Hi Sharagoz, sorry it took so long but everything went well and it looks like I'm clean from what i can tell. Here are the logs you requested.
-----------------------------------------------------------------------------------
ComboFix log
-----------------------------------------------------------------------------------
ComboFix 08-12-06.06 - Evelyn 2008-12-07 15:51:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758 [GMT -5:00]
Running from: c:\documents and settings\Evelyn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Evelyn\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\SYSTEM32\sapemogi.exe
c:\windows\SYSTEM32\sunapija.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Evelyn\Application Data\Azureus
c:\documents and settings\Evelyn\Application Data\Azureus\.certs
c:\documents and settings\Evelyn\Application Data\Azureus\.keystore
c:\documents and settings\Evelyn\Application Data\Azureus\.lock
c:\documents and settings\Evelyn\Application Data\Azureus\active\2E01E001FB4C7DDDDCCDB5D0C829EDD279F896C9.dat
c:\documents and settings\Evelyn\Application Data\Azureus\active\2E01E001FB4C7DDDDCCDB5D0C829EDD279F896C9.dat.bak
c:\documents and settings\Evelyn\Application Data\Azureus\active\92161081A80B57440C39B3305E383D266AA0574A.dat
c:\documents and settings\Evelyn\Application Data\Azureus\active\92161081A80B57440C39B3305E383D266AA0574A.dat.bak
c:\documents and settings\Evelyn\Application Data\Azureus\active\cache.dat
c:\documents and settings\Evelyn\Application Data\Azureus\active\F5C201C9CD58CAE131BA42A68DCE352A73A851D2.dat
c:\documents and settings\Evelyn\Application Data\Azureus\active\F5C201C9CD58CAE131BA42A68DCE352A73A851D2.dat.bak
c:\documents and settings\Evelyn\Application Data\Azureus\azureus.config
c:\documents and settings\Evelyn\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\azureus.statistics
c:\documents and settings\Evelyn\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Evelyn\Application Data\Azureus\banips.config
c:\documents and settings\Evelyn\Application Data\Azureus\banips.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Evelyn\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Evelyn\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Evelyn\Application Data\Azureus\dht\general.dat
c:\documents and settings\Evelyn\Application Data\Azureus\dht\version.dat
c:\documents and settings\Evelyn\Application Data\Azureus\downloads.config
c:\documents and settings\Evelyn\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\friends.config
c:\documents and settings\Evelyn\Application Data\Azureus\friends.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Evelyn\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\AutoSpeed_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\AutoSpeed_2.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\Evelyn\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
c:\documents and settings\Evelyn\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
c:\documents and settings\Evelyn\Application Data\Azureus\logs\MetaSearch_Engine_6.txt
c:\documents and settings\Evelyn\Application Data\Azureus\logs\MetaSearch_Engine_9.txt
c:\documents and settings\Evelyn\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\SpeedMan_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\SpeedMan_2.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Evelyn\Application Data\Azureus\metasearch.config
c:\documents and settings\Evelyn\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\net\pm_6197.dat
c:\documents and settings\Evelyn\Application Data\Azureus\net\pm_6389.dat
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.8.4.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.8.4.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.9.0.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.9.0.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.9.10.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.9.10.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.9.11.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.9.11.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.9.6.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_1.9.6.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.11.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.11.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.14.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.14.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.16.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.16.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.28.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.28.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.30.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azemp_2.0.30.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azmplay.exe
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\azmplay.exe.bak
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\cp1250-a.raw
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\cp1250-a.raw.bak
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\cp1250-b.raw
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\cp1250-b.raw.bak
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\font.desc
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\font.desc.bak
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\libInfoGetter.dll
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\mplayer\config
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\osd-mplayer-a.raw
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\osd-mplayer-b.raw
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_1.8.4
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_1.9.0
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_1.9.10
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_1.9.11
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_1.9.6
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.11
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.14
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.16
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.28
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.30
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.2.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.2.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.6.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.6.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\plugin.properties
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.2
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.3
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.6
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.7
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.0
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.1
c:\documents and settings\Evelyn\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\documents and settings\Evelyn\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Evelyn\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\subs\8604680C6C0217A05619.vuze
c:\documents and settings\Evelyn\Application Data\Azureus\subs\C732D6BA9C09C29B2FA3.vuze
c:\documents and settings\Evelyn\Application Data\Azureus\subs\FF0EBBE21CEC049A539D.vuze
c:\documents and settings\Evelyn\Application Data\Azureus\subscriptions.config
c:\documents and settings\Evelyn\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\tables.config
c:\documents and settings\Evelyn\Application Data\Azureus\tables.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\timingstats.dat
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41363.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41364.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41365.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41366.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41367.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41368.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41369.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41370.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41374.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41375.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41376.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\tmp\AZU41377.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\[isoHunt]_The_Chronic.torrent
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZ_54842.torrent
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU1034.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU12601.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU12604.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU13711.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU16163.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU16165.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU16167.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU16171.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU20028.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU24161.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU27191.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU27194.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU30873.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU30877.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU39338.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU39419.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU39888.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU41266.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU41371.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU4781.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU48178.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU48183.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU56715.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU5751.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU62150.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU62152.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU62782.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU62785.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU63074.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU63284.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\AZU63288.tmp
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\Destinys_Child_-_The_Writings_on_the_Wall_-_By_[ANOUS].3910273.TPB_-[mininova.org]-_[mininova].torrent
c:\documents and settings\Evelyn\Application Data\Azureus\torrents\Lil_Wayne___DJ_Drama_-_Dedication_3_[Gangsta_Grillz_Edition].4509128.TPB.torrent
c:\documents and settings\Evelyn\Application Data\Azureus\tracker.config
c:\documents and settings\Evelyn\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\unsentdata.config
c:\documents and settings\Evelyn\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Evelyn\Application Data\Azureus\update.log
c:\documents and settings\Evelyn\Application Data\Azureus\update.properties
c:\documents and settings\Evelyn\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Evelyn\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Evelyn\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Evelyn\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\Azureus
c:\program files\Azureus\AzureusUpdater.exe
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.5.zip
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.5.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.5
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.8
c:\program files\Azureus\plugins\azupdater\Updater.jar.bak
c:\windows\SYSTEM32\sapemogi.exe
c:\windows\SYSTEM32\sunapija.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-03 21:59 . 2008-12-03 21:59 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 21:27 . 2008-12-03 21:27 <DIR> d-------- C:\VundoFix Backups
2008-12-02 07:57 . 2008-11-03 16:10 17,318,336 --a------ c:\windows\SYSTEM32\removal.exe
2008-12-01 20:09 . 2008-12-01 20:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Webroot
2008-12-01 19:59 . 2004-03-12 03:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2008-12-01 19:59 . 2004-03-12 03:05 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2008-12-01 19:59 . 2008-03-23 10:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2008-12-01 19:59 . 2008-12-01 19:59 <DIR> d-------- c:\documents and settings\Administrator
2008-11-30 22:52 . 2008-11-30 22:52 <DIR> d-------- C:\Binaries
2008-11-30 22:51 . 2008-11-30 22:51 <DIR> d-------- c:\program files\Webroot
2008-11-30 22:51 . 2008-11-30 22:51 <DIR> d-------- c:\documents and settings\Evelyn\Application Data\Webroot
2008-11-30 22:51 . 2008-11-30 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-11-30 22:51 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-11-30 22:49 . 2008-12-01 21:27 164 --a------ C:\install.dat
2008-11-28 16:08 . 2008-12-01 21:13 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-28 16:08 . 2008-12-01 21:13 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-22 13:41 . 2008-11-22 13:41 <DIR> d-------- c:\program files\iPod
2008-11-22 13:40 . 2008-11-22 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-12 16:02 . 2008-11-12 16:02 170,608 --a------ c:\windows\SYSTEM32\DRIVERS\ssidrv.sys
2008-11-12 16:02 . 2008-11-12 16:02 29,808 --a------ c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys
2008-11-12 16:02 . 2008-11-12 16:02 23,152 --a------ c:\windows\SYSTEM32\DRIVERS\sshrmd.sys
2008-11-11 16:59 . 2008-09-04 12:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-11-11 16:59 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 01:36 --------- d-----w c:\program files\Safari
2008-12-03 02:38 --------- d-----w c:\documents and settings\Evelyn\Application Data\SiteAdvisor
2008-11-29 01:37 --------- d-----w c:\program files\Security Task Manager
2008-11-22 18:41 --------- d-----w c:\program files\iTunes
2008-11-22 18:38 --------- d-----w c:\program files\QuickTime
2008-11-22 18:37 --------- d-----w c:\program files\Common Files\Apple
2008-11-16 14:58 --------- d-----w c:\program files\McAfee
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-02-21 15:37 60,968 ----a-w c:\documents and settings\Evelyn\GoToAssistDownloadHelper.exe
2004-10-19 20:19 46,688 ----a-w c:\documents and settings\Evelyn\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Binaries ----
2002-06-27 13:22 75 --a------ c:\binaries\SOAPVDIR.CMD
2002-06-27 13:22 11729 --a------ c:\binaries\_svdir.VBS
((((((((((((((((((((((((((((( snapshot@2008-12-06_16.20.32.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-06 19:47:29 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-12-07 20:06:46 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-12-06 19:47:29 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-12-07 20:06:46 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 57,344 2005-06-07 04:46:24 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
----a-w 39,792 2007-10-11 00:51:55 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-12 02:16:38 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
----a-w 192,512 2006-10-30 16:00:56 c:\program files\Bellsouth\HelpCenter\bin\bak\sprtcmd.exe
----a-w 50,792 2006-04-13 20:36:53 c:\program files\Common Files\AOL\1102280339\EE\bak\AOLSoftware.exe
----a-r 71,256 2005-04-18 18:38:59 c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe
----a-w 126,104 2006-03-27 15:57:12 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe
----a-w 180,269 2006-05-15 16:41:52 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 110,592 2003-08-19 06:01:00 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
----a-w 204,800 2003-08-27 01:47:34 c:\program files\Dell\Media Experience\bak\PCMService.exe
----a-w 270,336 2003-09-21 21:21:16 c:\program files\Dell AIO Printer A960\bak\dlbfbmgr.exe
----a-w 16,384 2007-11-15 14:24:00 c:\program files\Dell Support Center\gs_agent\custom\bak\dsca.exe
----a-w 16,384 2007-11-15 13:24:00 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
----a-w 460,784 2007-03-15 15:09:36 c:\program files\DellSupport\bak\DSAgnt.exe
----a-w 267,048 2008-01-15 08:22:56 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 290,088 2008-11-20 18:20:54 c:\program files\iTunes\iTunesHelper.exe
----a-w 132,496 2007-09-25 05:11:35 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 582,992 2007-08-04 06:33:14 c:\program files\McAfee.com\Agent\bak\mcagent.exe
----a-w 641,208 2008-07-11 22:48:54 c:\program files\McAfee.com\Agent\mcagent.exe
----a-w 53,248 2003-10-06 16:05:40 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe
----a-w 118,784 2003-10-06 16:05:40 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe
----a-w 99,480 2004-04-05 21:33:54 c:\program files\Pure Networks\Port Magic\bak\PortAOL.exe
----a-w 385,024 2008-01-10 20:27:36 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-11-04 15:30:50 c:\program files\QuickTime\QTTask.exe
----a-w 36,904 2007-01-17 19:24:46 c:\program files\SiteAdvisor\6172\bak\SiteAdv.exe
----a-w 28,672 2003-08-13 16:27:40 c:\windows\SYSTEM32\bak\DSentry.exe
----a-w 77,824 2005-09-20 13:32:24 c:\windows\SYSTEM32\bak\hkcmd.exe
----a-w 114,688 2005-09-20 13:36:20 c:\windows\SYSTEM32\bak\igfxpers.exe
----a-w 94,208 2005-09-20 13:35:40 c:\windows\SYSTEM32\bak\igfxtray.exe
----a-w 114,741 2003-08-06 07:04:00 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [N/A]
"AOL Fast Start"="c:\program files\America Online 9.0a\AOL.EXE" [2005-07-12 50776]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Sonic RecordNow!"="" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="c:\windows\BCMSMMSG.exe" [2003-08-29 122880]
"HostManager"="c:\program files\Common Files\AOL\1102280339\ee\AOLSoftware.exe" [N/A]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2006-05-14 28672]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102280339\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-11-12 29808]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-11-30 1086840]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [2007-12-05 20640]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2005-09-23 2799808]
.
Contents of the 'Scheduled Tasks' folder
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://home.bellsouth.net/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-07 15:54:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
Completion time: 2008-12-07 15:58:25
ComboFix-quarantined-files.txt 2008-12-07 20:57:07
ComboFix2.txt 2008-12-06 21:26:15
Pre-Run: 40,792,866,816 bytes free
Post-Run: 40,836,644,864 bytes free
422 --- E O F --- 2008-11-12 08:03:58
---------------------------------------------------------------------------------------
Malwarebytes log
---------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1471
Windows 5.1.2600 Service Pack 3
12/7/2008 6:31:25 PM
mbam-log-2008-12-07 (18-31-25).txt
Scan type: Full Scan (C:\|)
Objects scanned: 210742
Time elapsed: 1 hour(s), 55 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 27
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\himepuka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ledamine.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mejiyolo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mihitibo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\murodaji.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nemudodi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pivejehu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\remonawe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sawibinu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sovapeha.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tajovudi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tujiyivu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000041.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fakibaha.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\himegiwa.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------
HijackThis log
--------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:29 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.bellsouth.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BCMSMMSG] "C:\WINDOWS\BCMSMMSG.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102280339\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/share ... cgdmgr.cabO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (
www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 9206 bytes