Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

browser hijacker and other problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: browser hijacker and other problems

Unread postby alango1 » October 8th, 2009, 4:49 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-10-08 16:48:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 35 GB (48%) free of 73 GB
Total RAM: 502 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:47 PM, on 10/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\sySTEM32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TizzleTalk\TizzleTalk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Documents and Settings\Dad\Desktop\RSIT.exe
C:\Program Files\trend micro\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [link corn grid inside] C:\Documents and Settings\All Users\Application Data\Ping Online Link Corn\Support Math.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] C:\Program Files\bama\tlii.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk046YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10299 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\A50F81D291843EBE.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2}]
My Web Search Bar BHO - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL [2005-08-29 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-08 149280]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-11-16 26112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"MMTray"=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2006-01-19 110592]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"DellHelp"=C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]
"TizzleTalk"=C:\Program Files\TizzleTalk\TizzleTalk.exe [2005-02-04 36864]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [2006-01-19 11776]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"link corn grid inside"=C:\Documents and Settings\All Users\Application Data\Ping Online Link Corn\Support Math.exe []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-03 233304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Sen"=C:\Program Files\bama\tlii.exe []
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2003-07-10 654848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\Andrew\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe"="C:\Documents and Settings\Andrew\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe:*:Enabled:sspm"
"C:\WINDOWS\SYSTEM32\smsc.exe"="C:\WINDOWS\SYSTEM32\smsc.exe:*:Enabled:smsc"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1124393499\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124393499\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\1124393499\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124393499\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-12-23 20:58:49 ----A---- C:\WINDOWS\system32\6604szea59435.exe
2009-12-16 12:17:48 ----A---- C:\WINDOWS\system32\5e5aaddwa9e196z.dll
2009-12-15 16:07:55 ----A---- C:\WINDOWS\25054spamboz5439.exe
2009-12-15 14:40:15 ----A---- C:\WINDOWS\79525parse177z.exe
2009-12-15 06:51:47 ----A---- C:\WINDOWS\50269irz8645.exe
2009-12-14 12:52:16 ----A---- C:\WINDOWS\system32\94fspar5e100z.dll
2009-12-13 23:27:22 ----A---- C:\WINDOWS\7aa9vir5123z.dll
2009-12-12 13:13:04 ----A---- C:\WINDOWS\system32\19b3sz5war91219.dll
2009-12-04 02:47:02 ----A---- C:\WINDOWS\system32\29999not-a-vzru52b5.exe
2009-12-02 02:47:52 ----A---- C:\WINDOWS\system32\5659sp5ware316z.exe
2009-11-27 13:55:02 ----A---- C:\WINDOWS\system32\17495pz693.exe
2009-11-26 02:01:48 ----A---- C:\WINDOWS\9f55zparse1185.exe
2009-11-24 10:01:26 ----A---- C:\WINDOWS\system32\z1571s5y986.exe
2009-11-23 16:36:01 ----A---- C:\WINDOWS\1855thie91z135.exe
2009-11-21 23:34:10 ----A---- C:\WINDOWS\system32\217z5hack5ool2b9.exe
2009-11-21 20:54:05 ----A---- C:\WINDOWS\system32\5z399pars52960.exe
2009-11-10 19:49:04 ----A---- C:\WINDOWS\system32\59926wzrm39b.exe
2009-11-08 19:04:18 ----A---- C:\WINDOWS\system32\4218s9ywarz5635.dll
2009-11-04 00:41:29 ----A---- C:\WINDOWS\system32\1e625zarse9127.dll
2009-11-03 12:49:10 ----A---- C:\WINDOWS\5z5a95r1936.exe
2009-11-02 20:39:46 ----A---- C:\WINDOWS\5czfa5dware1292.dll
2009-10-28 00:21:01 ----A---- C:\WINDOWS\system32\17565hazkt95l606.exe
2009-10-27 02:46:37 ----A---- C:\WINDOWS\5b63ste5lz9.dll
2009-10-22 12:37:39 ----A---- C:\WINDOWS\system32\14655zi9us658.exe
2009-10-20 06:56:57 ----A---- C:\WINDOWS\z686spy3395.exe
2009-10-17 22:55:19 ----A---- C:\WINDOWS\155zaddwa9e775.dll
2009-10-13 04:05:01 ----A---- C:\WINDOWS\system32\1953zsp9651.exe
2009-10-13 02:29:30 ----A---- C:\WINDOWS\5274thre9t3z15.exe
2009-10-12 00:57:38 ----A---- C:\WINDOWS\system32\325019pz1a4.dll
2009-10-08 16:39:45 ----D---- C:\Program Files\Microsoft
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\java.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-08 14:07:27 ----D---- C:\Malwarebytes' Anti-Malware
2009-10-08 13:41:27 ----D---- C:\New Folder
2009-10-08 13:03:25 ----A---- C:\WINDOWS\30358spazbo999.exe
2009-10-08 11:49:09 ----D---- C:\HostsXpert
2009-10-06 23:59:56 ----A---- C:\WINDOWS\system32\485backd5or917z.dll
2009-10-05 15:38:54 ----A---- C:\WINDOWS\resetlog.txt
2009-10-05 14:35:42 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-03 09:14:10 ----A---- C:\WINDOWS\system32\4445tro955z.exe
2009-10-03 02:31:22 ----A---- C:\WINDOWS\1242spar5e3z19.exe
2009-10-02 20:22:44 ----D---- C:\Program Files\trend micro
2009-10-02 20:22:42 ----D---- C:\rsit
2009-09-28 16:56:06 ----A---- C:\WINDOWS\system32\57685zie91039.exe
2009-09-28 12:07:32 ----D---- C:\Program Files\?ppPatch
2009-09-28 12:07:31 ----A---- C:\WINDOWS\system32\pifwdp.dll
2009-09-26 15:20:58 ----A---- C:\WINDOWS\system32\59397virus63z.dll
2009-09-26 15:20:52 ----A---- C:\WINDOWS\2459s5ealz259.dll
2009-09-26 15:20:50 ----A---- C:\WINDOWS\system32\3523ztro9135.dll
2009-09-26 15:20:46 ----A---- C:\WINDOWS\system32\38d5zhrea922524.exe
2009-09-26 15:20:43 ----A---- C:\WINDOWS\system32\50fba95doorz268.exe
2009-09-26 15:20:42 ----A---- C:\WINDOWS\system32\3e55addzare11739.dll
2009-09-26 15:20:39 ----A---- C:\WINDOWS\system32\5aa19p5wzre388.exe
2009-09-26 15:20:36 ----A---- C:\WINDOWS\zf3ft9ief530.dll
2009-09-26 15:20:36 ----A---- C:\WINDOWS\system32\1d9dthie59z23.exe
2009-09-26 15:20:36 ----A---- C:\WINDOWS\system32\161915roj7d2z.dll
2009-09-26 15:20:36 ----A---- C:\WINDOWS\31553worm9z5.exe
2009-09-26 15:20:35 ----A---- C:\WINDOWS\1f5d9hief2320z.dll
2009-09-26 15:20:34 ----A---- C:\WINDOWS\system32\596add95rz521.dll
2009-09-26 15:20:30 ----A---- C:\WINDOWS\z9d5vir1093.dll
2009-09-26 15:20:30 ----A---- C:\WINDOWS\system32\28356n5t-9zvirus774.exe
2009-09-26 15:20:30 ----A---- C:\WINDOWS\3414za5kdoor3109.dll
2009-09-26 15:20:30 ----A---- C:\WINDOWS\30366s5azb9t159.dll
2009-09-26 15:20:29 ----A---- C:\WINDOWS\system32\4zc2thief22095.dll
2009-09-26 15:20:29 ----A---- C:\WINDOWS\33c9b5zkdoor599.exe
2009-09-26 15:20:25 ----A---- C:\WINDOWS\system32\674ste5l202z9.dll
2009-09-26 15:20:24 ----A---- C:\WINDOWS\system32\94bbsz5ware1394.exe
2009-09-26 15:20:21 ----A---- C:\WINDOWS\system32\16d1d9wnzoa5er3079.exe
2009-09-26 15:20:15 ----A---- C:\WINDOWS\system32\49c8v5r982z.dll
2009-09-26 15:20:14 ----A---- C:\WINDOWS\7d9cazdw5re2318.dll
2009-09-26 15:20:13 ----A---- C:\WINDOWS\system32\22477n5t-a9vzrus1fa.dll
2009-09-26 15:20:09 ----A---- C:\WINDOWS\1791sp5warz961.dll
2009-09-26 15:19:59 ----A---- C:\WINDOWS\1c51downloade53z69.exe
2009-09-26 15:19:50 ----A---- C:\WINDOWS\system32\26e5stz9l31275.exe
2009-09-26 15:19:43 ----A---- C:\WINDOWS\system32\348zvi9u57b5.dll
2009-09-26 15:19:40 ----A---- C:\WINDOWS\system32\98973zro539d.exe
2009-09-26 15:19:30 ----A---- C:\WINDOWS\system32\14267not-a-9irzs1455.exe
2009-09-26 15:19:28 ----A---- C:\WINDOWS\533th9eaz4477.dll
2009-09-26 15:19:24 ----A---- C:\WINDOWS\system32\19z6h5cktool3f5.exe
2009-09-26 15:19:23 ----A---- C:\WINDOWS\9222wo5m5z5.dll
2009-09-26 15:19:22 ----A---- C:\WINDOWS\system32\1518spy95z.exe
2009-09-26 15:19:22 ----A---- C:\WINDOWS\93300wzr51b5.exe
2009-09-26 15:19:22 ----A---- C:\WINDOWS\3069t9reat279z5.exe
2009-09-26 15:19:22 ----A---- C:\WINDOWS\1f8bbac9door57z0.dll
2009-09-26 15:19:20 ----A---- C:\WINDOWS\49aabazkdoor1951.dll
2009-09-26 15:19:13 ----A---- C:\WINDOWS\5e095zie91094.exe
2009-09-26 15:19:12 ----A---- C:\WINDOWS\system32\777z59mbot765.exe
2009-09-26 15:19:12 ----A---- C:\WINDOWS\system32\52eviz15495.exe
2009-09-26 15:19:11 ----A---- C:\WINDOWS\system32\79dzback9oor11945.exe
2009-09-26 15:19:02 ----A---- C:\WINDOWS\zdc2s5ea9670.exe
2009-09-26 15:19:01 ----A---- C:\WINDOWS\19422w5z91af.dll
2009-09-26 15:18:59 ----A---- C:\WINDOWS\7az7steal2590.exe
2009-09-26 15:18:49 ----A---- C:\WINDOWS\system32\1za4vir9522.dll
2009-09-26 15:18:48 ----A---- C:\WINDOWS\5497sparse513z.dll
2009-09-26 15:18:39 ----A---- C:\WINDOWS\system32\527spar9e21z9.exe
2009-09-26 15:18:37 ----A---- C:\WINDOWS\15z2threat17495.exe
2009-09-26 15:18:35 ----A---- C:\WINDOWS\system32\e6zback9oor12435.exe
2009-09-26 15:18:35 ----A---- C:\WINDOWS\system32\2396z5pambot4ea.dll
2009-09-26 15:18:34 ----A---- C:\WINDOWS\19839r5z553.dll
2009-09-26 15:18:33 ----A---- C:\WINDOWS\system32\22572sz9mbot5fa.dll
2009-09-26 15:18:30 ----A---- C:\WINDOWS\system32\9014v5rzs7aa.dll
2009-09-26 15:18:17 ----A---- C:\WINDOWS\system32\9d20tzief5469.dll
2009-09-26 15:18:17 ----A---- C:\WINDOWS\3d5athre9tz384.exe
2009-09-26 15:18:17 ----A---- C:\WINDOWS\2795ha5ktool7f1z.exe
2009-09-26 15:18:16 ----A---- C:\WINDOWS\172z5spam9ot105.dll
2009-09-26 15:18:14 ----A---- C:\WINDOWS\system32\961zad5ware2176.exe
2009-09-26 15:18:10 ----A---- C:\WINDOWS\system32\589ft59eat19z99.exe
2009-09-26 15:18:05 ----A---- C:\WINDOWS\system32\vy3e0308.exe
2009-09-23 17:00:59 ----D---- C:\WINDOWS\pss
2009-09-23 13:35:01 ----A---- C:\WINDOWS\system32\7e91z5reat28338.exe
2009-09-22 22:31:08 ----A---- C:\WINDOWS\vkl_1253673064.exe
2009-09-22 22:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-09-22 22:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-09-22 22:14:54 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-09-22 22:14:45 ----A---- C:\WINDOWS\vkl_1253672083.exe
2009-09-22 14:39:11 ----A---- C:\WINDOWS\189215o9z788.exe
2009-09-21 15:51:51 ----A---- C:\WINDOWS\vkl_1253562709.exe
2009-09-21 15:37:10 ----A---- C:\WINDOWS\vkl_1253561828.exe
2009-09-21 15:20:37 ----A---- C:\WINDOWS\freddy65.exe
2009-09-21 15:12:39 ----A---- C:\WINDOWS\vkl_1253560276.exe
2009-09-19 22:57:52 ----D---- C:\Program Files\Linksys
2009-09-19 22:56:39 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-09-19 22:56:21 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-09-19 22:55:34 ----A---- C:\WINDOWS\system32\RaCoInst.dll
2009-09-18 13:12:57 ----A---- C:\WINDOWS\system32\19z57wor91ae.exe
2009-09-17 18:44:45 ----A---- C:\WINDOWS\system32\1b44th9ef8z5.dll
2009-09-16 19:38:04 ----D---- C:\Program Files\Webroot
2009-09-16 19:38:04 ----A---- C:\WINDOWS\unSpySweeper.exe
2009-09-16 15:46:45 ----A---- C:\WINDOWS\vkl_1253130402.exe
2009-09-16 15:46:27 ----A---- C:\WINDOWS\vkl_1253130380.exe
2009-09-16 11:22:21 ----A---- C:\WINDOWS\vkl_1253114538.exe
2009-09-16 11:21:58 ----D---- C:\Program Files\webserver
2009-09-16 11:21:56 ----A---- C:\WINDOWS\vkl_1253114515.exe
2009-09-15 00:16:22 ----A---- C:\WINDOWS\vkl_1252988159.exe
2009-09-14 13:00:30 ----A---- C:\WINDOWS\system32\29159virus5z29.exe
2009-09-14 11:49:25 ----A---- C:\WINDOWS\vkl_1252943358.exe
2009-09-13 23:13:57 ----A---- C:\WINDOWS\vkl_1252898034.exe
2009-09-13 23:13:28 ----D---- C:\Documents and Settings\Dad\Application Data\Adobe
2009-09-13 00:19:15 ----A---- C:\WINDOWS\58fado9nloazer2995.exe
2009-09-12 04:54:07 ----A---- C:\WINDOWS\system32\9183backdzo52592.dll
2009-09-10 20:20:15 ----A---- C:\WINDOWS\2945dow5loadzr502.exe
2009-09-09 08:36:21 ----A---- C:\WINDOWS\19322hack95zl3f4.dll

======List of files/folders modified in the last 1 months======

2009-10-08 16:48:03 ----D---- C:\WINDOWS\Temp
2009-10-08 16:40:30 ----D---- C:\WINDOWS\Prefetch
2009-10-08 16:40:00 ----SHD---- C:\WINDOWS\Installer
2009-10-08 16:39:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-08 16:39:45 ----D---- C:\Program Files
2009-10-08 16:38:35 ----D---- C:\Program Files\MSN
2009-10-08 16:38:04 ----D---- C:\WINDOWS\SYSTEM32
2009-10-08 16:37:22 ----D---- C:\Program Files\Java
2009-10-08 16:30:53 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-10-08 16:30:46 ----D---- C:\WINDOWS
2009-10-08 16:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-08 14:22:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-08 14:21:23 ----D---- C:\Program Files\SpywareBlaster
2009-10-08 12:18:08 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-08 12:08:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-08 11:22:00 ----D---- C:\Program Files\Google
2009-10-05 16:24:34 ----D---- C:\Program Files\DivX
2009-10-05 14:58:28 ----D---- C:\Documents and Settings\Dad\Application Data\DivX
2009-09-28 11:40:00 ----SHD---- C:\System Volume Information
2009-09-28 11:40:00 ----D---- C:\Program Files\Common Files
2009-09-28 11:38:48 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-28 11:38:06 ----HD---- C:\WINDOWS\INF
2009-09-24 21:42:20 ----SD---- C:\Documents and Settings\Dad\Application Data\Microsoft
2009-09-23 19:05:11 ----D---- C:\WINDOWS\T?sks
2009-09-21 13:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-09-21 13:54:48 ----D---- C:\Program Files\McAfee.com
2009-09-21 13:51:19 ----SD---- C:\WINDOWS\Tasks
2009-09-19 23:26:49 ----D---- C:\WINDOWS\network diagnostic
2009-09-19 23:13:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-19 22:57:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-19 22:56:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-19 22:56:39 ----D---- C:\WINDOWS\WinSxS
2009-09-16 16:24:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-13 23:17:59 ----D---- C:\Documents and Settings\Dad\Application Data\Google
2009-09-13 23:10:57 ----A---- C:\WINDOWS\OEWABLog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Filter;Filter; \??\C:\WINDOWS\system32\drivers\Filter.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
S3 RT2500;Linksys Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-04-22 120448]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tj2knd5;Terayon Cable Modem (NDIS); C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 17616]
S3 tj2kunic;Terayon Cable Modem (WDM); C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 69680]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 ddnsfilter;ddnsfilter; C:\WINDOWS\sySTEM32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-08 153376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm
Advertisement
Register to Remove

Re: browser hijacker and other problems

Unread postby alango1 » October 8th, 2009, 4:56 pm

info.txt logfile of random's system information tool 1.06 2009-10-08 16:55:08

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Anti-Leech Plugin for Internet Explorer-->C:\Program Files\Anti-Leech\ALIE_1.0.2.2\iesetup2.exe uninstall
Anti-Leech Plugin for Netscape, Mozilla, Opera-->C:\Program Files\Anti-Leech\ALNN\setup2.exe -u
AOL Coach Version 1.0(Build:20030807.3)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVS Audio Converter version 5.1-->"C:\Program Files\AVS4YOU\AVSAudioConverter\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
HijackThis 2.0.2-->"E:\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
InstallMgr-->MsiExec.exe /I{98177940-C048-4831-A279-F3888B1E2C7F}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Linksys Wireless Manager-->"C:\Program Files\Linksys\Linksys Wireless Manager\setup.exe" /u /lcid 1033
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Media Converter SA Edition 0.8-->C:\Program Files\Media Converter SA Edition\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Default Manager-->MsiExec.exe /I{B7148D71-0A8F-4501-96B4-4E1CC67F874E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN Toolbar-->"C:\Program Files\Microsoft\Search Enhancement Pack\InstallMgr\InstallMgr.exe"
MSN Toolbar-->MsiExec.exe /X{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Defender-->"C:\Program Files\Registry Defender Trial\unins000.exe"
Screensavers Installer-->"C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe"
SecretSmileys-->C:\PROGRA~1\SECRET~1\UNWISE.EXE C:\PROGRA~1\SECRET~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spy Sweeper-->C:\WINDOWS\unSpySweeper.exe
SpywareBlaster 4.0-->"C:\Program Files\SpywareBlaster\unins000.exe"
TizzleTalk by OIN-->C:\Program Files\TizzleTalk\uninstaller.exe
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WeatherBug Browser Bar - powered by MyWebSearch-->rundll32 C:\PROGRA~1\MYWEBS~2\bar\1.bin\w6Bar.dll,O
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar-->rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======System event log======

Computer Name: ANDY
Event Code: 7022
Message: The ddnsfilter service hung on starting.

Record Number: 27146
Source Name: Service Control Manager
Time Written: 20090911004516.000000-240
Event Type: error
User:

Computer Name: ANDY
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 27139
Source Name: W32Time
Time Written: 20090909220245.000000-240
Event Type: warning
User:

Computer Name: ANDY
Event Code: 10010
Message: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Record Number: 27133
Source Name: DCOM
Time Written: 20090909083901.000000-240
Event Type: error
User: ANDY\Andrew

Computer Name: ANDY
Event Code: 7031
Message: The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Record Number: 27119
Source Name: Service Control Manager
Time Written: 20090909082526.000000-240
Event Type: error
User:

Computer Name: ANDY
Event Code: 7022
Message: The ddnsfilter service hung on starting.

Record Number: 27107
Source Name: Service Control Manager
Time Written: 20090909082512.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: ANDY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 12979
Source Name: crypt32
Time Written: 20090916190645.000000-240
Event Type: error
User:

Computer Name: ANDY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 12978
Source Name: crypt32
Time Written: 20090916190645.000000-240
Event Type: error
User:

Computer Name: ANDY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 12977
Source Name: crypt32
Time Written: 20090916190645.000000-240
Event Type: error
User:

Computer Name: ANDY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 12976
Source Name: crypt32
Time Written: 20090916190645.000000-240
Event Type: error
User:

Computer Name: ANDY
Event Code: 19011
Message:
Record Number: 12975
Source Name: MSSQL$MICROSOFTBCM
Time Written: 20090916190644.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip

-----------------EOF-----------------
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 9th, 2009, 8:56 am

Hi. :)

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents in your next reply, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 10th, 2009, 7:32 pm

unning from: C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\FF0BILA0\Win32kDiag[1].exe

Log file at : C:\Documents and Settings\Dad\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 11th, 2009, 7:27 am

Hi. :)

I notice the guard feature of SpySweeper is still active, please disable this as outlined here.

Any problems with the aforementioned, just uninstall it and you may re-install after I give the all clear.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Download/Run ComboFix:

Download Combofix from any of the links below but rename it to alango1 before saving it to your desktop.

Link 1
Link 2

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on the renamed ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper.


When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 12th, 2009, 1:38 pm

hi,

computer appears to be working well :)

ComboFix 09-10-11.03 - Dad 10/12/2009 12:36.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.216 [GMT -4:00]
Running from: c:\documents and settings\Dad\Desktop\alango1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\asks~1
c:\program files\Common Files\fnts~1
c:\program files\Common Files\fnts~2
c:\program files\Common Files\racle~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\stem~1
c:\program files\Common Files\wnsxs~1
c:\program files\crosof~1
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\program files\mbols~1
c:\program files\OINAnalytics
c:\program files\OINAnalytics\Uninstall.exe
c:\program files\ppatch~1
c:\program files\pppatc~1
c:\program files\pppatc~1\?srss.exe
c:\program files\webserver
c:\program files\Zango Programs
c:\windows\010112010146116101.xe
c:\windows\0101120101464950.xe
c:\windows\0101120101465050.xe
c:\windows\0101120101465054.xe
c:\windows\0101120101465149.xe
c:\windows\0101120101465154.xe
c:\windows\0101120101465249.xe
c:\windows\0101120101465254.xe
c:\windows\0101120101465349.xe
c:\windows\0101120101465449.xe
c:\windows\0101120101465549.xe
c:\windows\104019o5-a-zirus3b.bin
c:\windows\10592spz5c5.cpl
c:\windows\108z59orm532.exe
c:\windows\11z13spambo9445.bin
c:\windows\1207zhac9tool5e8.bin
c:\windows\1242spar5e3z19.exe
c:\windows\12936hazktool795.cpl
c:\windows\12z69hack9ool115.bin
c:\windows\13097worz556.exe
c:\windows\139spamboz3a5.dll
c:\windows\1455w9rz64c.bin
c:\windows\14608noz5a-vir9s30a.ocx
c:\windows\15169spz85.bin
c:\windows\1519do5nlzader3059.bin
c:\windows\15282sza5bot29f.dll
c:\windows\15299nz5-a-virus1e.ocx
c:\windows\1532tro96fz.ocx
c:\windows\15340hackto5l97z.ocx
c:\windows\15395zirus569.ocx
c:\windows\155zaddwa9e775.dll
c:\windows\155zthreat20389.dll
c:\windows\15757spaz9ot32.exe
c:\windows\157fszarse6379.exe
c:\windows\15869spzmbot954.bin
c:\windows\15958vir9z4f9.cpl
c:\windows\15992not-a5virus9fz.exe
c:\windows\159tzief4255.exe
c:\windows\15dddownloader519z.dll
c:\windows\15fds5yware29z3.ocx
c:\windows\15z2threat17495.exe
c:\windows\15z59spa5bot501.ocx
c:\windows\16227zir9s252.ocx
c:\windows\16270no9-azvi5us475.ocx
c:\windows\16286n5t9a-vzrus1e9.bin
c:\windows\16349zpambo9257.bin
c:\windows\16856not-a-virus98z.ocx
c:\windows\16903sp5mbot7z9.ocx
c:\windows\16950zpambot3f55.bin
c:\windows\16z12spam95t695.exe
c:\windows\172z5spam9ot105.dll
c:\windows\17320t5z92a6.dll
c:\windows\178z2w9rm57f.cpl
c:\windows\1791sp5warz961.dll
c:\windows\1825zha9ktool127.bin
c:\windows\1836vizu5779.cpl
c:\windows\18458vizu94ad.exe
c:\windows\1855thie91z135.exe
c:\windows\18606zir5s951.bin
c:\windows\189215o9z788.exe
c:\windows\19021t5oj451z.ocx
c:\windows\19250noz-a-virus15d.bin
c:\windows\192z9trojc5.dll
c:\windows\19315hacktozl32d.bin
c:\windows\19322hack95zl3f4.dll
c:\windows\19422w5z91af.dll
c:\windows\1965t9iefz214.ocx
c:\windows\1977zw5rm7d.dll
c:\windows\19839r5z553.dll
c:\windows\19913vz5us22c.bin
c:\windows\19acst5al236z.cpl
c:\windows\1a28thief2259z.bin
c:\windows\1b31spazs95158.cpl
c:\windows\1c51downloade53z69.exe
c:\windows\1c7b9ackdoor5070z.dll
c:\windows\1e095azk9oor1553.cpl
c:\windows\1ez1v5r23579.exe
c:\windows\1f5d9hief2320z.dll
c:\windows\1f8bbac9door57z0.dll
c:\windows\1f9dba5zdoor407.cpl
c:\windows\1z125spambo955.exe
c:\windows\1z77spar9e3557.dll
c:\windows\20636tro5459z.bin
c:\windows\20ebaczd9or11585.ocx
c:\windows\21537zroj5389.bin
c:\windows\2188znot-a-95rus542.bin
c:\windows\218959pambot25z.bin
c:\windows\2264zp5ware1119.ocx
c:\windows\22954trojz9.cpl
c:\windows\23093troz495.bin
c:\windows\23782zp92a5.dll
c:\windows\23974zo5-a-virus4f4.cpl
c:\windows\23ezback9oor1456.cpl
c:\windows\24027not-5-v9zus6de.exe
c:\windows\2459s5ealz259.dll
c:\windows\246259ot-azvirus772.cpl
c:\windows\24693troz505.cpl
c:\windows\250275ackz9ol5b5.ocx
c:\windows\25054spamboz5439.exe
c:\windows\25105spazbot950.dll
c:\windows\25463zroj595.bin
c:\windows\25489ddzare296.ocx
c:\windows\2571t5zef219.ocx
c:\windows\25851w9rm3z1.bin
c:\windows\2592z5ot-a-viru946e.cpl
c:\windows\25cespyw9rez54.dll
c:\windows\25zathreat22039.dll
c:\windows\26947vz5us9f8.ocx
c:\windows\26ez5parse29759.cpl
c:\windows\27469szy505.cpl
c:\windows\2795ha5ktool7f1z.exe
c:\windows\27989zr9j5ad.dll
c:\windows\28799s5z7e69.cpl
c:\windows\29415troz15d9.bin
c:\windows\2945dow5loadzr502.exe
c:\windows\29465sp91ccz.bin
c:\windows\29564hacktoo9z37.exe
c:\windows\29z41wor5749.ocx
c:\windows\2aado5nzoader30079.ocx
c:\windows\2b5c5hrz9t507.exe
c:\windows\2dazthi5f794.exe
c:\windows\2de9back5oor255z.bin
c:\windows\2e02zackd5or19229.dll
c:\windows\2e55backd9orz925.bin
c:\windows\2z789t5oj158.cpl
c:\windows\2z806not-a-virus5009.dll
c:\windows\2z83ba5kd9or2843.bin
c:\windows\30201nzt-a-virus9065.cpl
c:\windows\30293troj459z.ocx
c:\windows\30358spazbo999.exe
c:\windows\30366s5azb9t159.dll
c:\windows\303z8t5o9554.cpl
c:\windows\305bdownzoader59.cpl
c:\windows\3069t9reat279z5.exe
c:\windows\31019t9oz2795.bin
c:\windows\31553worm9z5.exe
c:\windows\3162download5r31z9.bin
c:\windows\32195not-z-vir95691.dll
c:\windows\3239downloa95r271z.bin
c:\windows\33119tez5983.cpl
c:\windows\3375t9iez1388.cpl
c:\windows\33c9b5zkdoor599.exe
c:\windows\3414za5kdoor3109.dll
c:\windows\35186spy29z.cpl
c:\windows\3582thre9t2z095.exe
c:\windows\3589thiez2850.dll
c:\windows\359dadzware5919.cpl
c:\windows\35e5ad9ware16z3.cpl
c:\windows\365aaddzare1191.dll
c:\windows\3799hac95ool6z.bin
c:\windows\3925zspy256.dll
c:\windows\39854viruz215.exe
c:\windows\39f6downloadzr1549.bin
c:\windows\3a92ad9wzre857.bin
c:\windows\3ae159wnloader3z53.cpl
c:\windows\3babvz52893.dll
c:\windows\3baes5a9se112z.ocx
c:\windows\3bcaspars91519z.cpl
c:\windows\3bd95pywarz23799.ocx
c:\windows\3c33backdooz15059.bin
c:\windows\3d5athre9tz384.exe
c:\windows\3zb69te5l3004.cpl
c:\windows\3zd0s9a5se946.ocx
c:\windows\405dthief26z09.dll
c:\windows\4089noz-5-vir9s55a.bin
c:\windows\4091hack5zol94f.cpl
c:\windows\4098zpyw9re3529.bin
c:\windows\40z795eal1682.cpl
c:\windows\412down9oadez1150.dll
c:\windows\4130back5o9r536z.ocx
c:\windows\42a39hreat605z.dll
c:\windows\4335s95mbotze2.ocx
c:\windows\4398addwar5z82.ocx
c:\windows\450zbac9door2340.cpl
c:\windows\452st9alz875.bin
c:\windows\453sp9rsez449.ocx
c:\windows\46905owzloader10129.exe
c:\windows\469zthre9t16530.ocx
c:\windows\46f6z9yware2599.cpl
c:\windows\4889wo9z354.exe
c:\windows\489ez5r222.cpl
c:\windows\499threatz2539.cpl
c:\windows\49aabazkdoor1951.dll
c:\windows\4ac2addw9z5790.exe
c:\windows\4ac4thi9f119z5.dll
c:\windows\4e19dzwnlo5der1920.exe
c:\windows\4z99s5eal707.bin
c:\windows\4zdfaddwa9e445.cpl
c:\windows\50119spa9boz1ee.cpl
c:\windows\50269irz8645.exe
c:\windows\505z9ir59.bin
c:\windows\505zh9e5709.exe
c:\windows\506zhackt9ol3a7.bin
c:\windows\50954szam9ot1ab.exe
c:\windows\5098virz51e0.cpl
c:\windows\51z2not-a-5irus20d9.bin
c:\windows\5274thre9t3z15.exe
c:\windows\533th9eaz4477.dll
c:\windows\5343spambo9zc.bin
c:\windows\5376spamb5t7d9z.dll
c:\windows\53955virus5za.cpl
c:\windows\5396spyw9re1z16.exe
c:\windows\53979hreat52450z.dll
c:\windows\53c8szeal9145.ocx
c:\windows\5456nzt-a-5irus1cf9.exe
c:\windows\5497sparse513z.dll
c:\windows\5581thiefz907.bin
c:\windows\5599not-a5zirus31f.cpl
c:\windows\55cd9teal874z.ocx
c:\windows\5602noz-a5viru9798.exe
c:\windows\56z28spamb9t14a.ocx
c:\windows\57849virus623z.ocx
c:\windows\5799viz23925.cpl
c:\windows\580ez9d5are45.bin
c:\windows\5844v9r5740z.cpl
c:\windows\5881d9wnlo5derz155.ocx
c:\windows\58a9ddwarez81.bin
c:\windows\58d8spzrse1495.dll
c:\windows\58fado9nloazer2995.exe
c:\windows\5905dowzloader1921.ocx
c:\windows\598z5teal3038.cpl
c:\windows\5992zir2984.cpl
c:\windows\5999th5eat938z.bin
c:\windows\59a6backdooz3065.bin
c:\windows\59d4vir1327z.dll
c:\windows\59z3add5are1834.ocx
c:\windows\59zir508.ocx
c:\windows\5a65adzwa5e3199.ocx
c:\windows\5b49b9ckdoz51764.dll
c:\windows\5b63ste5lz9.dll
c:\windows\5c59zackdo5r2900.cpl
c:\windows\5c7fzi9587.cpl
c:\windows\5czfa5dware1292.dll
c:\windows\5d34zd9ware1655.ocx
c:\windows\5e095zie91094.exe
c:\windows\5e77s5a9ze1222.dll
c:\windows\5f5fs9arse14z1.cpl
c:\windows\5fb8v9rz552.cpl
c:\windows\5z127spambot922.bin
c:\windows\5z5a95r1936.exe
c:\windows\6005zot-a-vir9s564.bin
c:\windows\6209zo9nloader19695.bin
c:\windows\6286d5wnloader149z.ocx
c:\windows\63199pzwa5e572.dll
c:\windows\63d4dow9lzad5r691.bin
c:\windows\6539hzcktool3445.cpl
c:\windows\65645ot-a-9zrus27a.ocx
c:\windows\659zsteal2450.ocx
c:\windows\65z3vir27559.exe
c:\windows\6866zp9rse3115.ocx
c:\windows\686fazdw59e2798.dll
c:\windows\6906stzal550.exe
c:\windows\694abazkdoo51801.ocx
c:\windows\695vzrus589.dll
c:\windows\69d2bazkdoor21775.dll
c:\windows\6azasteal1955.bin
c:\windows\6b5fszarse3119.cpl
c:\windows\6c9dsz5ware419.bin
c:\windows\6d96addz5re2958.cpl
c:\windows\6dcbdzwnlo9der26495.bin
c:\windows\6z4fsparse589.exe
c:\windows\6z74sp9wa5e34.dll
c:\windows\6zd8st5a91971.exe
c:\windows\704adownl95zer335.ocx
c:\windows\7051st9az1252.ocx
c:\windows\7095down5oadzr2159.ocx
c:\windows\71acthiez5809.bin
c:\windows\7248spyzar95603.cpl
c:\windows\7255adzware28009.cpl
c:\windows\7340zackdoor29569.dll
c:\windows\7452vir895z.cpl
c:\windows\7465troz6c9.cpl
c:\windows\749cadd5are42z.cpl
c:\windows\749cthreat5z299.ocx
c:\windows\7576worm49z.dll
c:\windows\75z7vir899.cpl
c:\windows\7679zddwar51568.exe
c:\windows\769dvi5177z.cpl
c:\windows\769zadd5ar91963.cpl
c:\windows\7725addw9re5833z.ocx
c:\windows\77f1back9o5r43z.dll
c:\windows\7900add5aze2190.cpl
c:\windows\790baddwar58z4.ocx
c:\windows\79525parse177z.exe
c:\windows\79c5vir10z8.bin
c:\windows\79f8do5nloazer1663.bin
c:\windows\7a32ste9522z4.bin
c:\windows\7aa9vir5123z.dll
c:\windows\7az7steal2590.exe
c:\windows\7c999dd5are9z9.ocx
c:\windows\7cdf5hreat930z7.ocx
c:\windows\7d9aspyzar59766.ocx
c:\windows\7d9cazdw5re2318.dll
c:\windows\7ff35z9kdoor2165.cpl
c:\windows\7z13hack5ool796.bin
c:\windows\7z45ba9kdoor5735.dll
c:\windows\7z95vir459.ocx
c:\windows\804vi9us3fz5.bin
c:\windows\880dow5loade92z64.ocx
c:\windows\8951zot-a-vir5s239.dll
c:\windows\8979wozm45.dll
c:\windows\8c5vi96z2.exe
c:\windows\8d1ad9waze1856.ocx
c:\windows\90z04hacktoo57e1.cpl
c:\windows\91508not-a-virus399z.cpl
c:\windows\9179szarse21975.ocx
c:\windows\918zviru97765.bin
c:\windows\91z4down5oader401.bin
c:\windows\921cthizf2536.dll
c:\windows\9222wo5m5z5.dll
c:\windows\92addwarz3506.ocx
c:\windows\93300wzr51b5.exe
c:\windows\9360dzwnload5r621.bin
c:\windows\93975worma8z.exe
c:\windows\94ezvir2752.ocx
c:\windows\95026spy245z.cpl
c:\windows\953295roj45z.cpl
c:\windows\954305pambzt1a7.ocx
c:\windows\95564troj4z1.bin
c:\windows\9593th5zf1635.cpl
c:\windows\95dzsteal1248.exe
c:\windows\95e5downloadez295.bin
c:\windows\97055vi5us2zb.exe
c:\windows\975z9ambot455.ocx
c:\windows\9762spazbot7815.cpl
c:\windows\97zfs5eal744.cpl
c:\windows\995ztroj795.cpl
c:\windows\9dz05ir2961.bin
c:\windows\9e2ezi51353.exe
c:\windows\9f55zparse1185.exe
c:\windows\9f6zback5oor1525.cpl
c:\windows\9fb5thief13z6.cpl
c:\windows\9ffbthreat25107z.bin
c:\windows\a99zi51497.bin
c:\windows\b59thrzat23487.exe
c:\windows\bk23567.dat
c:\windows\bz2v9r21425.cpl
c:\windows\c55stezl2995.bin
c:\windows\c8zt95ef811.exe
c:\windows\e2esz9rse2056.cpl
c:\windows\e6cs5yw9re1081z.ocx
c:\windows\fnts~1
c:\windows\freddy62.exe
c:\windows\freddy65.exe
c:\windows\mantec~1
c:\windows\mstre21.exe
c:\windows\pp11.exe
c:\windows\pppatc~1
c:\windows\racle~1
c:\windows\system32\10077not-9-vi5uz83.dll
c:\windows\system32\11733spamz5t4c9.ocx
c:\windows\system32\11762nzt9a-v5rus1ac.bin
c:\windows\system32\119btzreat15799.bin
c:\windows\system32\13042zot-a-9iru547f.ocx
c:\windows\system32\13054w9rm2f8z.exe
c:\windows\system32\13319not-az59rus529.cpl
c:\windows\system32\13abspzrs52039.ocx
c:\windows\system32\14206hackto5z46d9.ocx
c:\windows\system32\14267not-a-9irzs1455.exe
c:\windows\system32\14655zi9us658.exe
c:\windows\system32\14940worm7cz5.ocx
c:\windows\system32\149579pambo55za.exe
c:\windows\system32\1504zt9oj9a.cpl
c:\windows\system32\150569zambot6c1.exe
c:\windows\system32\1518spy95z.exe
c:\windows\system32\15355h9cktool1d3z.cpl
c:\windows\system32\15365spa9b5t5z0.bin
c:\windows\system32\155089zrm736.exe
c:\windows\system32\15757spzmbo94b5.cpl
c:\windows\system32\157935izus2d9.ocx
c:\windows\system32\1585stealz449.cpl
c:\windows\system32\15absp9rse317z.bin
c:\windows\system32\15b9bac5dozr1767.bin
c:\windows\system32\15z4add9are2311.exe
c:\windows\system32\15zasp9ware809.cpl
c:\windows\system32\161915roj7d2z.dll
c:\windows\system32\16229hacz5ool192.ocx
c:\windows\system32\16385not9a-z5rus493.bin
c:\windows\system32\16954zirus1165.cpl
c:\windows\system32\169z95py4bd.ocx
c:\windows\system32\16d1d9wnzoa5er3079.exe
c:\windows\system32\17495pz693.exe
c:\windows\system32\17565hazkt95l606.exe
c:\windows\system32\17785zirus13f9.ocx
c:\windows\system32\17791spamzot975.dll
c:\windows\system32\177z7spa9bot155.ocx
c:\windows\system32\18071s5y1z29.cpl
c:\windows\system32\18125spam5ot7z9.bin
c:\windows\system32\1856hackz9ol340.ocx
c:\windows\system32\19069tzoj6b5.ocx
c:\windows\system32\19193not-a-v5rus5z8.bin
c:\windows\system32\192109ot-a-vzrus25a.exe
c:\windows\system32\19338vzr9s759.ocx
c:\windows\system32\19476tzoj2985.cpl
c:\windows\system32\19497n9t-a-virzs658.ocx
c:\windows\system32\1952not-a-virus361z.dll
c:\windows\system32\19531hacktool5cz.bin
c:\windows\system32\1953zsp9651.exe
c:\windows\system32\19613z9y1fc5.ocx
c:\windows\system32\1999back5ozr2989.cpl
c:\windows\system32\19b3sz5war91219.dll
c:\windows\system32\19z57wor91ae.exe
c:\windows\system32\19z6h5cktool3f5.exe
c:\windows\system32\1ab5v9rz07.cpl
c:\windows\system32\1b44th9ef8z5.dll
c:\windows\system32\1bd4ad9ware2z45.bin
c:\windows\system32\1d2zspa95e14.cpl
c:\windows\system32\1d3759azse2364.dll
c:\windows\system32\1d9dthie59z23.exe
c:\windows\system32\1e625zarse9127.dll
c:\windows\system32\1ee4vz59113.bin
c:\windows\system32\1ezdthreat160795.exe
c:\windows\system32\1z40worm9bb5.ocx
c:\windows\system32\1z495not-a-vir5s575.dll
c:\windows\system32\1z534hackt9ol5de.bin
c:\windows\system32\1za4vir9522.dll
c:\windows\system32\204089pam5oz6e9.ocx
c:\windows\system32\21330spam5o9bz.bin
c:\windows\system32\21546vi9uz535.ocx
c:\windows\system32\217z5hack5ool2b9.exe
c:\windows\system32\21990spy4az5.cpl
c:\windows\system32\22059hizf5388.bin
c:\windows\system32\22099no5-a-vz9us355.cpl
c:\windows\system32\2225zow9loader2686.cpl
c:\windows\system32\22477n5t-a9vzrus1fa.dll
c:\windows\system32\22572sz9mbot5fa.dll
c:\windows\system32\22900tzo9495.cpl
c:\windows\system32\2307zn9t-a-vir5s5fb.exe
c:\windows\system32\23399troj548z.bin
c:\windows\system32\23519noz-a-vir597c4.dll
c:\windows\system32\237065acktoo9zbc.ocx
c:\windows\system32\2396z5pambot4ea.dll
c:\windows\system32\2425not-a-vz9us6bb5.cpl
c:\windows\system32\2461zhac5to9l4a3.dll
c:\windows\system32\24957not-a-virus655z.dll
c:\windows\system32\2497zhacktool755.exe
c:\windows\system32\25227vi5use9z.cpl
c:\windows\system32\25295not-a-virus5z9.dll
c:\windows\system32\25583zroj596.dll
c:\windows\system32\256055ir9s597z.dll
c:\windows\system32\25769py5arez97.exe
c:\windows\system32\2581zhackt9ol4.bin
c:\windows\system32\25893spamzot298.bin
c:\windows\system32\25935s9y665z.bin
c:\windows\system32\259z9virus99.dll
c:\windows\system32\259zaddware2779.dll
c:\windows\system32\25z30vi9us50a.cpl
c:\windows\system32\265909pz1b5.cpl
c:\windows\system32\265a9hreat3756z.dll
c:\windows\system32\269evir2459z.dll
c:\windows\system32\26e5stz9l31275.exe
c:\windows\system32\27553s9amboz510.exe
c:\windows\system32\27595trzj95.dll
c:\windows\system32\2779zw9r55b2.cpl
c:\windows\system32\27a9d5wnloader81z.ocx
c:\windows\system32\27b8dowz5oad9r2827.cpl
c:\windows\system32\28356n5t-9zvirus774.exe
c:\windows\system32\284439irus155z.cpl
c:\windows\system32\285ado9nloazer1559.cpl
c:\windows\system32\2886spa5bo932z.bin
c:\windows\system32\29159virus5z29.exe
c:\windows\system32\29196hac5tooz13d.exe
c:\windows\system32\29299vi5uszf2.cpl
c:\windows\system32\2941z5reat23496.cpl
c:\windows\system32\294fthzef31125.bin
c:\windows\system32\29598v9ru558z.cpl
c:\windows\system32\2964not-a9virzs554.exe
c:\windows\system32\29886wo5mz33.cpl
c:\windows\system32\299269py559z.bin
c:\windows\system32\29999not-a-vzru52b5.exe
c:\windows\system32\2a4dsp9rse454z.bin
c:\windows\system32\2b78ad5war9z176.exe
c:\windows\system32\2b79azd5are2554.ocx
c:\windows\system32\2c59zackdoor3055.exe
c:\windows\system32\2c805p9zse457.ocx
c:\windows\system32\2cd8s9eal248z5.bin
c:\windows\system32\2z868not5a9virusd5.bin
c:\windows\system32\31532szy925.cpl
c:\windows\system32\31916virzs57a.cpl
c:\windows\system32\325019pz1a4.dll
c:\windows\system32\325065zambot9ce.dll
c:\windows\system32\32534zroj7609.ocx
c:\windows\system32\331ct5ief949z.exe
c:\windows\system32\348zvi9u57b5.dll
c:\windows\system32\3523ztro9135.dll
c:\windows\system32\35545troz6d9.ocx
c:\windows\system32\3564s9y61z.dll
c:\windows\system32\3595s9eal1755z.bin
c:\windows\system32\3596d5wnloade9z36.dll
c:\windows\system32\3850tr9z3d6.cpl
c:\windows\system32\38d5zhrea922524.exe
c:\windows\system32\38dd9pyzar52556.ocx
c:\windows\system32\3968sp5mzot849.cpl
c:\windows\system32\397fspzrs520809.cpl
c:\windows\system32\3995bazkdoor5934.bin
c:\windows\system32\39a9th5eat2z395.bin
c:\windows\system32\3ad5adz9are2121.ocx
c:\windows\system32\3af2zow5l9ader165.dll
c:\windows\system32\3d1stzal92455.bin
c:\windows\system32\3d92threat519z9.cpl
c:\windows\system32\3dz5back9oor161.bin
c:\windows\system32\3e55addzare11739.dll
c:\windows\system32\3f8cv5r7z59.bin
c:\windows\system32\3z550virus5ac9.ocx
c:\windows\system32\3z56vi92385.bin
c:\windows\system32\3zb6v5r2964.bin
c:\windows\system32\415spars91z95.dll
c:\windows\system32\4165zparse2829.cpl
c:\windows\system32\4218s9ywarz5635.dll
c:\windows\system32\4255sp95botz36.bin
c:\windows\system32\43zsp59are593.ocx
c:\windows\system32\4445tro955z.exe
c:\windows\system32\4508zddwar92155.bin
c:\windows\system32\45a1threa957z18.bin
c:\windows\system32\45e1zownloader20199.cpl
c:\windows\system32\4669zparse1506.ocx
c:\windows\system32\478bazkdoor1579.cpl
c:\windows\system32\485backd5or917z.dll
c:\windows\system32\4929zroj755.ocx
c:\windows\system32\49c8v5r982z.dll
c:\windows\system32\49z2hac5tool3119.bin
c:\windows\system32\4a50do9nloadez2299.bin
c:\windows\system32\4a59spa5se5z.dll
c:\windows\system32\4a8c5ack9oor1865z.exe
c:\windows\system32\4c42sp5r9e9z1.bin
c:\windows\system32\4cf5py9are963z.bin
c:\windows\system32\4zc2thief22095.dll
c:\windows\system32\50fba95doorz268.exe
c:\windows\system32\527spar9e21z9.exe
c:\windows\system32\52eviz15495.exe
c:\windows\system32\55afthief1z579.bin
c:\windows\system32\5659sp5ware316z.exe
c:\windows\system32\589ft59eat19z99.exe
c:\windows\system32\59397virus63z.dll
c:\windows\system32\5aa19p5wzre388.exe
c:\windows\system32\5e5aaddwa9e196z.dll
c:\windows\system32\5f79zarse2758.bin
c:\windows\system32\5z399pars52960.exe
c:\windows\system32\6495dowzloade5990.bin
c:\windows\system32\6604szea59435.exe
c:\windows\system32\674ste5l202z9.dll
c:\windows\system32\777z59mbot765.exe
c:\windows\system32\79dzback9oor11945.exe
c:\windows\system32\79f0dowzloa5er2091.bin
c:\windows\system32\9014v5rzs7aa.dll
c:\windows\system32\d1ethre9z25305.bin
c:\windows\system32\e6zback9oor12435.exe
c:\windows\system32\ef9s5ywaz9347.bin
c:\windows\system32\mantec~1
c:\windows\system32\stem32~1
c:\windows\system32\tsks~1
c:\windows\system32\z1571s5y986.exe
c:\windows\system32\z477s5e9l2430.bin
c:\windows\tgmark2.dat
c:\windows\tsks~1
c:\windows\vkl_1252898034.exe
c:\windows\vkl_1252943358.exe
c:\windows\vkl_1252988159.exe
c:\windows\vkl_1253114515.exe
c:\windows\vkl_1253114538.exe
c:\windows\vkl_1253130380.exe
c:\windows\vkl_1253130402.exe
c:\windows\vkl_1253560276.exe
c:\windows\vkl_1253561828.exe
c:\windows\vkl_1253562709.exe
c:\windows\vkl_1253672083.exe
c:\windows\vkl_1253673064.exe
c:\windows\z0f2add5are3159.exe
c:\windows\z1777spa9bot250.cpl
c:\windows\z186ste9l5670.dll
c:\windows\z5042t9oj13a.exe
c:\windows\z509pyware1050.exe
c:\windows\z5252spy989.ocx
c:\windows\z531addwa9e915.cpl
c:\windows\z56559py5.dll
c:\windows\z569t9ief3257.dll
c:\windows\z59495orm599.ocx
c:\windows\z595hackt9ol241.exe
c:\windows\z59dd5wnloader572.exe
c:\windows\z5c5thief9062.dll
c:\windows\z686spy3395.exe
c:\windows\z6a75pyware393.bin
c:\windows\z7938spa5bot2d.cpl
c:\windows\z9121w9rm65b.bin
c:\windows\z9559hief1958.cpl
c:\windows\z985worm14b.ocx
c:\windows\z9d5vir1093.dll
c:\windows\zbe3spyw5re3958.ocx
c:\windows\zc9dstea51240.cpl
c:\windows\zca9s9ars5582.dll
c:\windows\zdc2s5ea9670.exe
c:\windows\zde0spyw5re15949.cpl
c:\windows\zf3ft9ief530.dll
c:\windows\zf5fspyware939.dll
c:\windows\zfc5vir349.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DDNSFILTER
-------\Service_ddnsfilter
-------\Service_SfX


((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-12-18 13:54 . 2009-12-18 13:54 3215 ----a-w- c:\windows\system32\76bedowzloa5er964.bin
2009-12-14 16:52 . 2009-12-14 16:52 6330 ----a-w- c:\windows\system32\94fspar5e100z.dll
2009-11-10 23:49 . 2009-11-10 23:49 9243 ----a-w- c:\windows\system32\59926wzrm39b.exe
2009-10-12 16:23 . 2009-10-12 16:23 -------- d-----w- c:\program files\ERUNT
2009-10-08 20:39 . 2009-10-08 20:39 -------- d-----w- c:\program files\Microsoft
2009-10-08 20:38 . 2009-10-08 20:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 18:07 . 2009-10-08 18:07 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-08 17:41 . 2009-10-08 17:41 -------- d-----w- C:\New Folder
2009-10-08 15:49 . 2009-10-08 15:54 -------- d-----w- C:\HostsXpert
2009-10-05 18:35 . 2009-10-05 18:36 -------- d-----w- c:\windows\system32\NtmsData
2009-10-03 00:22 . 2009-10-08 20:55 -------- d-----w- c:\program files\trend micro
2009-10-03 00:22 . 2009-10-08 20:55 -------- d-----w- C:\rsit
2009-09-28 20:56 . 2009-09-28 20:56 9525 ----a-w- c:\windows\system32\57685zie91039.exe
2009-09-28 16:07 . 2008-09-30 13:51 60928 ----a-w- c:\windows\system32\pifwdp.dll
2009-09-26 19:20 . 2009-09-26 19:20 2845 ----a-w- c:\windows\system32\596add95rz521.dll
2009-09-26 19:20 . 2009-09-26 19:20 2773 ----a-w- c:\windows\system32\94bbsz5ware1394.exe
2009-09-26 19:19 . 2009-09-26 19:19 9397 ----a-w- c:\windows\system32\98973zro539d.exe
2009-09-26 19:19 . 2009-09-26 19:19 3497 ----a-w- c:\windows\system32\z5978troj2569.bin
2009-09-26 19:19 . 2009-09-26 19:19 6929 ----a-w- c:\windows\system32\e35zh9ef2773.bin
2009-09-26 19:19 . 2009-09-26 19:19 6884 ----a-w- c:\windows\system32\z57bth9eat14593.bin
2009-09-26 19:18 . 2009-09-26 19:18 4735 ----a-w- c:\windows\system32\bf5azdwa951190.bin
2009-09-26 19:18 . 2009-09-26 19:18 2870 ----a-w- c:\windows\system32\52z49r5j7e1.bin
2009-09-26 19:18 . 2009-09-26 19:18 7595 ----a-w- c:\windows\system32\7b6695wnlozder1779.bin
2009-09-26 19:18 . 2009-09-26 19:18 5714 ----a-w- c:\windows\system32\9d20tzief5469.dll
2009-09-26 19:18 . 2009-09-26 19:18 4214 ----a-w- c:\windows\system32\961zad5ware2176.exe
2009-09-26 19:18 . 2009-09-26 19:18 6721 ----a-w- c:\windows\system32\577dow9lozder236.bin
2009-09-26 19:18 . 2009-09-26 19:17 431616 ----a-w- c:\windows\system32\vy3e0308.exe
2009-09-23 17:35 . 2009-09-23 17:35 6582 ----a-w- c:\windows\system32\7e91z5reat28338.exe
2009-09-23 02:26 . 2009-09-23 02:26 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Symantec
2009-09-23 02:17 . 2009-09-28 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-23 02:17 . 2009-09-28 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-23 02:14 . 2009-09-23 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-20 02:57 . 2009-09-20 02:57 -------- d-----w- c:\program files\Linksys
2009-09-20 02:57 . 2008-12-12 22:05 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-09-20 02:56 . 2008-12-12 22:05 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-09-20 02:56 . 2009-09-20 02:56 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-09-20 02:56 . 2009-09-20 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-20 02:55 . 2008-12-04 13:17 627072 ----a-r- c:\windows\system32\drivers\WUSB54GCv3.sys
2009-09-20 02:55 . 2008-12-04 13:17 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2009-09-20 02:55 . 2008-12-04 13:17 15312 ----a-r- c:\windows\system32\RaCoInst.dat
2009-09-16 23:38 . 2003-07-18 15:24 150528 ----a-w- c:\windows\unSpySweeper.exe
2009-09-14 15:50 . 2009-09-14 15:50 -------- d-----w- c:\documents and settings\Andrew\Application Data\a?sembly

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 20:37 . 2004-11-16 12:40 -------- d-----w- c:\program files\Java
2009-10-08 18:22 . 2008-04-25 03:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-08 18:21 . 2008-04-25 03:02 -------- d-----w- c:\program files\SpywareBlaster
2009-10-08 15:22 . 2006-09-12 02:35 -------- d-----w- c:\program files\Google
2009-10-05 20:24 . 2006-06-28 07:07 -------- d-----w- c:\program files\DivX
2009-10-05 18:58 . 2009-04-01 19:24 -------- d-----w- c:\documents and settings\Dad\Application Data\DivX
2009-09-28 14:09 . 2005-01-03 08:17 -------- d-----w- c:\documents and settings\Andrew\Application Data\WeatherBug
2009-09-23 03:08 . 2004-12-03 20:43 64368 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 17:54 . 2008-04-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-21 17:54 . 2004-11-16 12:51 -------- d-----w- c:\program files\McAfee.com
2009-09-12 08:54 . 2009-09-12 08:54 12636 ----a-w- c:\windows\system32\9183backdzo52592.dll
2009-09-11 05:07 . 2009-09-11 05:07 1 ---h--w- c:\windows\bx4657.dat
2009-09-09 16:49 . 2004-11-21 21:15 64368 ----a-w- c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 12:14 . 2009-09-05 12:14 9855 ----a-w- c:\windows\system32\7057backz9or109.dll
2009-09-03 03:14 . 2009-09-03 03:14 1 ---h--w- c:\windows\nlmark2.dat
2009-09-03 03:14 . 2009-09-03 03:14 1 ---h--w- c:\windows\hpm2.dat
2009-09-03 03:10 . 2009-09-03 03:10 6195 ----a-w- c:\windows\system32\4d96thiez5720.dll
2009-09-02 04:50 . 2009-09-02 04:50 37760 ----a-w- c:\windows\system32\drivers\Filter.sys
2009-09-02 00:42 . 2009-09-02 00:42 1 ---h--w- c:\windows\ex23567.dat
2009-09-02 00:42 . 2009-09-02 00:42 1 ---h--w- c:\windows\mmsmark2.dat
2009-08-27 20:03 . 2009-08-27 20:03 10423 ----a-w- c:\windows\system32\739bst9az51.exe
2009-08-27 18:32 . 2008-10-06 21:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-27 10:22 . 2009-08-27 10:22 18329 ----a-w- c:\windows\system32\525dvir569z.exe
2009-08-27 01:38 . 2009-08-27 01:38 9374 ----a-w- c:\windows\system32\5d9thiefz839.dll
2009-08-21 10:15 . 2009-08-21 10:15 11877 ----a-w- c:\windows\system32\8z5th95at16575.bin
2009-08-18 22:26 . 2009-08-18 22:26 17753 ----a-w- c:\windows\system32\5z669pyware1650.dll
2009-08-16 06:51 . 2009-08-16 06:51 -------- d-----w- c:\program files\MSBuild
2009-08-16 06:51 . 2009-08-16 06:51 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:04 . 2009-08-04 14:04 3272 ----a-w- c:\windows\system32\6236vir279z5.dll
2009-08-02 03:18 . 2009-08-02 03:18 8452 ----a-w- c:\windows\z81409py5.exe
2009-07-23 01:18 . 2009-07-23 01:18 11078 ----a-w- c:\windows\system32\59346troz96.exe
2009-07-22 22:13 . 2009-07-22 22:13 14392 ----a-w- c:\windows\system32\5zf8vir4949.bin
2009-07-19 14:42 . 2009-07-19 14:42 12258 ----a-w- c:\windows\system32\6712sp9za5e1087.bin
2009-07-17 19:01 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-08 149280]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-16 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"DellHelp"="c:\dell\DellHelp\DellHelp.exe" [2004-04-01 1589248]
"TizzleTalk"="c:\program files\TizzleTalk\TizzleTalk.exe" [2005-02-04 36864]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-11-16 36953]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-16 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\Andrew\\Local Settings\\Application Data\\Wildtangent\\Cdacache\\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\\sspm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
"53:TCP"= 53:TCP:webserver

R1 Filter;Filter;c:\windows\SYSTEM32\DRIVERS\Filter.sys [9/2/2009 12:50 AM 37760]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/13/2007 6:33 PM 24652]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\WUSB54GCv3.sys [9/19/2009 10:55 PM 627072]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\SYSTEM32\DRIVERS\tj2knd5.sys [11/21/2004 10:56 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [11/21/2004 10:55 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net
mStart Page = hxxp://www.comcast.net
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk046YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Sen - c:\program files\bama\tlii.exe
HKCU-Run-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
HKLM-Run-link corn grid inside - c:\documents and settings\All Users\Application Data\Ping Online Link Corn\Support Math.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-HijackThis - E:\HijackThis.exe
AddRemove-ScreensaversInstaller - c:\program files\Screensavers.com\Installer\bin\siuninst.exe
AddRemove-TizzleTalk - c:\program files\TizzleTalk\uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 12:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-10-12 13:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 16:59

Pre-Run: 36,043,927,552 bytes free
Post-Run: 40,568,369,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

838 --- E O F --- 2009-10-10 23:23
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 12th, 2009, 1:58 pm

I have since downloaded mcafee and malwarebytes, here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2947
Windows 5.1.2600 Service Pack 3

10/12/2009 1:54:37 PM
mbam-log-2009-10-12 (13-54-37).txt

Scan type: Quick Scan
Objects scanned: 109985
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{68d5cc1e-53de-2b25-8a3c-59c0535e84cd} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{68d5cc1e-53de-2b25-8a3c-59c0535e84cd} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{056738e1-e15c-11d6-b876-0050bf5d85c7} (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{056738ed-e15c-11d6-b876-0050bf5d85c7} (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\anti-leech alie (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\anti-leech alnn (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.1.8 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Andrew\Application Data\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALIE_1.0.2.2 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\pifwdp.dll (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\Filter.sys (Rootkit.DNCBlocker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\NetPumper\Andrew.ini (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALIE_1.0.2.2\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALIE_1.0.2.2\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALIE_1.0.2.2\alie.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALIE_1.0.2.2\alie.inf (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALIE_1.0.2.2\iesetup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\setup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\WINDOWS\hpm2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\nlmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Desktop\Internet Security Suite.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Desktop\Netpumper.exe (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Desktop\Real Music Ringtones.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 12th, 2009, 2:28 pm

hijackthis log
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 12th, 2009, 2:29 pm

retry

hijackthis log:

ogfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-10-12 14:27:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 38 GB (53%) free of 73 GB
Total RAM: 502 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:15 PM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TizzleTalk\TizzleTalk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Documents and Settings\Dad\Desktop\RSIT.exe
C:\Program Files\trend micro\Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk046YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11302 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2}]
My Web Search Bar BHO - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL [2005-08-29 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-08 149280]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-11-16 26112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"MMTray"=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2006-01-19 110592]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"DellHelp"=C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]
"TizzleTalk"=C:\Program Files\TizzleTalk\TizzleTalk.exe [2005-02-04 36864]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [2006-01-19 11776]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-03 233304]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\Andrew\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe"="C:\Documents and Settings\Andrew\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe:*:Enabled:sspm"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\1124393499\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124393499\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2009-12-14 12:52:16 ----A---- C:\WINDOWS\system32\94fspar5e100z.dll
2009-11-10 19:49:04 ----A---- C:\WINDOWS\system32\59926wzrm39b.exe
2009-10-12 14:26:19 ----SHD---- C:\RECYCLER
2009-10-12 14:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-12 14:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-12 14:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-12 14:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-12 13:41:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-12 13:23:25 ----D---- C:\Program Files\Common Files\McAfee
2009-10-12 13:22:52 ----D---- C:\Program Files\McAfee
2009-10-12 13:00:02 ----A---- C:\ComboFix.txt
2009-10-12 12:29:47 ----A---- C:\Boot.bak
2009-10-12 12:29:36 ----RASHD---- C:\cmdcons
2009-10-12 12:28:17 ----A---- C:\WINDOWS\zip.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWSC.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWREG.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\sed.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\PEV.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\grep.exe
2009-10-12 12:27:01 ----D---- C:\Qoobox
2009-10-12 12:24:33 ----D---- C:\WINDOWS\ERDNT
2009-10-12 12:23:12 ----D---- C:\Program Files\ERUNT
2009-10-08 16:39:45 ----D---- C:\Program Files\Microsoft
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\java.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-08 14:07:27 ----D---- C:\Malwarebytes' Anti-Malware
2009-10-08 13:41:27 ----D---- C:\New Folder
2009-10-08 11:49:09 ----D---- C:\HostsXpert
2009-10-05 15:38:54 ----A---- C:\WINDOWS\resetlog.txt
2009-10-05 14:35:42 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-02 20:22:44 ----D---- C:\Program Files\trend micro
2009-10-02 20:22:42 ----D---- C:\rsit
2009-09-28 16:56:06 ----A---- C:\WINDOWS\system32\57685zie91039.exe
2009-09-26 15:20:34 ----A---- C:\WINDOWS\system32\596add95rz521.dll
2009-09-26 15:20:24 ----A---- C:\WINDOWS\system32\94bbsz5ware1394.exe
2009-09-26 15:19:40 ----A---- C:\WINDOWS\system32\98973zro539d.exe
2009-09-26 15:18:17 ----A---- C:\WINDOWS\system32\9d20tzief5469.dll
2009-09-26 15:18:14 ----A---- C:\WINDOWS\system32\961zad5ware2176.exe
2009-09-23 17:00:59 ----D---- C:\WINDOWS\pss
2009-09-23 13:35:01 ----A---- C:\WINDOWS\system32\7e91z5reat28338.exe
2009-09-22 22:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-09-22 22:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-09-22 22:14:54 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-09-19 22:57:52 ----D---- C:\Program Files\Linksys
2009-09-19 22:56:39 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-09-19 22:56:21 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-09-19 22:55:34 ----A---- C:\WINDOWS\system32\RaCoInst.dll
2009-09-16 19:38:04 ----A---- C:\WINDOWS\unSpySweeper.exe
2009-09-13 23:13:28 ----D---- C:\Documents and Settings\Dad\Application Data\Adobe

======List of files/folders modified in the last 1 months======

2009-10-12 14:27:09 ----D---- C:\WINDOWS\Temp
2009-10-12 14:17:03 ----D---- C:\WINDOWS
2009-10-12 14:16:38 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-10-12 14:15:48 ----D---- C:\WINDOWS\SYSTEM32
2009-10-12 14:14:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-12 14:09:41 ----HD---- C:\WINDOWS\INF
2009-10-12 14:09:38 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-10-12 14:08:58 ----A---- C:\WINDOWS\imsins.BAK
2009-10-12 14:08:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-12 14:08:18 ----D---- C:\WINDOWS\system32\DRIVERS
2009-10-12 14:04:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-12 13:54:36 ----D---- C:\Program Files
2009-10-12 13:30:06 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-12 13:29:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-12 13:24:00 ----SD---- C:\WINDOWS\Tasks
2009-10-12 13:23:51 ----D---- C:\Program Files\McAfee.com
2009-10-12 13:23:25 ----D---- C:\Program Files\Common Files
2009-10-12 12:56:13 ----A---- C:\WINDOWS\system.ini
2009-10-12 12:50:45 ----D---- C:\WINDOWS\system32\CONFIG
2009-10-12 12:40:52 ----D---- C:\WINDOWS\AppPatch
2009-10-12 12:29:48 ----RASH---- C:\BOOT.INI
2009-10-12 12:26:54 ----D---- C:\WINDOWS\Prefetch
2009-10-09 13:12:34 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-08 16:40:00 ----SHD---- C:\WINDOWS\Installer
2009-10-08 16:39:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-08 16:38:35 ----D---- C:\Program Files\MSN
2009-10-08 16:37:22 ----D---- C:\Program Files\Java
2009-10-08 16:30:46 ----D---- C:\WINDOWS\Minidump
2009-10-08 14:22:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-08 14:21:23 ----D---- C:\Program Files\SpywareBlaster
2009-10-08 11:22:00 ----D---- C:\Program Files\Google
2009-10-05 16:24:34 ----D---- C:\Program Files\DivX
2009-10-05 14:58:28 ----D---- C:\Documents and Settings\Dad\Application Data\DivX
2009-09-28 11:40:00 ----SHD---- C:\System Volume Information
2009-09-24 21:42:20 ----SD---- C:\Documents and Settings\Dad\Application Data\Microsoft
2009-09-19 23:26:49 ----D---- C:\WINDOWS\network diagnostic
2009-09-19 23:13:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-19 22:57:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-19 22:56:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-19 22:56:39 ----D---- C:\WINDOWS\WinSxS
2009-09-16 16:24:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-13 23:17:59 ----D---- C:\Documents and Settings\Dad\Application Data\Google
2009-09-13 23:10:57 ----A---- C:\WINDOWS\OEWABLog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\alango1\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
S3 RT2500;Linksys Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-04-22 120448]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tj2knd5;Terayon Cable Modem (NDIS); C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 17616]
S3 tj2kunic;Terayon Cable Modem (WDM); C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 69680]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-08 153376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 12th, 2009, 5:45 pm

Hi. :)

computer appears to be working well :)
Good news indeed! :thumbup:

I have since downloaded mcafee and malwarebytes
OK that is fine and having a Anti-Virus application on-board is a positive and will help prevent re-infection. Actually I am quite pleased you were able to install the aforementioned and Malwarebytes' Anti-Malware.

Overall the situation is looking better but we still have a fair few tasks to complete the malware removal process.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
TizzleTalk by OIN
WeatherBug Browser Bar
WeatherBug


To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset becuse you have the McAfee Personal Firewall active.

Custom ComboFix-Script:

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code: Select all
    KILLALL::
    
    File::
    C:\WINDOWS\OEWABLog.txt
    C:\WINDOWS\system32\94fspar5e100z.dll
    C:\WINDOWS\system32\59926wzrm39b.exe
    C:\WINDOWS\system32\57685zie91039.exe
    C:\WINDOWS\system32\596add95rz521.dll
    C:\WINDOWS\system32\94bbsz5ware1394.exe
    C:\WINDOWS\system32\98973zro539d.exe
    C:\WINDOWS\system32\9d20tzief5469.dll
    C:\WINDOWS\system32\961zad5ware2176.exe
    C:\WINDOWS\system32\7e91z5reat28338.exe
    
    Folder::
    C:\Program Files\LimeWire
    C:\Program Files\TizzleTalk
    C:\Program Files\MyWebSearchWB
    C:\Documents and Settings\All Users\Application Data\Symantec
    C:\Documents and Settings\All Users\Application Data\Norton
    C:\Documents and Settings\All Users\Application Data\NortonInstaller
    
    DDS::
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk046YYUS
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2}]
    [-HKEY_CLASSES_ROOT\CLSID\{8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{BA52B914-B692-46c4-B683-905236F6F655}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TizzleTalk"=-
    "Malwarebytes Anti-Malware (reboot)"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into alango1.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

F-Secure Blacklight:

Please download Blacklight from here to your desktop.

or

Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to your desktop from there.

Go to Start-->Run, copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert
Accept the license agreement.
Click > scan, wait for it to finish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • ComboFix Log.
  • Malwarebytes Anti-Malware Log.
  • Blacklight Log.
  • A new HijackThis Log. <-- I do not need a RSIT log at this time.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 13th, 2009, 11:50 am

thanks for the reply. I will perform these tasks within the next couple of days.
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 13th, 2009, 5:07 pm

OK thank you for the courtesy of informing myself. As long as you reply back within three days not a problem. :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 14th, 2009, 12:03 am

ComboFix 09-10-13.01 - Dad 10/13/2009 23:18.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.230 [GMT -4:00]
Running from: c:\documents and settings\Dad\Desktop\alango1.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\OEWABLog.txt"
"c:\windows\system32\57685zie91039.exe"
"c:\windows\system32\596add95rz521.dll"
"c:\windows\system32\59926wzrm39b.exe"
"c:\windows\system32\7e91z5reat28338.exe"
"c:\windows\system32\94bbsz5ware1394.exe"
"c:\windows\system32\94fspar5e100z.dll"
"c:\windows\system32\961zad5ware2176.exe"
"c:\windows\system32\98973zro539d.exe"
"c:\windows\system32\9d20tzief5469.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fc\000002d1\cltLMS1.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fc\000002d1\cltLMS2.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fc\cltupgrade.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fc\key.txt
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\AVPAPP32-0x0334.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\avScanUI-0x0334.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\BHCA-0x13DC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\BHSvcPlg-0x07FC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\fwMCPlug-0x05F8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\fwMCPlug-0x1770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\Install.1.mft
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\MCMGR32-0x05F8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\MCMGR32-0x1770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\MCUI32-0x05F8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\MCUI32-0x1770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\NAVLogV-0x05F8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\NAVLogV-0x1770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\NortonInstall-09-22-2009-22h14m53s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\SymIMexe-0x0590.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h27m47s\NortonInstall-09-22-2009-22h27m47s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h32m17s\BHCA-0x0348.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h32m17s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h32m17s\NortonInstall-09-22-2009-22h32m17s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h32m17s\SymIMexe-0x0BD0.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h12m57s\NortonInstall-09-23-2009-14h12m57s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\BHCA-0x1480.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\NortonInstall-09-23-2009-14h18m07s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\OCSCtl-0x14A4.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\SymIMexe-0x14C4.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\BHCA-0x0918.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\NortonInstall-09-23-2009-14h35m34s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\SymIMexe-0x078C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\BHCA-0x0ADC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\NortonInstall-09-23-2009-14h56m22s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\OCSCtl-0x117C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\SymIMexe-0x06A0.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h59m27s\NortonInstall-09-23-2009-14h59m27s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\BHCA-0x077C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\NortonInstall-09-23-2009-15h09m05s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\SymIMexe-0x0B00.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\BHCA-0x157C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\NortonInstall-09-28-2009-11h37m27s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\OCSCtl-0x1588.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\SymIMexe-0x15AC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h38m54s\NortonInstall-09-28-2009-11h38m54s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\Url.txt
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\SubEng\platformid.dat
c:\program files\LimeWire
c:\program files\LimeWire\clink.jar
c:\program files\LimeWire\commons-httpclient.jar
c:\program files\LimeWire\commons-logging.jar
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\daap.jar
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\donotremove.htm
c:\program files\LimeWire\execNoWindow.exe
c:\program files\LimeWire\GenericWindowsUtils.dll
c:\program files\LimeWire\hashes
c:\program files\LimeWire\i18n.jar
c:\program files\LimeWire\icu4j.jar
c:\program files\LimeWire\id3v2.jar
c:\program files\LimeWire\install.log
c:\program files\LimeWire\jcraft.jar
c:\program files\LimeWire\jl011.jar
c:\program files\LimeWire\jmdns.jar
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\LimeWire 4.2.6\authentic hip hop.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Behind The Harmony.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Break Up Playlist.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Double Lethal.m3u
c:\program files\LimeWire\LimeWire 4.2.6\for the fans bizzy bone.m3u
c:\program files\LimeWire\LimeWire 4.2.6\hs_err_pid13628.log
c:\program files\LimeWire\LimeWire 4.2.6\hs_err_pid3228.log
c:\program files\LimeWire\LimeWire 4.2.6\hs_err_pid3960.log
c:\program files\LimeWire\LimeWire 4.2.6\Immortal Technique.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Kelleys Goodnight Mix.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Matisyahu.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Maxwell Hidden Tracks & Remixes.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Maxwell Hidden Tracks.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Maxwell Rarities.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Naked.m3u
c:\program files\LimeWire\LimeWire 4.2.6\new shit.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Runnin Off at Da Mouth.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Sergio Mendes Timeless.m3u
c:\program files\LimeWire\LimeWire 4.2.6\SpottieottieDopaliscious.m3u
c:\program files\LimeWire\LimeWire 4.2.6\the day after part 2.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Titeness.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Twista Resurrection.m3u
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\LimeWire.jar
c:\program files\LimeWire\LimeWire20.dll
c:\program files\LimeWire\logicrypto.jar
c:\program files\LimeWire\looks.jar
c:\program files\LimeWire\MessagesBundle.properties
c:\program files\LimeWire\MessagesBundles.jar
c:\program files\LimeWire\mp3sp14.jar
c:\program files\LimeWire\PackedJars.7z
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\ProgressTabs.jar
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\themes.jar
c:\program files\LimeWire\tritonus.jar
c:\program files\LimeWire\unpack.log
c:\program files\LimeWire\unpack200.exe
c:\program files\LimeWire\update.ver
c:\program files\LimeWire\vorbis.jar
c:\program files\LimeWire\WindowsV5PlusUtils.dll
c:\program files\LimeWire\xerces.jar
c:\program files\LimeWire\xml-apis.jar
c:\program files\LimeWire\xml.war
c:\program files\MyWebSearchWB
c:\program files\MyWebSearchWB\bar\History\search
c:\program files\TizzleTalk
c:\program files\TizzleTalk\HookDLL.dll
c:\program files\TizzleTalk\TizzleTalk.exe
c:\program files\TizzleTalk\uninstaller.exe.preoin.exe
c:\windows\OEWABLog.txt
c:\windows\system32\4d96thiez5720.dll
c:\windows\system32\4f6zthi9f591.ocx
c:\windows\system32\4z94spamb5t75.bin
c:\windows\system32\4zc2spyware56929.bin
c:\windows\system32\502cthz9a522912.bin
c:\windows\system32\50759worm55z.ocx
c:\windows\system32\5076down5oader68z9.ocx
c:\windows\system32\508zste5l30259.exe
c:\windows\system32\51499zpy173.exe
c:\windows\system32\5178addware90z5.exe
c:\windows\system32\51a0s95zare2893.dll
c:\windows\system32\525dvir569z.exe
c:\windows\system32\526dzow5loa9er2243.dll
c:\windows\system32\527s9eal282z.dll
c:\windows\system32\52z49r5j7e1.bin
c:\windows\system32\5349worz519.cpl
c:\windows\system32\5383s95zl2155.bin
c:\windows\system32\53fest59l1z52.dll
c:\windows\system32\543889roz488.cpl
c:\windows\system32\547z6spy7c9.ocx
c:\windows\system32\54z2download59813.bin
c:\windows\system32\54z3addwar91160.exe
c:\windows\system32\5510sp9wzre2030.ocx
c:\windows\system32\552ethzef9577.bin
c:\windows\system32\55994szy5ac.dll
c:\windows\system32\55c9spzr9e69.exe
c:\windows\system32\55zddown9oader2764.cpl
c:\windows\system32\5615hie91216z.ocx
c:\windows\system32\57685zie91039.exe
c:\windows\system32\577dow9lozder236.bin
c:\windows\system32\5789spyw5ze503.cpl
c:\windows\system32\579d5pyw9re24z4.dll
c:\windows\system32\57ffaddwa9z1905.bin
c:\windows\system32\58335py9z5.dll
c:\windows\system32\58874sp9mboz5ba.cpl
c:\windows\system32\58bs9z5l1534.cpl
c:\windows\system32\59346troz96.exe
c:\windows\system32\596add95rz521.dll
c:\windows\system32\59926wzrm39b.exe
c:\windows\system32\599adzwnloader1356.dll
c:\windows\system32\599bvir7z8.cpl
c:\windows\system32\59c9addzare23105.cpl
c:\windows\system32\59ebackdo599z0.bin
c:\windows\system32\5a589hiez846.exe
c:\windows\system32\5a62addwa5e139z.exe
c:\windows\system32\5a6edow9l5ader6z6.dll
c:\windows\system32\5ad4s9arse12z5.dll
c:\windows\system32\5b84spzrse3199.exe
c:\windows\system32\5bzbbackd9or354.exe
c:\windows\system32\5d9thiefz839.dll
c:\windows\system32\5db9vz53156.exe
c:\windows\system32\5e9zvir2245.bin
c:\windows\system32\5ec9sp5rsz390.exe
c:\windows\system32\5f5fvirz495.cpl
c:\windows\system32\5fa9threatz251.dll
c:\windows\system32\5z399not-a-vir9s4ae.cpl
c:\windows\system32\5z669pyware1650.dll
c:\windows\system32\5z885ir31739.cpl
c:\windows\system32\5zf8vir4949.bin
c:\windows\system32\60d59iefz50.dll
c:\windows\system32\6113z59mbot161.ocx
c:\windows\system32\61d2szy9a5e69.ocx
c:\windows\system32\622cbz5kdoor559.ocx
c:\windows\system32\6236vir279z5.dll
c:\windows\system32\62915hreatz9682.ocx
c:\windows\system32\63a2ad59arez027.cpl
c:\windows\system32\651espywzr92418.ocx
c:\windows\system32\6595zirus459.ocx
c:\windows\system32\65a2ad5warez69.bin
c:\windows\system32\66c3zte5l2973.cpl
c:\windows\system32\6712sp9za5e1087.bin
c:\windows\system32\67zspar5e9816.ocx
c:\windows\system32\69055ownloaderz995.bin
c:\windows\system32\691as9ar5e15z5.bin
c:\windows\system32\695atzie91940.cpl
c:\windows\system32\69f6zte952584.cpl
c:\windows\system32\6a1zvi59141.exe
c:\windows\system32\6c1dz5r894.ocx
c:\windows\system32\6c2ddoznlo9der1510.bin
c:\windows\system32\6c59download5r219z.dll
c:\windows\system32\6e9fspyware835z.exe
c:\windows\system32\7057backz9or109.dll
c:\windows\system32\7059steal568z.ocx
c:\windows\system32\70zwor5769.exe
c:\windows\system32\71665acktz9l1b6.ocx
c:\windows\system32\727spywa9ez151.exe
c:\windows\system32\739bst9az51.exe
c:\windows\system32\7469zownloader4245.dll
c:\windows\system32\7494thre5t3z020.cpl
c:\windows\system32\74c09zief2553.dll
c:\windows\system32\74z5ba9kdoor255.cpl
c:\windows\system32\7515azdware9964.dll
c:\windows\system32\75f0d5w9loader65z.ocx
c:\windows\system32\769evir93z95.bin
c:\windows\system32\76bedowzloa5er964.bin
c:\windows\system32\774fs5ywa9e302z.ocx
c:\windows\system32\775b9hiez2419.cpl
c:\windows\system32\77ce9pzware32735.cpl
c:\windows\system32\7a97steal2357z.bin
c:\windows\system32\7b6695wnlozder1779.bin
c:\windows\system32\7c5spyware14z9.dll
c:\windows\system32\7c9zthi5f2906.cpl
c:\windows\system32\7da5v5929z.exe
c:\windows\system32\7dc8thr9az5053.dll
c:\windows\system32\7e749dzware8745.ocx
c:\windows\system32\7e91z5reat28338.exe
c:\windows\system32\7ea9b5ckdoor9z4.exe
c:\windows\system32\7f25sp9rse5z6.bin
c:\windows\system32\7z96addwa9e555.cpl
c:\windows\system32\7zabs5eal9694.cpl
c:\windows\system32\7zc1thr9at30526.cpl
c:\windows\system32\8z5th95at16575.bin
c:\windows\system32\900dzteal295.exe
c:\windows\system32\900z2not-a-vir5s2ac.cpl
c:\windows\system32\9045trzj2e9.ocx
c:\windows\system32\91300zroj357.bin
c:\windows\system32\9183backdzo52592.dll
c:\windows\system32\926835pambotz71.cpl
c:\windows\system32\93425ir3z99.dll
c:\windows\system32\949vir5s717z.ocx
c:\windows\system32\94bbsz5ware1394.exe
c:\windows\system32\94fspar5e100z.dll
c:\windows\system32\9505spamboz6f3.dll
c:\windows\system32\951downlozd9r265.bin
c:\windows\system32\9539w5rm1z9.dll
c:\windows\system32\95643hzcktool19f.cpl
c:\windows\system32\9564not-a-zirus55f9.dll
c:\windows\system32\9599s5ambzt2b7.cpl
c:\windows\system32\961zad5ware2176.exe
c:\windows\system32\970155irus593z.bin
c:\windows\system32\97374ha5ktozl616.ocx
c:\windows\system32\97500tzoj287.ocx
c:\windows\system32\98973zro539d.exe
c:\windows\system32\99f5iz14.ocx
c:\windows\system32\9a4vir5655z.cpl
c:\windows\system32\9d20tzief5469.dll
c:\windows\system32\9d78sparz52348.bin
c:\windows\system32\ae9spazs91595.bin
c:\windows\system32\bded5w9loader289z.ocx
c:\windows\system32\bf5azdwa951190.bin
c:\windows\system32\c29szyw9re5365.ocx
c:\windows\system32\c32thr5a9z9930.cpl
c:\windows\system32\cz4addwa9e785.ocx
c:\windows\system32\e35zh9ef2773.bin
c:\windows\system32\z028spy5089.dll
c:\windows\system32\z03b95kdoor1352.cpl
c:\windows\system32\z1f8ste5l199.ocx
c:\windows\system32\z3487wor9255.bin
c:\windows\system32\z35479pamb5t12f.bin
c:\windows\system32\z53t9ief126.cpl
c:\windows\system32\z57bth9eat14593.bin
c:\windows\system32\z5978troj2569.bin
c:\windows\system32\z6495ir52.cpl
c:\windows\system32\z74695acktool957.ocx
c:\windows\system32\z794hacktool3105.ocx
c:\windows\system32\z98669o5m4bc.dll
c:\windows\system32\z9957worm79e.cpl
c:\windows\system32\z9cdvir3543.ocx
c:\windows\system32\z9d5vir1629.dll
c:\windows\system32\za69vir2075.ocx
c:\windows\system32\za705ownloader859.bin
c:\windows\system32\zdd5th59at6961.cpl
c:\windows\system32\ze9et5reat5807.dll
c:\windows\system32\zf51vi93143.cpl

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-12 17:41 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 17:41 . 2009-10-12 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 17:41 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-12 17:29 . 2009-10-12 17:29 126 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\fusioncache.dat
2009-10-12 17:24 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-12 17:23 . 2009-10-12 17:24 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-12 17:22 . 2009-10-12 18:15 -------- d-----w- c:\program files\McAfee
2009-10-12 16:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-12 16:23 . 2009-10-12 16:23 -------- d-----w- c:\program files\ERUNT
2009-10-08 20:39 . 2009-10-08 20:39 -------- d-----w- c:\program files\Microsoft
2009-10-08 20:38 . 2009-10-08 20:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 18:07 . 2009-10-08 18:07 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-08 17:41 . 2009-10-08 17:41 -------- d-----w- C:\New Folder
2009-10-08 15:49 . 2009-10-08 15:54 -------- d-----w- C:\HostsXpert
2009-10-05 18:35 . 2009-10-05 18:36 -------- d-----w- c:\windows\system32\NtmsData
2009-10-03 00:22 . 2009-10-12 18:27 -------- d-----w- c:\program files\trend micro
2009-10-03 00:22 . 2009-10-08 20:55 -------- d-----w- C:\rsit
2009-09-23 02:26 . 2009-09-23 02:26 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Symantec
2009-09-20 02:57 . 2009-09-20 02:57 -------- d-----w- c:\program files\Linksys
2009-09-20 02:57 . 2008-12-12 22:05 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-09-20 02:56 . 2008-12-12 22:05 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-09-20 02:56 . 2009-09-20 02:56 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-09-20 02:56 . 2009-09-20 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-20 02:55 . 2008-12-04 13:17 627072 ----a-r- c:\windows\system32\drivers\WUSB54GCv3.sys
2009-09-20 02:55 . 2008-12-04 13:17 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2009-09-20 02:55 . 2008-12-04 13:17 15312 ----a-r- c:\windows\system32\RaCoInst.dat
2009-09-16 23:38 . 2003-07-18 15:24 150528 ----a-w- c:\windows\unSpySweeper.exe
2009-09-14 15:50 . 2009-09-14 15:50 -------- d-----w- c:\documents and settings\Andrew\Application Data\a?sembly

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 02:45 . 2004-11-16 12:40 -------- d-----w- c:\program files\Java
2009-10-12 17:30 . 2008-04-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-12 17:23 . 2004-11-16 12:51 -------- d-----w- c:\program files\McAfee.com
2009-10-08 18:22 . 2008-04-25 03:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-08 18:21 . 2008-04-25 03:02 -------- d-----w- c:\program files\SpywareBlaster
2009-10-08 15:22 . 2006-09-12 02:35 -------- d-----w- c:\program files\Google
2009-10-05 20:24 . 2006-06-28 07:07 -------- d-----w- c:\program files\DivX
2009-10-05 18:58 . 2009-04-01 19:24 -------- d-----w- c:\documents and settings\Dad\Application Data\DivX
2009-09-28 14:09 . 2005-01-03 08:17 -------- d-----w- c:\documents and settings\Andrew\Application Data\WeatherBug
2009-09-23 03:08 . 2004-12-03 20:43 64368 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 05:07 . 2009-09-11 05:07 1 ---h--w- c:\windows\bx4657.dat
2009-09-09 16:49 . 2004-11-21 21:15 64368 ----a-w- c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 18:32 . 2008-10-06 21:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-16 06:51 . 2009-08-16 06:51 -------- d-----w- c:\program files\MSBuild
2009-08-16 06:51 . 2009-08-16 06:51 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 03:18 . 2009-08-02 03:18 8452 ----a-w- c:\windows\z81409py5.exe
2009-07-17 19:01 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_16.56.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-14 03:34 . 2009-10-14 03:34 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
+ 2009-10-14 03:34 . 2009-10-14 03:34 16384 c:\windows\Temp\Perflib_Perfdata_588.dat
+ 2004-08-04 11:00 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\wdigest.dll
+ 2009-04-21 04:12 . 2007-07-27 14:41 16760 c:\windows\SYSTEM32\spmsg.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\secur32.dll
- 2004-08-04 11:00 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\secur32.dll
+ 2008-04-25 03:34 . 2009-07-08 17:44 40552 c:\windows\SYSTEM32\DRIVERS\mfesmfk.sys
- 2008-04-25 03:34 . 2009-03-25 15:06 40552 c:\windows\SYSTEM32\DRIVERS\mfesmfk.sys
+ 2008-04-25 03:34 . 2009-07-08 17:43 34248 c:\windows\SYSTEM32\DRIVERS\mferkdk.sys
+ 2008-04-25 03:34 . 2009-07-08 17:44 35272 c:\windows\SYSTEM32\DRIVERS\mfebopk.sys
- 2008-04-25 03:34 . 2009-03-25 15:06 35272 c:\windows\SYSTEM32\DRIVERS\mfebopk.sys
+ 2008-04-25 03:34 . 2009-07-08 17:44 79816 c:\windows\SYSTEM32\DRIVERS\mfeavfk.sys
+ 2004-08-04 11:00 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DRIVERS\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
- 2004-11-20 19:42 . 2009-09-20 19:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-11-20 19:42 . 2009-10-14 02:31 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-11-20 19:42 . 2009-09-20 19:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-11-20 19:42 . 2009-10-14 02:31 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-13 02:52 . 2009-10-14 02:31 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-11-20 19:42 . 2009-09-20 19:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-10-12 17:29 . 2009-10-12 17:29 20480 c:\windows\ASSEMBLY\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll
+ 2009-10-12 17:29 . 2009-10-12 17:29 20480 c:\windows\ASSEMBLY\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\schannel.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 136192 c:\windows\SYSTEM32\msv1_0.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\lsasrv.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\kerberos.dll
- 2004-08-04 11:00 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\jscript.dll
+ 2004-08-04 11:00 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\jscript.dll
+ 2008-04-25 03:34 . 2009-07-08 17:44 214024 c:\windows\SYSTEM32\DRIVERS\mfehidk.sys
- 2008-04-25 03:34 . 2009-03-25 15:06 214024 c:\windows\SYSTEM32\DRIVERS\mfehidk.sys
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
+ 2009-04-16 00:41 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2009-10-12 17:29 . 2009-10-12 17:29 126976 c:\windows\ASSEMBLY\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll
+ 2004-08-04 11:00 . 2009-05-20 08:56 2458112 c:\windows\SYSTEM32\WMVCore.dll
- 2004-08-04 11:00 . 2008-06-18 09:03 2458112 c:\windows\SYSTEM32\WMVCore.dll
+ 2004-08-04 11:00 . 2009-05-20 08:56 2458112 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2004-08-04 11:00 . 2008-06-18 09:03 2458112 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
+ 2005-05-11 06:15 . 2009-08-28 21:38 24689600 c:\windows\SYSTEM32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-16 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-08 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-11-16 36953]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-16 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/13/2007 6:33 PM 24652]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\WUSB54GCv3.sys [9/19/2009 10:55 PM 627072]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\SYSTEM32\DRIVERS\tj2knd5.sys [11/21/2004 10:56 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [11/21/2004 10:55 PM 69680]
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2009-10-12 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 01:26]

2009-10-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net
mStart Page = hxxp://www.comcast.net
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk046YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 23:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-10-14 23:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 03:45
ComboFix2.txt 2009-10-12 17:00

Pre-Run: 40,014,692,352 bytes free
Post-Run: 40,194,195,456 bytes free

540 --- E O F --- 2009-10-12 18:13
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 14th, 2009, 12:04 am

ComboFix 09-10-13.01 - Dad 10/13/2009 23:18.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.230 [GMT -4:00]
Running from: c:\documents and settings\Dad\Desktop\alango1.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\OEWABLog.txt"
"c:\windows\system32\57685zie91039.exe"
"c:\windows\system32\596add95rz521.dll"
"c:\windows\system32\59926wzrm39b.exe"
"c:\windows\system32\7e91z5reat28338.exe"
"c:\windows\system32\94bbsz5ware1394.exe"
"c:\windows\system32\94fspar5e100z.dll"
"c:\windows\system32\961zad5ware2176.exe"
"c:\windows\system32\98973zro539d.exe"
"c:\windows\system32\9d20tzief5469.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fc\000002d1\cltLMS1.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fc\000002d1\cltLMS2.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fc\cltupgrade.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\000000fc\key.txt
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\AVPAPP32-0x0334.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\avScanUI-0x0334.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\BHCA-0x13DC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\BHSvcPlg-0x07FC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\fwMCPlug-0x05F8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\fwMCPlug-0x1770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\Install.1.mft
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\MCMGR32-0x05F8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\MCMGR32-0x1770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\MCUI32-0x05F8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\MCUI32-0x1770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\NAVLogV-0x05F8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\NAVLogV-0x1770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\NortonInstall-09-22-2009-22h14m53s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h14m53s\SymIMexe-0x0590.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h27m47s\NortonInstall-09-22-2009-22h27m47s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h32m17s\BHCA-0x0348.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h32m17s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h32m17s\NortonInstall-09-22-2009-22h32m17s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-22-2009-22h32m17s\SymIMexe-0x0BD0.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h12m57s\NortonInstall-09-23-2009-14h12m57s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\BHCA-0x1480.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\NortonInstall-09-23-2009-14h18m07s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\OCSCtl-0x14A4.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h18m07s\SymIMexe-0x14C4.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\BHCA-0x0918.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\NortonInstall-09-23-2009-14h35m34s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h35m34s\SymIMexe-0x078C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\BHCA-0x0ADC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\NortonInstall-09-23-2009-14h56m22s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\OCSCtl-0x117C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h56m22s\SymIMexe-0x06A0.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-14h59m27s\NortonInstall-09-23-2009-14h59m27s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\BHCA-0x077C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\NortonInstall-09-23-2009-15h09m05s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-23-2009-15h09m05s\SymIMexe-0x0B00.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\BHCA-0x157C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\NortonInstall-09-28-2009-11h37m27s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\OCSCtl-0x1588.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h37m27s\SymIMexe-0x15AC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-28-2009-11h38m54s\NortonInstall-09-28-2009-11h38m54s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\Url.txt
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\SubEng\platformid.dat
c:\program files\LimeWire
c:\program files\LimeWire\clink.jar
c:\program files\LimeWire\commons-httpclient.jar
c:\program files\LimeWire\commons-logging.jar
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\daap.jar
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\donotremove.htm
c:\program files\LimeWire\execNoWindow.exe
c:\program files\LimeWire\GenericWindowsUtils.dll
c:\program files\LimeWire\hashes
c:\program files\LimeWire\i18n.jar
c:\program files\LimeWire\icu4j.jar
c:\program files\LimeWire\id3v2.jar
c:\program files\LimeWire\install.log
c:\program files\LimeWire\jcraft.jar
c:\program files\LimeWire\jl011.jar
c:\program files\LimeWire\jmdns.jar
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\LimeWire 4.2.6\authentic hip hop.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Behind The Harmony.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Break Up Playlist.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Double Lethal.m3u
c:\program files\LimeWire\LimeWire 4.2.6\for the fans bizzy bone.m3u
c:\program files\LimeWire\LimeWire 4.2.6\hs_err_pid13628.log
c:\program files\LimeWire\LimeWire 4.2.6\hs_err_pid3228.log
c:\program files\LimeWire\LimeWire 4.2.6\hs_err_pid3960.log
c:\program files\LimeWire\LimeWire 4.2.6\Immortal Technique.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Kelleys Goodnight Mix.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Matisyahu.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Maxwell Hidden Tracks & Remixes.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Maxwell Hidden Tracks.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Maxwell Rarities.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Naked.m3u
c:\program files\LimeWire\LimeWire 4.2.6\new shit.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Runnin Off at Da Mouth.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Sergio Mendes Timeless.m3u
c:\program files\LimeWire\LimeWire 4.2.6\SpottieottieDopaliscious.m3u
c:\program files\LimeWire\LimeWire 4.2.6\the day after part 2.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Titeness.m3u
c:\program files\LimeWire\LimeWire 4.2.6\Twista Resurrection.m3u
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\LimeWire.jar
c:\program files\LimeWire\LimeWire20.dll
c:\program files\LimeWire\logicrypto.jar
c:\program files\LimeWire\looks.jar
c:\program files\LimeWire\MessagesBundle.properties
c:\program files\LimeWire\MessagesBundles.jar
c:\program files\LimeWire\mp3sp14.jar
c:\program files\LimeWire\PackedJars.7z
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\ProgressTabs.jar
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\themes.jar
c:\program files\LimeWire\tritonus.jar
c:\program files\LimeWire\unpack.log
c:\program files\LimeWire\unpack200.exe
c:\program files\LimeWire\update.ver
c:\program files\LimeWire\vorbis.jar
c:\program files\LimeWire\WindowsV5PlusUtils.dll
c:\program files\LimeWire\xerces.jar
c:\program files\LimeWire\xml-apis.jar
c:\program files\LimeWire\xml.war
c:\program files\MyWebSearchWB
c:\program files\MyWebSearchWB\bar\History\search
c:\program files\TizzleTalk
c:\program files\TizzleTalk\HookDLL.dll
c:\program files\TizzleTalk\TizzleTalk.exe
c:\program files\TizzleTalk\uninstaller.exe.preoin.exe
c:\windows\OEWABLog.txt
c:\windows\system32\4d96thiez5720.dll
c:\windows\system32\4f6zthi9f591.ocx
c:\windows\system32\4z94spamb5t75.bin
c:\windows\system32\4zc2spyware56929.bin
c:\windows\system32\502cthz9a522912.bin
c:\windows\system32\50759worm55z.ocx
c:\windows\system32\5076down5oader68z9.ocx
c:\windows\system32\508zste5l30259.exe
c:\windows\system32\51499zpy173.exe
c:\windows\system32\5178addware90z5.exe
c:\windows\system32\51a0s95zare2893.dll
c:\windows\system32\525dvir569z.exe
c:\windows\system32\526dzow5loa9er2243.dll
c:\windows\system32\527s9eal282z.dll
c:\windows\system32\52z49r5j7e1.bin
c:\windows\system32\5349worz519.cpl
c:\windows\system32\5383s95zl2155.bin
c:\windows\system32\53fest59l1z52.dll
c:\windows\system32\543889roz488.cpl
c:\windows\system32\547z6spy7c9.ocx
c:\windows\system32\54z2download59813.bin
c:\windows\system32\54z3addwar91160.exe
c:\windows\system32\5510sp9wzre2030.ocx
c:\windows\system32\552ethzef9577.bin
c:\windows\system32\55994szy5ac.dll
c:\windows\system32\55c9spzr9e69.exe
c:\windows\system32\55zddown9oader2764.cpl
c:\windows\system32\5615hie91216z.ocx
c:\windows\system32\57685zie91039.exe
c:\windows\system32\577dow9lozder236.bin
c:\windows\system32\5789spyw5ze503.cpl
c:\windows\system32\579d5pyw9re24z4.dll
c:\windows\system32\57ffaddwa9z1905.bin
c:\windows\system32\58335py9z5.dll
c:\windows\system32\58874sp9mboz5ba.cpl
c:\windows\system32\58bs9z5l1534.cpl
c:\windows\system32\59346troz96.exe
c:\windows\system32\596add95rz521.dll
c:\windows\system32\59926wzrm39b.exe
c:\windows\system32\599adzwnloader1356.dll
c:\windows\system32\599bvir7z8.cpl
c:\windows\system32\59c9addzare23105.cpl
c:\windows\system32\59ebackdo599z0.bin
c:\windows\system32\5a589hiez846.exe
c:\windows\system32\5a62addwa5e139z.exe
c:\windows\system32\5a6edow9l5ader6z6.dll
c:\windows\system32\5ad4s9arse12z5.dll
c:\windows\system32\5b84spzrse3199.exe
c:\windows\system32\5bzbbackd9or354.exe
c:\windows\system32\5d9thiefz839.dll
c:\windows\system32\5db9vz53156.exe
c:\windows\system32\5e9zvir2245.bin
c:\windows\system32\5ec9sp5rsz390.exe
c:\windows\system32\5f5fvirz495.cpl
c:\windows\system32\5fa9threatz251.dll
c:\windows\system32\5z399not-a-vir9s4ae.cpl
c:\windows\system32\5z669pyware1650.dll
c:\windows\system32\5z885ir31739.cpl
c:\windows\system32\5zf8vir4949.bin
c:\windows\system32\60d59iefz50.dll
c:\windows\system32\6113z59mbot161.ocx
c:\windows\system32\61d2szy9a5e69.ocx
c:\windows\system32\622cbz5kdoor559.ocx
c:\windows\system32\6236vir279z5.dll
c:\windows\system32\62915hreatz9682.ocx
c:\windows\system32\63a2ad59arez027.cpl
c:\windows\system32\651espywzr92418.ocx
c:\windows\system32\6595zirus459.ocx
c:\windows\system32\65a2ad5warez69.bin
c:\windows\system32\66c3zte5l2973.cpl
c:\windows\system32\6712sp9za5e1087.bin
c:\windows\system32\67zspar5e9816.ocx
c:\windows\system32\69055ownloaderz995.bin
c:\windows\system32\691as9ar5e15z5.bin
c:\windows\system32\695atzie91940.cpl
c:\windows\system32\69f6zte952584.cpl
c:\windows\system32\6a1zvi59141.exe
c:\windows\system32\6c1dz5r894.ocx
c:\windows\system32\6c2ddoznlo9der1510.bin
c:\windows\system32\6c59download5r219z.dll
c:\windows\system32\6e9fspyware835z.exe
c:\windows\system32\7057backz9or109.dll
c:\windows\system32\7059steal568z.ocx
c:\windows\system32\70zwor5769.exe
c:\windows\system32\71665acktz9l1b6.ocx
c:\windows\system32\727spywa9ez151.exe
c:\windows\system32\739bst9az51.exe
c:\windows\system32\7469zownloader4245.dll
c:\windows\system32\7494thre5t3z020.cpl
c:\windows\system32\74c09zief2553.dll
c:\windows\system32\74z5ba9kdoor255.cpl
c:\windows\system32\7515azdware9964.dll
c:\windows\system32\75f0d5w9loader65z.ocx
c:\windows\system32\769evir93z95.bin
c:\windows\system32\76bedowzloa5er964.bin
c:\windows\system32\774fs5ywa9e302z.ocx
c:\windows\system32\775b9hiez2419.cpl
c:\windows\system32\77ce9pzware32735.cpl
c:\windows\system32\7a97steal2357z.bin
c:\windows\system32\7b6695wnlozder1779.bin
c:\windows\system32\7c5spyware14z9.dll
c:\windows\system32\7c9zthi5f2906.cpl
c:\windows\system32\7da5v5929z.exe
c:\windows\system32\7dc8thr9az5053.dll
c:\windows\system32\7e749dzware8745.ocx
c:\windows\system32\7e91z5reat28338.exe
c:\windows\system32\7ea9b5ckdoor9z4.exe
c:\windows\system32\7f25sp9rse5z6.bin
c:\windows\system32\7z96addwa9e555.cpl
c:\windows\system32\7zabs5eal9694.cpl
c:\windows\system32\7zc1thr9at30526.cpl
c:\windows\system32\8z5th95at16575.bin
c:\windows\system32\900dzteal295.exe
c:\windows\system32\900z2not-a-vir5s2ac.cpl
c:\windows\system32\9045trzj2e9.ocx
c:\windows\system32\91300zroj357.bin
c:\windows\system32\9183backdzo52592.dll
c:\windows\system32\926835pambotz71.cpl
c:\windows\system32\93425ir3z99.dll
c:\windows\system32\949vir5s717z.ocx
c:\windows\system32\94bbsz5ware1394.exe
c:\windows\system32\94fspar5e100z.dll
c:\windows\system32\9505spamboz6f3.dll
c:\windows\system32\951downlozd9r265.bin
c:\windows\system32\9539w5rm1z9.dll
c:\windows\system32\95643hzcktool19f.cpl
c:\windows\system32\9564not-a-zirus55f9.dll
c:\windows\system32\9599s5ambzt2b7.cpl
c:\windows\system32\961zad5ware2176.exe
c:\windows\system32\970155irus593z.bin
c:\windows\system32\97374ha5ktozl616.ocx
c:\windows\system32\97500tzoj287.ocx
c:\windows\system32\98973zro539d.exe
c:\windows\system32\99f5iz14.ocx
c:\windows\system32\9a4vir5655z.cpl
c:\windows\system32\9d20tzief5469.dll
c:\windows\system32\9d78sparz52348.bin
c:\windows\system32\ae9spazs91595.bin
c:\windows\system32\bded5w9loader289z.ocx
c:\windows\system32\bf5azdwa951190.bin
c:\windows\system32\c29szyw9re5365.ocx
c:\windows\system32\c32thr5a9z9930.cpl
c:\windows\system32\cz4addwa9e785.ocx
c:\windows\system32\e35zh9ef2773.bin
c:\windows\system32\z028spy5089.dll
c:\windows\system32\z03b95kdoor1352.cpl
c:\windows\system32\z1f8ste5l199.ocx
c:\windows\system32\z3487wor9255.bin
c:\windows\system32\z35479pamb5t12f.bin
c:\windows\system32\z53t9ief126.cpl
c:\windows\system32\z57bth9eat14593.bin
c:\windows\system32\z5978troj2569.bin
c:\windows\system32\z6495ir52.cpl
c:\windows\system32\z74695acktool957.ocx
c:\windows\system32\z794hacktool3105.ocx
c:\windows\system32\z98669o5m4bc.dll
c:\windows\system32\z9957worm79e.cpl
c:\windows\system32\z9cdvir3543.ocx
c:\windows\system32\z9d5vir1629.dll
c:\windows\system32\za69vir2075.ocx
c:\windows\system32\za705ownloader859.bin
c:\windows\system32\zdd5th59at6961.cpl
c:\windows\system32\ze9et5reat5807.dll
c:\windows\system32\zf51vi93143.cpl

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-12 17:41 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 17:41 . 2009-10-12 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 17:41 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-12 17:29 . 2009-10-12 17:29 126 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\fusioncache.dat
2009-10-12 17:24 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-12 17:23 . 2009-10-12 17:24 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-12 17:22 . 2009-10-12 18:15 -------- d-----w- c:\program files\McAfee
2009-10-12 16:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-12 16:23 . 2009-10-12 16:23 -------- d-----w- c:\program files\ERUNT
2009-10-08 20:39 . 2009-10-08 20:39 -------- d-----w- c:\program files\Microsoft
2009-10-08 20:38 . 2009-10-08 20:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 18:07 . 2009-10-08 18:07 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-08 17:41 . 2009-10-08 17:41 -------- d-----w- C:\New Folder
2009-10-08 15:49 . 2009-10-08 15:54 -------- d-----w- C:\HostsXpert
2009-10-05 18:35 . 2009-10-05 18:36 -------- d-----w- c:\windows\system32\NtmsData
2009-10-03 00:22 . 2009-10-12 18:27 -------- d-----w- c:\program files\trend micro
2009-10-03 00:22 . 2009-10-08 20:55 -------- d-----w- C:\rsit
2009-09-23 02:26 . 2009-09-23 02:26 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Symantec
2009-09-20 02:57 . 2009-09-20 02:57 -------- d-----w- c:\program files\Linksys
2009-09-20 02:57 . 2008-12-12 22:05 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-09-20 02:56 . 2008-12-12 22:05 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-09-20 02:56 . 2009-09-20 02:56 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-09-20 02:56 . 2009-09-20 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-20 02:55 . 2008-12-04 13:17 627072 ----a-r- c:\windows\system32\drivers\WUSB54GCv3.sys
2009-09-20 02:55 . 2008-12-04 13:17 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2009-09-20 02:55 . 2008-12-04 13:17 15312 ----a-r- c:\windows\system32\RaCoInst.dat
2009-09-16 23:38 . 2003-07-18 15:24 150528 ----a-w- c:\windows\unSpySweeper.exe
2009-09-14 15:50 . 2009-09-14 15:50 -------- d-----w- c:\documents and settings\Andrew\Application Data\a?sembly

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 02:45 . 2004-11-16 12:40 -------- d-----w- c:\program files\Java
2009-10-12 17:30 . 2008-04-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-12 17:23 . 2004-11-16 12:51 -------- d-----w- c:\program files\McAfee.com
2009-10-08 18:22 . 2008-04-25 03:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-08 18:21 . 2008-04-25 03:02 -------- d-----w- c:\program files\SpywareBlaster
2009-10-08 15:22 . 2006-09-12 02:35 -------- d-----w- c:\program files\Google
2009-10-05 20:24 . 2006-06-28 07:07 -------- d-----w- c:\program files\DivX
2009-10-05 18:58 . 2009-04-01 19:24 -------- d-----w- c:\documents and settings\Dad\Application Data\DivX
2009-09-28 14:09 . 2005-01-03 08:17 -------- d-----w- c:\documents and settings\Andrew\Application Data\WeatherBug
2009-09-23 03:08 . 2004-12-03 20:43 64368 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 05:07 . 2009-09-11 05:07 1 ---h--w- c:\windows\bx4657.dat
2009-09-09 16:49 . 2004-11-21 21:15 64368 ----a-w- c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 18:32 . 2008-10-06 21:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-16 06:51 . 2009-08-16 06:51 -------- d-----w- c:\program files\MSBuild
2009-08-16 06:51 . 2009-08-16 06:51 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 03:18 . 2009-08-02 03:18 8452 ----a-w- c:\windows\z81409py5.exe
2009-07-17 19:01 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_16.56.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-14 03:34 . 2009-10-14 03:34 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
+ 2009-10-14 03:34 . 2009-10-14 03:34 16384 c:\windows\Temp\Perflib_Perfdata_588.dat
+ 2004-08-04 11:00 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\wdigest.dll
+ 2009-04-21 04:12 . 2007-07-27 14:41 16760 c:\windows\SYSTEM32\spmsg.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\secur32.dll
- 2004-08-04 11:00 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\secur32.dll
+ 2008-04-25 03:34 . 2009-07-08 17:44 40552 c:\windows\SYSTEM32\DRIVERS\mfesmfk.sys
- 2008-04-25 03:34 . 2009-03-25 15:06 40552 c:\windows\SYSTEM32\DRIVERS\mfesmfk.sys
+ 2008-04-25 03:34 . 2009-07-08 17:43 34248 c:\windows\SYSTEM32\DRIVERS\mferkdk.sys
+ 2008-04-25 03:34 . 2009-07-08 17:44 35272 c:\windows\SYSTEM32\DRIVERS\mfebopk.sys
- 2008-04-25 03:34 . 2009-03-25 15:06 35272 c:\windows\SYSTEM32\DRIVERS\mfebopk.sys
+ 2008-04-25 03:34 . 2009-07-08 17:44 79816 c:\windows\SYSTEM32\DRIVERS\mfeavfk.sys
+ 2004-08-04 11:00 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DRIVERS\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
- 2004-11-20 19:42 . 2009-09-20 19:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-11-20 19:42 . 2009-10-14 02:31 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-11-20 19:42 . 2009-09-20 19:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-11-20 19:42 . 2009-10-14 02:31 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-13 02:52 . 2009-10-14 02:31 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-11-20 19:42 . 2009-09-20 19:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-10-12 17:29 . 2009-10-12 17:29 20480 c:\windows\ASSEMBLY\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll
+ 2009-10-12 17:29 . 2009-10-12 17:29 20480 c:\windows\ASSEMBLY\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\schannel.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 136192 c:\windows\SYSTEM32\msv1_0.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\lsasrv.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\kerberos.dll
- 2004-08-04 11:00 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\jscript.dll
+ 2004-08-04 11:00 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\jscript.dll
+ 2008-04-25 03:34 . 2009-07-08 17:44 214024 c:\windows\SYSTEM32\DRIVERS\mfehidk.sys
- 2008-04-25 03:34 . 2009-03-25 15:06 214024 c:\windows\SYSTEM32\DRIVERS\mfehidk.sys
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
+ 2009-04-16 00:41 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2009-10-12 17:29 . 2009-10-12 17:29 126976 c:\windows\ASSEMBLY\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll
+ 2004-08-04 11:00 . 2009-05-20 08:56 2458112 c:\windows\SYSTEM32\WMVCore.dll
- 2004-08-04 11:00 . 2008-06-18 09:03 2458112 c:\windows\SYSTEM32\WMVCore.dll
+ 2004-08-04 11:00 . 2009-05-20 08:56 2458112 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2004-08-04 11:00 . 2008-06-18 09:03 2458112 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
+ 2005-05-11 06:15 . 2009-08-28 21:38 24689600 c:\windows\SYSTEM32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-16 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-08 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-11-16 36953]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-16 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/13/2007 6:33 PM 24652]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\WUSB54GCv3.sys [9/19/2009 10:55 PM 627072]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\SYSTEM32\DRIVERS\tj2knd5.sys [11/21/2004 10:56 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [11/21/2004 10:55 PM 69680]
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2009-10-12 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 01:26]

2009-10-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net
mStart Page = hxxp://www.comcast.net
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk046YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 23:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-10-14 23:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 03:45
ComboFix2.txt 2009-10-12 17:00

Pre-Run: 40,014,692,352 bytes free
Post-Run: 40,194,195,456 bytes free

540 --- E O F --- 2009-10-12 18:13
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 14th, 2009, 12:07 am

Malwarebytes' Anti-Malware 1.41
Database version: 2947
Windows 5.1.2600 Service Pack 3

10/13/2009 11:59:56 PM
mbam-log-2009-10-13 (23-59-55).txt

Scan type: Quick Scan
Objects scanned: 108278
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware