172C1-9CFB-90AB-260B-ADEE79CDF55E} -
O2 - BHO: (no name) - {96540400-C364-871F-2E14-83ED06818F50} -
O2 - BHO: (no name) - {96F5147D-AA6C-A828-0147-591C3BA9A927} -
O2 - BHO: (no name) - {97ADA2E0-5C10-1C68-6762-039DC911BD1A} -
O2 - BHO: (no name) - {98992BEF-C386-CF53-DECE-D2A0FB2B61D0} -
O2 - BHO: (no name) - {99399FD2-2312-C70A-9033-A6E121F22B6E} -
O2 - BHO: (no name) - {99FA4172-70BA-F5F0-EB8D-3E910E0ADD26} -
O2 - BHO: (no name) - {9ABBF8BA-C35E-205B-6D84-95401DED6DAD} -
O2 - BHO: (no name) - {9CAA18AE-D292-6BEC-6BD6-BA8F78834AD3} -
O2 - BHO: (no name) - {9D7AD1A1-D86E-4CC3-76A8-49207E8BA72B} -
O2 - BHO: (no name) - {9EFD6041-C2FA-2E20-4602-C5ADBED78A3D} -
O2 - BHO: (no name) - {A24D83B9-E094-6A21-B590-76540C92DC0F} -
O2 - BHO: (no name) - {A3C98512-09FD-0565-9A8D-2101086F6A76} -
O2 - BHO: (no name) - {A5181EB4-FBCD-5B6F-4454-F9FEB6BD85FB} -
O2 - BHO: (no name) - {A65F11A0-3D1B-37FD-F86D-9AB8607151F1} -
O2 - BHO: (no name) - {A711CA3B-7C45-E209-9CFD-AA0DA8F81A41} -
O2 - BHO: (no name) - {A758BCB9-66D2-5737-DE37-3927CE58D302} -
O2 - BHO: (no name) - {A788B74B-4D59-8481-0B32-600C153729CD} -
O2 - BHO: (no name) - {A8F2321D-CD1A-6308-ECF1-C5B55DAA6D84} -
O2 - BHO: (no name) - {AB6BF02B-429E-5DB1-A63A-6E88F4899C0E} -
O2 - BHO: (no name) - {ABCBB0F9-7C5F-B2A8-A985-DBEE7DA8035D} -
O2 - BHO: (no name) - {AC2FD346-B35C-A896-4487-916D3E911455} -
O2 - BHO: (no name) - {AC81EC14-3EEC-6538-2603-BABEF1F75A24} -
O2 - BHO: (no name) - {AD327E2E-D82F-9587-7D79-960A66983C17} -
O2 - BHO: (no name) - {AE9AEB8F-0E7F-D767-F3C7-AF22C0FBA643} -
O2 - BHO: (no name) - {AEBAA38C-A5F4-D0FD-904B-5A1C7FCA25AF} -
O2 - BHO: (no name) - {AF21C402-9A63-03A6-CE89-A6BBEABCD013} -
O2 - BHO: (no name) - {AFF226D4-6484-3652-603F-005908E0DFD4} -
O2 - BHO: (no name) - {B0030846-0596-1454-D1AE-FC69B7F19AC8} -
O2 - BHO: (no name) - {B10A9A8A-BFE0-3A30-47B5-BF3A196D2B94} -
O2 - BHO: (no name) - {B1E7A707-24E5-6544-421B-A738C2B36E3A} -
O2 - BHO: (no name) - {B26E180E-6248-2EE2-55AE-C6CB785F21C4} -
O2 - BHO: (no name) - {B4BF9C14-1EE5-510F-78CB-D256DA9572AA} -
O2 - BHO: (no name) - {B4D52BE0-DBD6-4F46-2633-72E374BFCB90} -
O2 - BHO: (no name) - {B64CDD57-7D96-5C6B-FBD6-F71DA48862A9} -
O2 - BHO: (no name) - {B6FBF6C9-510D-F04F-75C4-47B77E2085E8} -
O2 - BHO: (no name) - {B74FC677-1BFA-DEF5-DEB7-DBD24D544D78} -
O2 - BHO: (no name) - {B8E989AC-570B-BFD4-F982-B6FA8BC18348} -
O2 - BHO: (no name) - {B94286B3-9087-D351-F81A-C5079026EC35} -
O2 - BHO: (no name) - {B990B770-D62A-B542-EDA6-516033B76258} -
O2 - BHO: (no name) - {B9B28B37-0877-7E49-286C-63D980817566} -
O2 - BHO: (no name) - {B9FCA0E1-7B64-E16E-A3DC-00928170618E} -
O2 - BHO: (no name) - {BA8F9F33-8F0C-9419-0792-F6767ACBCD1A} -
O2 - BHO: (no name) - {BA997092-5DFF-A91F-6516-A449FC336452} -
O2 - BHO: (no name) - {BB64CF1B-EDD6-054C-3EC4-EDBA6BF43D9B} -
O2 - BHO: (no name) - {BCB3F18B-A3EB-BE2C-7060-80B3226DEA98} -
O2 - BHO: (no name) - {BE40D43B-1323-AC09-FD3D-F5F0CEEAF506} -
O2 - BHO: (no name) - {BEDE43F2-3A12-9DD6-5372-F4A978605A01} -
O2 - BHO: (no name) - {BFBFF9AA-22B3-FF5F-0EE0-C9538197D788} -
O2 - BHO: (no name) - {C0AB6C34-D1BC-32E6-9A1B-1F47822FD32E} -
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} -
O2 - BHO: (no name) - {C2FA3EAF-821F-A9B6-25C2-AF456704EDC8} -
O2 - BHO: (no name) - {C35AADB0-FE0C-8B29-3DF2-80B00335B70D} -
O2 - BHO: (no name) - {C37464FB-795E-818F-1740-07FBCEB881C8} -
O2 - BHO: (no name) - {C47E6517-9FEE-B27A-3EA8-BB572B11D25B} -
O2 - BHO: (no name) - {C5E5AAF1-E338-ED8E-4D57-DC8FB2DE04CB} -
O2 - BHO: (no name) - {C680FC92-CC8D-3933-941C-DB2ADEAD27D8} -
O2 - BHO: (no name) - {C68539AC-6CD1-A082-BEB2-8A3A1C72F103} -
O2 - BHO: (no name) - {C738A371-0430-6A14-07D8-FF8D00747F0E} -
O2 - BHO: (no name) - {C7D694A6-A289-DECF-ABB2-E43C2010FD00} -
O2 - BHO: (no name) - {C7E5DEDD-D9B0-41ED-404D-7720BA941F24} -
O2 - BHO: (no name) - {C8EE100B-191A-611C-5766-34F50DE08954} -
O2 - BHO: (no name) - {C8F6D58E-315A-D77E-18F7-70C0FC6A733D} -
O2 - BHO: (no name) - {CA14850C-FA9C-DE0D-27DA-8BD9DA485F0B} -
O2 - BHO: (no name) - {CA4938DF-EDB2-708B-0183-B1EF0CF56539} -
O2 - BHO: (no name) - {CAF6E144-63FF-5169-432A-A4605DE3B9A4} -
O2 - BHO: (no name) - {CBE5F226-BD90-1454-83F4-2686C681720C} -
O2 - BHO: (no name) - {CC5F15C0-4FA5-2B34-9D3E-0BB480B5C834} -
O2 - BHO: (no name) - {CDBCDF8D-F3C6-EE7D-C673-A31C7CDFB1F3} -
O2 - BHO: (no name) - {CDD86D3D-AA27-ABC8-6C93-9E5DB990A866} -
O2 - BHO: (no name) - {CEDF9A95-F8C2-F7C7-AF6C-402C203A3A1A} -
O2 - BHO: (no name) - {CF55FDE9-BA43-BE10-5455-CE366744EC0C} -
O2 - BHO: (no name) - {D017A1A4-51FE-686D-883E-896573BFFC91} -
O2 - BHO: (no name) - {D0255E6F-0063-155E-E155-8DEDD32646C8} -
O2 - BHO: (no name) - {D0369D6C-3958-4CAD-4A2F-3BD8395C5178} -
O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} -
O2 - BHO: (no name) - {D30F1D3E-9A80-B7B8-660D-9D89FEB47648} -
O2 - BHO: (no name) - {D4C0E433-46E1-FD19-92D7-09B1F788A00A} -
O2 - BHO: (no name) - {D4D6E938-A715-0A71-38BD-176F21ADA2F9} -
O2 - BHO: (no name) - {D4FD3E7F-134B-3265-8C6A-C70ABD1A2E09} -
O2 - BHO: (no name) - {D54F6CB9-5429-9A95-7B59-D291228E70B8} -
O2 - BHO: (no name) - {D5728176-9B28-959A-7D04-F70661EB2619} -
O2 - BHO: (no name) - {D5803A75-94E4-D765-5CDA-5E6515E89C3E} -
O2 - BHO: (no name) - {D6D1C592-0365-F3E6-489A-C2F01E89B1E7} -
O2 - BHO: (no name) - {D6D41230-B4B7-D9FC-EDDA-A50821C38898} -
O2 - BHO: (no name) - {D7873985-8475-B74C-A508-68D1C961F6C3} -
O2 - BHO: (no name) - {D822877E-46BD-178B-A721-897CC4553D02} -
O2 - BHO: (no name) - {D83E8454-F737-08C7-6BBB-9567C0B82257} -
O2 - BHO: (no name) - {D8F83F56-26F9-C667-A9AA-64C24DF449D6} -
O2 - BHO: (no name) - {DA673768-1F75-6A22-E683-513D32CF86C7} -
O2 - BHO: (no name) - {DA69B312-479E-04FF-2B2B-F34795A0072E} -
O2 - BHO: (no name) - {DB4FEFF3-7F23-D1EC-252C-4321FF47BA66} -
O2 - BHO: (no name) - {DC7F0147-FE14-8C11-B567-602ED4468C81} -
O2 - BHO: (no name) - {DCAB9C0C-A653-82EF-F2B8-5AF28CEE929C} -
O2 - BHO: (no name) - {DDDF9214-0C39-2401-5681-788C67AD3397} -
O2 - BHO: (no name) - {DECD8E91-E600-DF80-A5DB-061BB58F74D4} -
O2 - BHO: (no name) - {DF77D786-7899-DE17-AC07-FBA8FA5E3372} -
O2 - BHO: (no name) - {E09E50A9-C957-586A-F4AB-55E38F81CBDB} -
O2 - BHO: (no name) - {E0AC35E4-96DF-00AC-6608-D6C41D33EEC8} -
O2 - BHO: (no name) - {E118C993-3E95-588B-3737-DEFDC8EAC743} -
O2 - BHO: (no name) - {E1E57F1D-C6B0-62EC-101F-B10073BE2A67} -
O2 - BHO: (no name) - {E2D1983C-BABF-2AAE-DED6-6001C5E50B35} -
O2 - BHO: (no name) - {E2EFF47C-CEA2-977D-C18B-68F6CAB7C5FD} -
O2 - BHO: (no name) - {E2FA5ADF-2EE4-349E-8197-095C5E7C1822} -
O2 - BHO: (no name) - {E2FF7285-6F6F-9283-CBCD-D4E370856A52} -
O2 - BHO: (no name) - {E487650B-242B-EE1E-0BF6-E88C8D4757E3} -
O2 - BHO: (no name) - {E4C8B99E-0103-FBC9-F6CA-7D83FF55910C} -
O2 - BHO: (no name) - {E4D02D4D-F4CA-5C75-BF5E-2EB5899148E7} -
O2 - BHO: (no name) - {E5AEC6A2-E0DA-BCCF-46E8-C8D57F1BAB09} -
O2 - BHO: (no name) - {E6793744-4C7D-13BC-5DB0-7657683A0CE5} -
O2 - BHO: (no name) - {E72D55D9-D0F9-5060-B321-D4B6575AD029} -
O2 - BHO: (no name) - {E7EA31BC-040D-2E4D-88EF-40381EB92CB7} -
O2 - BHO: (no name) - {E8BE2A5E-CEBC-9AC3-3766-2818EC5177F1} -
O2 - BHO: (no name) - {E92FEBA8-E69D-A240-4CB7-26F77F353A3E} -
O2 - BHO: (no name) - {EDD230B8-C13C-3C16-B2A6-6E905B7AAD8B} -
O2 - BHO: (no name) - {EDE089D9-4761-83C8-F9D7-A5FD309350A8} -
O2 - BHO: (no name) - {EE2AA0F1-F20F-6C4E-D617-5455B3E75016} -
O2 - BHO: (no name) - {EEBD9A89-4BF8-ABEE-35B7-D9119850B905} -
O2 - BHO: (no name) - {EF00589F-4853-36A5-3704-A19633EDC95B} -
O2 - BHO: (no name) - {EF309E36-716B-7280-E846-0F0341C2FC93} -
O2 - BHO: (no name) - {F18ECF04-6CA0-EC37-AC5B-4D74C64A9794} -
O2 - BHO: (no name) - {F2904D7B-BCC4-BBED-BEC0-AC10A5DDF462} -
O2 - BHO: (no name) - {F2AEE8C6-488F-FB83-41DC-7207FA4758DF} -
O2 - BHO: (no name) - {F4991605-C957-0BAE-49B7-A7115B539ABB} -
O2 - BHO: (no name) - {F607095C-FD2B-4343-1C4F-F77394A2E39A} -
O2 - BHO: (no name) - {F6956773-B906-6B4E-BC0B-5426597C4595} -
O2 - BHO: (no name) - {F9A8EAE7-B06F-2EC0-E63F-ED8F8566CDEA} -
O2 - BHO: (no name) - {FB04EF28-D55C-A95A-794F-75DA8F4D83AF} -
O2 - BHO: (no name) - {FB33A6C8-433D-5DBC-4293-C2A5BAD25729} -
O2 - BHO: (no name) - {FC615C15-94A5-9786-9573-BEB7DB4CC211} -
O2 - BHO: (no name) - {FD28144A-BE74-ABB6-5C2B-E60BF82588B7} -
O2 - BHO: (no name) - {FEF289B2-6015-9A71-D02D-8394ED825678} -
O2 - BHO: (no name) - {FF234288-3F3D-AAD1-5406-2B255A30CA94} -
O2 - BHO: (no name) - {FF5CE8D6-15E7-9320-B39B-A35B6BCEE89D} -
O2 - BHO: (no name) - {FF82035F-0086-8DD2-C7FF-4F5E2A38F671} -


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include:
  1. ComboFix log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: help

Unread postby joannefromwork » June 27th, 2009, 10:45 pm

ComboFix 09-06-23.01 - Owner 06/27/2009 21:21.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.110 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\javaew.dll"
"c:\windows\system32\ntki.dll"
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 11:20 . 2009-06-27 11:20 -------- d-----w- c:\program files\ESET
2009-06-24 23:23 . 2009-06-24 23:24 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 21:37 . 2009-06-22 21:37 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 02:07 . 2008-12-30 02:48 7304 ----a-w- c:\windows\TMP0001.TMP
2009-06-27 19:48 . 2006-11-10 21:53 -------- d-----w- c:\program files\Common Files\Scanner
2009-05-28 00:45 . 2001-09-17 19:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 18:48 . 2009-05-27 18:48 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-27 18:48 . 2009-05-27 18:48 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-27 18:48 . 2009-05-27 18:48 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-27 18:48 . 2009-05-27 18:48 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-24 14:01 . 2009-05-24 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-24 14:01 . 2005-03-29 01:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-05-07 15:32 . 2001-08-25 19:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-01-08 19:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-22 18:49 . 2009-04-22 18:49 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-22 18:49 . 2009-02-25 19:48 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2001-08-25 19:42 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-05-05 02:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-10-22 09:59 . 2005-10-22 09:59 89070 -csha-w- c:\windows\netnk.dll
2005-10-25 03:50 . 2005-10-25 03:50 89248 -csha-w- c:\windows\system32\d3ek.dll
2005-11-02 23:15 . 2005-11-02 23:15 88765 -csha-w- c:\windows\system32\ipkb32.dll
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2001-08-18 12:00 561152 BE57A5C3ABD240514B98F6BCA872FB21 c:\windows\$NtUninstallKB824141$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2003-09-25 16:49 560128 32173306185F603E75C477E117F3BB8D c:\windows\$xpsp1hfm$\KB824141\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-06-17 17:55 528896 530FE6F930201285D4D2BBBBC6A584AE c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\rtmqfe\user32.dll
[-] 2004-06-17 17:58 560128 31FB2D788A9AA618452C02E8375B6DCD c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\cache\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[-] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-03-10 08:02 656896 6F018D6319BE4F96426EA829B79E05D5 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899_0$\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-12-07 00:44 666112 085A7C37F9C6EDE1BA870B7DBEC06399 c:\windows\$NtUninstallKB947864$\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$NtUninstallKB950759_0$\wininet.dll
[7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$NtUninstallKB953838$\wininet.dll
[7] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$NtUninstallKB953838_0$\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$NtUninstallKB956390_0$\wininet.dll
[7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$NtUninstallKB958215_0$\wininet.dll
[-] 2001-08-18 12:00 593920 CF9F1EEF71F42EDE71B6F4AA05D5CA1A c:\windows\$NtUninstallQ309521$\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\ie7\wininet.dll
[7] 2007-08-14 00:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\cache\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-05-27 01:38 483328 E7F9D2E4E4A94A6F58014E5FFA16A65E c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\cache\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2001-08-18 12:00 1896704 46E2E3DCF54B819CFB2EBFE48A22B5C9 c:\windows\$NtUninstallQ317277$\ntkrnlpa.exe
[7] 2002-02-25 21:33 1897856 01FD1F7C82B263F1667A1CEA095756C5 c:\windows\$NtUninstallQ811493$\ntkrnlpa.exe
[-] 2003-04-24 13:57 1949440 46AE6F2D416C39FFDCFC8BCB01203EA3 c:\windows\$xpsp1hfm$\Q811493\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-06-17 17:00 1903872 37EEE86E396C2FC1508E3A499631F709 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\rtmqfe\ntkrnlpa.exe
[-] 2004-06-17 08:03 1954688 ED0D7A5F1138CCFD3ECAF8F6AC691F13 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2001-08-18 12:00 1982208 A29222D5281056E497408FCC9062F749 c:\windows\$NtUninstallQ317277$\ntoskrnl.exe
[7] 2002-02-25 21:33 1875584 257AAFD1F77990355BB6E83650D52680 c:\windows\$NtUninstallQ811493$\ntoskrnl.exe
[-] 2003-04-24 13:57 1925760 97EC4AB4650DA6FC521CF16F8A6DDCB0 c:\windows\$xpsp1hfm$\Q811493\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-06-17 17:00 1881856 2CEBD574C16191344F207ED8A65AE4F6 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\rtmqfe\ntoskrnl.exe
[-] 2004-06-17 17:22 2051584 F240DC474F8EDB2D95514D831DF069E5 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\cache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\cache\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\cache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\cache\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\cache\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\cache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\cache\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2001-08-18 12:00 197632 458635D2E4559526CF9C895340A38702 c:\windows\$NtUninstallQ311889$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-06-17 17:55 898048 EBC65C59E5BFE6B167FA895E75840B5D c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\rtmqfe\kernel32.dll
[-] 2004-06-17 17:58 930816 FCA73DE7B988A2F7837FFBFFCFBED088 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\cache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\cache\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\cache\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2001-08-18 12:00 1562112 9E415EFDF50F26BCBC97C80F4E6C30CC c:\windows\$NtUninstallQ309521$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\cache\sfcfiles.dll


[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.19.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 02:15 . 2009-06-27 02:15 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]
"kmw_run.exe"="kmw_run.exe" - c:\windows\system32\kmw_run.exe [2003-12-01 106496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-3 394856]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-6-28 54512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/25/2009 2:48 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1003344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 10:24 AM 24652]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:48]

2001-11-11 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-09-17 00:12]

2001-11-11 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-09-17 00:12]

2001-11-11 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-09-17 00:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{66EF3492-6791-E464-2878-82061A226166} - (no file)
BHO-{E72D55D9-D0F9-5060-B321-D4B6575AD029} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{946B3E9E-E21A-49c8-9F63-900533FAFE15} - {580a1f3f-89b4-433b-bbdb-b97aeb13f3fc} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Poker - hxxp://origin.games.yahoo.net/games/clients/y/pt3_x.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 21:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\kmw_dll.dll
c:\windows\system32\wow32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-28 21:41
ComboFix-quarantined-files.txt 2009-06-28 02:41
ComboFix2.txt 2009-06-28 01:38
ComboFix3.txt 2009-06-27 20:21
ComboFix4.txt 2009-06-24 23:51

Pre-Run: 4,924,542,976 bytes free
Post-Run: 4,914,278,400 bytes free

383 --- E O F --- 2009-06-10 08:16
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:53 PM, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {66EF3492-6791-E464-2878-82061A226166} - (no file)
O2 - BHO: (no name) - {E72D55D9-D0F9-5060-B321-D4B6575AD029} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {203F7D8D-F0F9-4F03-907B-1CF7BF61A327} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Poker - http://origin.games.yahoo.net/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download2.games.yahoo.com/games/ ... /dt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0686735062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/softwa ... Plugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9345 bytes
joannefromwork
Active Member
 
Posts: 14
Joined: June 21st, 2009, 5:04 pm

Re: help

Unread postby joannefromwork » June 27th, 2009, 10:46 pm

ComboFix 09-06-23.01 - Owner 06/27/2009 21:21.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.110 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\javaew.dll"
"c:\windows\system32\ntki.dll"
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 11:20 . 2009-06-27 11:20 -------- d-----w- c:\program files\ESET
2009-06-24 23:23 . 2009-06-24 23:24 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 21:37 . 2009-06-22 21:37 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 02:07 . 2008-12-30 02:48 7304 ----a-w- c:\windows\TMP0001.TMP
2009-06-27 19:48 . 2006-11-10 21:53 -------- d-----w- c:\program files\Common Files\Scanner
2009-05-28 00:45 . 2001-09-17 19:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 18:48 . 2009-05-27 18:48 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-27 18:48 . 2009-05-27 18:48 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-27 18:48 . 2009-05-27 18:48 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-27 18:48 . 2009-05-27 18:48 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-24 14:01 . 2009-05-24 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-24 14:01 . 2005-03-29 01:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-05-07 15:32 . 2001-08-25 19:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-01-08 19:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-22 18:49 . 2009-04-22 18:49 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-22 18:49 . 2009-02-25 19:48 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2001-08-25 19:42 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-05-05 02:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-10-22 09:59 . 2005-10-22 09:59 89070 -csha-w- c:\windows\netnk.dll
2005-10-25 03:50 . 2005-10-25 03:50 89248 -csha-w- c:\windows\system32\d3ek.dll
2005-11-02 23:15 . 2005-11-02 23:15 88765 -csha-w- c:\windows\system32\ipkb32.dll
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2001-08-18 12:00 561152 BE57A5C3ABD240514B98F6BCA872FB21 c:\windows\$NtUninstallKB824141$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2003-09-25 16:49 560128 32173306185F603E75C477E117F3BB8D c:\windows\$xpsp1hfm$\KB824141\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-06-17 17:55 528896 530FE6F930201285D4D2BBBBC6A584AE c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\rtmqfe\user32.dll
[-] 2004-06-17 17:58 560128 31FB2D788A9AA618452C02E8375B6DCD c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\cache\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[-] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-03-10 08:02 656896 6F018D6319BE4F96426EA829B79E05D5 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899_0$\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-12-07 00:44 666112 085A7C37F9C6EDE1BA870B7DBEC06399 c:\windows\$NtUninstallKB947864$\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$NtUninstallKB950759_0$\wininet.dll
[7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$NtUninstallKB953838$\wininet.dll
[7] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$NtUninstallKB953838_0$\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$NtUninstallKB956390_0$\wininet.dll
[7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$NtUninstallKB958215_0$\wininet.dll
[-] 2001-08-18 12:00 593920 CF9F1EEF71F42EDE71B6F4AA05D5CA1A c:\windows\$NtUninstallQ309521$\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\ie7\wininet.dll
[7] 2007-08-14 00:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\cache\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-05-27 01:38 483328 E7F9D2E4E4A94A6F58014E5FFA16A65E c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\cache\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2001-08-18 12:00 1896704 46E2E3DCF54B819CFB2EBFE48A22B5C9 c:\windows\$NtUninstallQ317277$\ntkrnlpa.exe
[7] 2002-02-25 21:33 1897856 01FD1F7C82B263F1667A1CEA095756C5 c:\windows\$NtUninstallQ811493$\ntkrnlpa.exe
[-] 2003-04-24 13:57 1949440 46AE6F2D416C39FFDCFC8BCB01203EA3 c:\windows\$xpsp1hfm$\Q811493\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-06-17 17:00 1903872 37EEE86E396C2FC1508E3A499631F709 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\rtmqfe\ntkrnlpa.exe
[-] 2004-06-17 08:03 1954688 ED0D7A5F1138CCFD3ECAF8F6AC691F13 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2001-08-18 12:00 1982208 A29222D5281056E497408FCC9062F749 c:\windows\$NtUninstallQ317277$\ntoskrnl.exe
[7] 2002-02-25 21:33 1875584 257AAFD1F77990355BB6E83650D52680 c:\windows\$NtUninstallQ811493$\ntoskrnl.exe
[-] 2003-04-24 13:57 1925760 97EC4AB4650DA6FC521CF16F8A6DDCB0 c:\windows\$xpsp1hfm$\Q811493\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-06-17 17:00 1881856 2CEBD574C16191344F207ED8A65AE4F6 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\rtmqfe\ntoskrnl.exe
[-] 2004-06-17 17:22 2051584 F240DC474F8EDB2D95514D831DF069E5 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\cache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\cache\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\cache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\cache\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\cache\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\cache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\cache\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2001-08-18 12:00 197632 458635D2E4559526CF9C895340A38702 c:\windows\$NtUninstallQ311889$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-06-17 17:55 898048 EBC65C59E5BFE6B167FA895E75840B5D c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\rtmqfe\kernel32.dll
[-] 2004-06-17 17:58 930816 FCA73DE7B988A2F7837FFBFFCFBED088 c:\windows\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\cache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\cache\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\cache\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2001-08-18 12:00 1562112 9E415EFDF50F26BCBC97C80F4E6C30CC c:\windows\$NtUninstallQ309521$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\cache\sfcfiles.dll


[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.19.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 02:15 . 2009-06-27 02:15 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]
"kmw_run.exe"="kmw_run.exe" - c:\windows\system32\kmw_run.exe [2003-12-01 106496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-3 394856]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-6-28 54512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/25/2009 2:48 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1003344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 10:24 AM 24652]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:48]

2001-11-11 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-09-17 00:12]

2001-11-11 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-09-17 00:12]

2001-11-11 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-09-17 00:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{66EF3492-6791-E464-2878-82061A226166} - (no file)
BHO-{E72D55D9-D0F9-5060-B321-D4B6575AD029} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{946B3E9E-E21A-49c8-9F63-900533FAFE15} - {580a1f3f-89b4-433b-bbdb-b97aeb13f3fc} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Poker - hxxp://origin.games.yahoo.net/games/clients/y/pt3_x.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 21:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\kmw_dll.dll
c:\windows\system32\wow32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-28 21:41
ComboFix-quarantined-files.txt 2009-06-28 02:41
ComboFix2.txt 2009-06-28 01:38
ComboFix3.txt 2009-06-27 20:21
ComboFix4.txt 2009-06-24 23:51

Pre-Run: 4,924,542,976 bytes free
Post-Run: 4,914,278,400 bytes free

383 --- E O F --- 2009-06-10 08:16
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:53 PM, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {66EF3492-6791-E464-2878-82061A226166} - (no file)
O2 - BHO: (no name) - {E72D55D9-D0F9-5060-B321-D4B6575AD029} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {203F7D8D-F0F9-4F03-907B-1CF7BF61A327} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Poker - http://origin.games.yahoo.net/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download2.games.yahoo.com/games/ ... /dt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0686735062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/softwa ... Plugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9345 bytes
joannefromwork
Active Member
 
Posts: 14
Joined: June 21st, 2009, 5:04 pm

Re: help

Unread postby Axephilic » June 27th, 2009, 11:02 pm

Looks good now. :) Just 2 more minor things.

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: (no name) - {66EF3492-6791-E464-2878-82061A226166} - (no file)
    O2 - BHO: (no name) - {E72D55D9-D0F9-5060-B321-D4B6575AD029} - (no file)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9. Please uninstall all old versions of Adobe Reader and then you can download the newest version from http://www.adobe.com/products/acrobat/readstep2.html If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

Congratulations, you are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them. If after 48 hours you have not responded to this, then I will assume you have no questions and have the topic closed.

First, lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

You may now also delete anything else that you downloaded with my instructions.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware