Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Stealth search engine

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Stealth search engine

Unread postby thyroidnos » November 16th, 2009, 11:05 am

I have a search engine problem...when i use firefox and explorer and do a google search, the links often send me to some stealth search engine...very annoying. I have to browser back and try the link two to three times to get to the right page. I have an unrelated problem that i can't start my computer in safe mode (it gives me the blue screen warning) can't figure that one out. Heres my hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:02 AM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PivotSoftware] C:\Program Files\WinPortrait\wpctrl.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Startup Manager] C:\Program Files\Advanced System Optimizer\startUp manager.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Startup Manager] C:\Program Files\Advanced System Optimizer\startUp manager.exe (User 'Default user')
O4 - Startup: AOL Desktop.lnk = ?
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/prof ... itStop.CAB
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent ... Status.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: CopyPwd Service (CpPwdSvc) - Unknown owner - C:\Program Files\Laplink\PCmover\x32\cppwdsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\dtsrvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Seagate-Replica-Service - Unknown owner - C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe
O23 - Service: Seagate-Replica-SysMon - Unknown owner - C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12875 bytes
thyroidnos
Active Member
 
Posts: 11
Joined: November 15th, 2009, 10:32 pm
Advertisement
Register to Remove

Re: Stealth search engine

Unread postby MWR 3 day Mod » November 20th, 2009, 6:27 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Stealth search engine

Unread postby shinybeast » November 22nd, 2009, 4:57 pm

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • The instructions assume you are using an account with administrator privileges.
  • Do not run any other tools to remove malware while we are working.
  • Post all responses in a reply to this topic - Please do not start a new topic.
  • If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated. :)

I am researching your log and will have further instructions once they are approved.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Stealth search engine

Unread postby shinybeast » November 24th, 2009, 12:04 pm

Hi thyroidnos,

Let's look a little deeper.

DDS Scan

  • Please download DDS by sUBS from one of these links and save it to your desktop
    Link1 | Link 2
  • Double-click the file to start the scan
  • A black window will open and run the scan
  • When it finishes, two logs will automatically open with Notepad (DDS.txt and Attach.txt)
  • Save the logs to the desktop using Save As... and post the contents of both in your next reply


Scan with GMER

Please download GMER Rootkit Scanner from here.
  • Double click the randomly named .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image[
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button and wait for it to finish
  • Once done click on the Save.. button at lower right, and in the File name area, type in "Gmer.txt" (include the quotes) or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Please post back with DDS logs (dds.txt and attach.txt) along with the GMER log (gmer.txt).
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Stealth search engine

Unread postby thyroidnos » November 24th, 2009, 9:07 pm

ok here goes a lot of lines...thank you for your help

DDS (Ver_09-11-24.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/20/2005 2:49:49 PM
System Uptime: 11/24/2009 2:02:05 PM (0 hours ago)

Motherboard: Intel Corporation | | D945GCZ
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 173.37 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 2.234 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\GWY0889\4&581EE68&0&80861500&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\GWY0889\4&581EE68&0&80861500&00&02
Service: pdiddcci

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\GWY0889\4&581EE68&0&80861100&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\GWY0889\4&581EE68&0&80861100&00&02
Service: pdiddcci

==== System Restore Points ===================

RP324: 8/24/2009 10:13:23 AM - System Checkpoint
RP325: 8/25/2009 12:19:47 AM - Software Distribution Service 3.0
RP326: 8/26/2009 12:36:24 AM - Software Distribution Service 3.0
RP327: 8/27/2009 4:32:07 PM - System Checkpoint
RP328: 8/29/2009 8:39:48 PM - System Checkpoint
RP329: 8/31/2009 10:18:08 AM - System Checkpoint
RP330: 9/8/2009 7:16:01 PM - System Checkpoint
RP331: 9/8/2009 10:09:18 PM - Software Distribution Service 3.0
RP332: 9/9/2009 10:13:16 PM - System Checkpoint
RP333: 9/17/2009 10:22:58 PM - System Checkpoint
RP334: 9/17/2009 11:20:55 PM - Software Distribution Service 3.0
RP335: 9/18/2009 3:28:18 PM - Installed PCmover Professional.
RP336: 9/24/2009 11:06:01 AM - System Checkpoint
RP337: 9/25/2009 4:15:54 PM - System Checkpoint
RP338: 9/29/2009 2:33:19 PM - System Checkpoint
RP339: 10/1/2009 8:17:58 PM - System Checkpoint
RP340: 10/6/2009 12:03:29 AM - Software Distribution Service 3.0
RP341: 10/13/2009 11:47:23 PM - Software Distribution Service 3.0
RP342: 10/16/2009 5:02:32 PM - System Checkpoint
RP343: 10/19/2009 10:10:13 AM - System Checkpoint
RP344: 10/21/2009 8:07:34 AM - System Checkpoint
RP345: 10/25/2009 1:32:48 AM - System Checkpoint
RP346: 10/28/2009 3:14:53 PM - System Checkpoint
RP347: 10/29/2009 4:02:13 PM - System Checkpoint
RP348: 11/3/2009 11:29:48 PM - Software Distribution Service 3.0
RP349: 11/5/2009 9:17:39 AM - System Checkpoint
RP350: 11/6/2009 9:29:16 PM - System Checkpoint
RP351: 11/8/2009 8:35:03 PM - System Checkpoint
RP352: 11/9/2009 9:07:14 PM - System Checkpoint
RP353: 11/10/2009 8:22:45 PM - Installed Antispyware
RP354: 11/11/2009 4:29:11 PM - Software Distribution Service 3.0
RP355: 11/11/2009 7:03:28 PM - Installed Java(TM) 6 Update 17
RP356: 11/11/2009 7:49:09 PM - Advance System Optimizer Wed, Nov 11, 09 19:49
RP357: 11/11/2009 7:49:36 PM - Systweak System Optimizer Wed, Nov 11, 09 19:49
RP358: 11/11/2009 7:53:52 PM - Advanced Registry Optimizer Wed, Nov 11, 09 19:53
RP359: 11/11/2009 7:57:34 PM - Advanced Registry Optimizer - Before Optimize
RP360: 11/12/2009 9:17:47 PM - System Checkpoint
RP361: 11/16/2009 9:52:14 AM - System Checkpoint
RP362: 11/17/2009 7:08:29 PM - System Checkpoint
RP363: 11/19/2009 12:51:03 AM - System Checkpoint
RP364: 11/22/2009 8:50:03 PM - System Checkpoint
RP365: 11/24/2009 2:28:26 PM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
ACDSee for PENTAX 2.0
Acrobat.com
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe SVG Viewer 3.0
Advanced Registry Optimizer
Advanced System Optimizer
AnswerWorks 4.0 Runtime - English
Antispyware
AOL Pictures Tools (version 10.6.0.4)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AQUAZONE DESKTOP GARDEN
ArcSoft Software Suite
AT&T Yahoo! Applications
Bonjour
Brother MFL-Pro Suite
Calendar Creator 10
Canon Camera WIA Driver
Canon EOS-1D Mark II WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 20D WIA Driver
Canon Utilities EOS Capture 1.2
Canon Utilities EOS Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
CCScore
Cook'n with Betty Crocker
Creative WebCam Notebook Driver (1.04.01.0322)
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2008
Dev-C++ 5 beta 9 release (4.9.9.2)
Digital Media Reader
Discover PC and Windows Basics
DiscwareLite
DivX 5.2.1 (Playback Only)
Documents To Go
Dogz 5
Download Updater (AOL LLC)
Encyclopaedia Britannica CD Installer
EOS Capture 1.2
EOS Viewer Utility 1.2.1
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
EzTune
fflink
FloorPlan 3D v10
GnuCash 2.2.6
Google Chrome
Google SketchUp 7
Google Toolbar for Internet Explorer
Greeting Cards Deluxe
HijackThis 2.0.2
HotFax MessageCenter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hoyle Board Games 2005
Hoyle Card Games 2005
Hoyle Casino 2006 (remove only)
Hoyle Friday Night Poker
Hoyle Games Demo 2005
Hoyle Puzzle Games 2005
Intel Audio Studio
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
kgcbase
Kodak EasyShare software
Lexmark 2300 Series
Lexmark Fax Solutions
Lexmark Software Uninstall
Linksys Wireless-G USB Network Adapter
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft IntelliPoint 4.1
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Nero BurnRights
Nero OEM
netbrdg
Notifier
OfficeReady Professional 3.0
OfotoXMI
OpenOffice.org Installer 1.0
Palm Desktop
Panda ActiveScan 2.0
PCmover Professional
PhotoShow Deluxe 4
PhotoStitch
Picasa 3
Plucker 1.6
PowerDVD
Quicken 2005
Quicken WillMaker Plus 2006
QuickTime
RealPlayer
Recovery Software Suite Gateway
Safari
SAPI
SBC Yahoo! DSL Home Networking Installer
Seagate Replica v3.0.768.5345
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SHASTA
Shockwave
SigmaTel Audio
skin0001
SKINXSDK
SoftV92 Data Fax Modem with SmartCP
SpongeBob SquarePants Employee of the Month
staticcr
TaxCut New York 2008
TaxCut Premium + State + Efile 2008
tooltips
Trend Micro AntiVirus
Troy Oz Conversion Tool-DEMO 3.10
TrueSwitch Wizard SBC
TurboTax Deluxe 2007
Ulead PhotoImpact 10 SE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
USB Wireless Keyboard Driver
Virtual Earth 3D (Beta)
VPRINTOL
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
WordPerfect Office X3
Yahoo! Search Protection
Yahoo! Software Update
ZIP Reader 8.00.0018

==== Event Viewer Messages From Past Week ========

11/18/2009 4:07:07 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/18/2009 4:07:07 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


DDS (Ver_09-11-24.02) - NTFSx86
Run by Owner at 14:31:25.14 on Tue 11/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1386 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PivotSoftware] c:\program files\winportrait\wpctrl.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Startup Manager] c:\program files\advanced system optimizer\startUp manager.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\AOLDES~1.LNK -
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/prof ... itStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent ... Status.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\progra~1\mcafee\mcafee~1\mssshell.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1sy4oo2z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://us.ard.yahoo.com/SIG=14s5qqe8o/M ... .yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Lab&query=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\mickey\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-10 28552]
R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\seagate replica\bin\Seagate-Replica-Service.exe [2009-9-16 1818624]
R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\seagate replica\bin\Seagate-Replica-SysMon.exe [2009-9-16 78288]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-2-24 36368]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-9-25 2944]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-9-25 10368]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-24 50192]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-24 677128]
S3 CpPwdSvc;CopyPwd Service;c:\program files\laplink\pcmover\x32\cppwdsvc.exe [2009-3-26 46384]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2008-3-24 91392]

=============== Created Last 30 ================

2009-11-24 19:12:50 1172480 ----a-w- c:\windows\system32\SET3D.tmp
2009-11-19 04:19:06 0 d-----w- c:\docume~1\owner\applic~1\QuickScan
2009-11-12 03:41:58 607 ----a-w- c:\windows\Uninstall Manager.INI
2009-11-12 00:04:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-11 20:50:31 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-11 20:50:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 20:50:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-11 20:50:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 20:50:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 03:36:19 0 d-----w- c:\program files\ThreatFire
2009-11-11 01:44:27 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-11 01:42:37 0 d-----w- c:\program files\Panda Security
2009-11-11 01:22:52 0 d-----w- c:\docume~1\owner\applic~1\Antispyware
2009-11-11 01:22:45 0 d-----w- c:\program files\Antispyware
2009-11-09 04:02:39 0 d-----w- c:\program files\common files\xing shared
2009-11-01 03:22:30 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-11-20 01:42:57 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-11-09 04:02:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-06 01:42:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-04-17 19:51:56 168 --sh--r- c:\windows\system32\240ED6BF9D.sys
2009-04-17 19:51:56 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-07 23:32:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

============= FINISH: 14:33:21.21 ===============


GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-24 19:57:37
Windows 5.1.2600 Service Pack 3
Running: b6h1od0c.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdypoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00001160 -> \Driver\atapi \Device\Harddisk0\DR0 8A7F2E07

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
thyroidnos
Active Member
 
Posts: 11
Joined: November 15th, 2009, 10:32 pm

Re: Stealth search engine

Unread postby shinybeast » November 25th, 2009, 2:18 am

Hello thyroidnos,

Did you uninstall McAfee Antispyware? If you have not, please uninstall it before continuing. You may re-install it after we are finished. For now it is best to get it out of the way to prevent interference with our efforts to clean your computer.

Please perform the following.

ComboFix

Please visit this webpage for download links, and a guide for running Combofix.exe:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read the guide carefully and install the Recovery Console first.

NOTE: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. This is important!
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.

Please include the C:\ComboFix.txt in your next reply for further review.
**IMPORTANT !!! Save ComboFix.exe to your Desktop**

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



To post in next reply:
ComboFix log (C:\combofix.txt)
Update on how the computer is running
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Stealth search engine

Unread postby thyroidnos » November 25th, 2009, 1:51 pm

it's still redirecting but i ran the program as requested and here is the log...again thank you

ComboFix 09-11-25.01 - Owner 11/25/2009 12:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1561 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antispyware
c:\program files\Antispyware\Antispyware.url
c:\program files\Antispyware\DataBase.ref
c:\program files\Antispyware\vistaCPtasks.xml
c:\windows\desktop
c:\windows\desktop\Cook'n with Betty Crocker.lnk
c:\windows\MailSwitch.ocx
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-19 04:19 . 2009-11-25 14:21 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2009-11-19 04:19 . 2009-10-29 20:39 679936 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-19 04:19 . 2009-10-29 20:39 614400 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-12 00:04 . 2009-11-12 00:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-12 00:03 . 2009-11-12 00:03 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 00:02 . 2009-11-12 00:02 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-11 20:50 . 2009-11-11 20:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-11 20:50 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 20:50 . 2009-11-11 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-11 20:50 . 2009-11-19 05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 20:50 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 03:36 . 2009-11-11 21:06 -------- d-----w- c:\program files\ThreatFire
2009-11-11 01:42 . 2009-11-25 14:23 -------- d-----w- c:\program files\Panda Security
2009-11-11 01:22 . 2009-11-11 03:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Antispyware
2009-11-09 04:02 . 2009-11-09 04:02 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-09 04:02 . 2009-11-09 04:02 -------- d-----w- c:\program files\real
2009-11-01 03:22 . 2009-11-01 03:23 -------- d-----w- c:\program files\iTunes
2009-11-01 03:10 . 2009-11-01 03:10 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 01:26 . 2008-12-03 16:09 59184 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\toolbarsud.exe
2009-10-29 01:26 . 2006-04-06 15:33 81000 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\ProgUpd.dll
2009-10-29 01:26 . 2006-04-06 15:33 33896 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\postproc.exe
2009-10-29 01:26 . 2006-04-06 15:33 156264 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\setup.exe
2009-10-29 01:26 . 2008-12-02 18:34 2316392 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\ocpinst.exe
2009-10-29 01:26 . 2008-07-23 18:35 62248 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\ocpgc.exe
2009-10-29 01:26 . 2008-07-23 18:35 15144 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\ocpchk.dll
2009-10-29 01:26 . 2008-11-12 21:12 1370528 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\msvc9rt.exe
2009-10-29 01:26 . 2008-07-23 18:35 74536 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\instSup.dll
2009-10-29 01:26 . 2006-07-31 18:41 474184 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\gui.dll
2009-10-29 01:26 . 2006-04-06 15:33 25088 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\EEStart.exe
2009-10-29 01:26 . 2008-11-06 14:42 2100984 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4380.8.4\aol_toolbar_dual.exe
2009-10-29 01:23 . 2009-10-29 01:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Viewpoint
2009-10-29 01:23 . 2009-10-29 01:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AOL
2009-10-28 01:09 . 2009-10-28 01:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 01:42 . 2008-09-03 03:19 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-11-18 20:20 . 2005-10-22 00:36 -------- d-----w- c:\program files\Pure Networks
2009-11-16 01:56 . 2008-02-23 13:41 -------- d-----w- c:\program files\Trend Micro
2009-11-12 00:49 . 2008-04-24 16:05 -------- d-----w- c:\program files\Advanced System Optimizer
2009-11-12 00:03 . 2005-10-22 00:33 -------- d-----w- c:\program files\Java
2009-11-11 21:32 . 2007-02-22 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 13:41 . 2009-08-24 15:24 -------- d-----w- c:\program files\BitComet
2009-11-09 04:03 . 2005-10-22 00:36 -------- d-----w- c:\program files\Common Files\Real
2009-11-09 04:02 . 2008-11-06 11:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-06 01:42 . 2008-11-06 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-04 03:02 . 2005-10-22 00:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-01 04:27 . 2009-06-24 01:19 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-11-01 03:22 . 2005-12-28 13:26 -------- d-----w- c:\program files\iPod
2009-11-01 03:22 . 2007-07-04 06:03 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 03:06 . 2008-04-08 01:46 -------- d-----w- c:\program files\Safari
2009-10-11 23:57 . 2005-12-28 13:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-11 23:56 . 2005-10-22 00:52 143304 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 04:08 . 2005-10-22 00:28 -------- d-----w- c:\program files\Microsoft Works
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42 . 2009-04-04 20:24 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2007-11-13 03:18 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-04-17 19:51 . 2006-07-12 23:15 168 --sh--r- c:\windows\system32\240ED6BF9D.sys
2009-04-17 19:51 . 2006-07-12 23:15 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"AOL Fast Start"="c:\progra~1\AOL9~1.1A\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-05-10 7086080]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"PivotSoftware"="c:\program files\WinPortrait\wpctrl.exe" [2005-01-26 698104]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-21 995528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-09 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-12 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\progra~1\mcafee\MCAFEE~1\mssshell.dll" [2005-07-18 155769]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgpswx.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"c:\\Program Files\\Adobe\\Adobe GoLive CS\\GoLive.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"c:\\Program Files\\Linksys Wireless-G USB Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"22702:TCP"= 22702:TCP:BitComet 22702 TCP
"22702:UDP"= 22702:UDP:BitComet 22702 UDP

R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\Seagate Replica\bin\Seagate-Replica-SysMon.exe [9/16/2009 3:13 PM 78288]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/24/2009 3:42 PM 36368]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [9/25/2008 9:51 AM 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [9/25/2008 10:02 AM 61952]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [9/25/2008 9:51 AM 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [9/25/2008 9:50 AM 10368]
S2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe [9/16/2009 3:13 PM 1818624]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/24/2009 2:49 PM 50192]
S3 CpPwdSvc;CopyPwd Service;c:\program files\Laplink\PCmover\x32\cppwdsvc.exe [3/26/2009 11:24 AM 46384]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [3/24/2008 5:03 PM 91392]
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776000276-866684552-4279383214-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-12 04:59]

2009-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776000276-866684552-4279383214-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-12 04:59]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent ... Status.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://us.ard.yahoo.com/SIG=14s5qqe8o/M ... .yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Lab&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\mickey\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-PictureItSuiteTrial_v11 - c:\program files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe ADDREMOVE=1 SKU=TRIAL VERSION=11
AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 12:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7F2E07]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba16cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f1f852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9de6bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9df3a21
SendHandler -> NDIS.sys @ 0xb9dd187b
user & kernel MBR OK
copy of MBR has been found in sector 60 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Service]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\W5A 50N 06021]
@DACL=(02 0000)
"Analog Caps"="type(LCD)vcp(page0(02 04 05 06 08 0E 10 12 14(05 0< 0B) 16 18 1A 1E 20 30 3E 60(01 03) 8A 8C 9B 9C 9D 9E 9F A0 AA(01 04) AC AE B6 C6 C8 C9 D6(01 04) DF ))\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00asset_eep(40)\00\00\00mccs_ver(2.1)\00\00\00\09\00\00És\1e\00\00Ês\1e\1e\00asset_eep(40)mccs_ver(2.1)"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-25 12:44
ComboFix-quarantined-files.txt 2009-11-25 17:44

Pre-Run: 186,527,436,800 bytes free
Post-Run: 188,598,054,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 83E74E0727674389F7221E194ED9840A
thyroidnos
Active Member
 
Posts: 11
Joined: November 15th, 2009, 10:32 pm

Re: Stealth search engine

Unread postby shinybeast » November 26th, 2009, 2:12 pm

Hi thyroidnos,

It appears you may have a pesky rootkit. Let's try this.


TDSSKiller

  • Click here to download TDSSKiller to your desktop.
  • Extract TDSSKiller.rar to your desktop.
    NOTE: Close all running programs as a reboot may be necessary
  • Double-click TDSSKiller_2.0.0 RC3.exe to run the tool.
  • Once it is finished, click any key to continue and allow reboot as necessary.

  • After the tool has run and any necessary reboot has ocurred, copy the text in the codebox below
    Code: Select all
    cmd /c mbr.exe -t >log.txt&start log.txt
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • A log will open, please include the log in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Stealth search engine

Unread postby thyroidnos » November 27th, 2009, 4:26 pm

I think this finally zapped the problem. The search engines are working now without redirect. Any ideas how i got this or what it was? Thank you for all of your help.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 60 !
thyroidnos
Active Member
 
Posts: 11
Joined: November 15th, 2009, 10:32 pm

Re: Stealth search engine

Unread postby shinybeast » November 27th, 2009, 5:31 pm

Hi thyroidnos,

It was a newer variant of the TDSS rootkit. The security folks will learn to kill one and the bad guys come up with another. Kind of a vicious circle.
You had a rogue antispyware program, it probably came with that. I noticed you have had LimeWire and Bitcomet installed in the past. I do not know how it got on your computer but it is possible that it had something to do with use of P2P programs (LimeWire and Bitcomet). I would suggest you avoid using them in the future.


Delete this folder
c:\documents and settings\Owner\Application Data\Antispyware


Uninstall Programs

Click Start, click Run...
Type appwiz.cpl and press Enter to open Add or Remove Programs
For each of the programs listed below, highlight them in the list and click Remove

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


Once finished, close Add or Remove Programs window


We need to do a good online scan to check for leftovers. This will take some time so best to run it when you do not need the computer for awhile. Running TFC right before you scan will help minimize the time it takes to do the scan.


TFC (Temp File Cleaner)

  • Click here to download TFC by OldTimer and save it to your desktop.
    NOTE: Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

Note: TFC should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


ESET Online Scanner

Note: You will need to disable your Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

After the scan please run DDS again as described here and post new logs along with the ESET log. :)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Stealth search engine

Unread postby thyroidnos » November 28th, 2009, 4:54 pm

Ok hopefully i did everything correctly

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 60 !


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1de81e1a307f754d95c8967cadd349ce
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-28 01:33:37
# local_time=2009-11-27 08:33:37 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 106744 106744 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=158813
# found=0
# cleaned=0
# scan_time=10710
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1de81e1a307f754d95c8967cadd349ce
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-28 06:48:12
# local_time=2009-11-28 01:48:12 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 125490 125490 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=160323
# found=0
# cleaned=0
# scan_time=10839
thyroidnos
Active Member
 
Posts: 11
Joined: November 15th, 2009, 10:32 pm

Re: Stealth search engine

Unread postby shinybeast » November 29th, 2009, 2:13 am

Hi thyroidnos,

ESET log looks good. :) However, I asked to see DDS logs as well. We still have a little work to do.


Uninstall Programs

Click Start, click Run...
Type appwiz.cpl and press Enter to open Add or Remove Programs
For each of the programs listed below, highlight them in the list and click Remove

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


Once finished, close Add or Remove Programs window


CFScript

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad (Start > Run... > type notepad and press enter)
    Copy the text in the code box below and paste it into notepad.
    Code: Select all
    Folder::
    c:\program files\BitComet
    c:\documents and settings\Owner\Application Data\LimeWire
    
    Reg::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22702:TCP"=-
    "22702:UDP"=-
    
    SkipFix::
    

  4. Save this as CFScript.txt in the same location as ComboFix.exe (should be your Desktop)

    Image
  5. Refering to the picture above, drag CFScript.txt and drop it into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

*Do not forget to enable your protection programs before you connect to the internet!*


DDS Scan

  • Please download DDS by sUBS from one of these links and save it to your desktop.
    NOTE: You may still have DDS on your desktop, if you do, use the copy you have.
    Link1 | Link 2
  • Double-click the file to start the scan
  • A black window will open and run the scan
  • When it finishes, two logs will automatically open with Notepad (DDS.txt and Attach.txt)
  • Save the logs to the desktop using Save As... and post the contents of both in your next reply

Please post the combofix and dds logs in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Stealth search engine

Unread postby thyroidnos » November 29th, 2009, 11:22 am

Ok i did the two scans...limewire and bitcomet had been removed previously....here it goes

ComboFix 09-11-28.04 - Owner 11/29/2009 9:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1316 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\LimeWire
c:\documents and settings\Owner\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Owner\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Owner\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Owner\Application Data\LimeWire\downloads.dat
c:\documents and settings\Owner\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Owner\Application Data\LimeWire\gnutella.net
c:\documents and settings\Owner\Application Data\LimeWire\installation.props
c:\documents and settings\Owner\Application Data\LimeWire\library.dat
c:\documents and settings\Owner\Application Data\LimeWire\library5.dat
c:\documents and settings\Owner\Application Data\LimeWire\limewire.props
c:\documents and settings\Owner\Application Data\LimeWire\lock
c:\documents and settings\Owner\Application Data\LimeWire\mojito.props
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\310B24C2d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\39E91805d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF4d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A88d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Owner\Application Data\LimeWire\player.props
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Owner\Application Data\LimeWire\questions.props
c:\documents and settings\Owner\Application Data\LimeWire\responses.cache
c:\documents and settings\Owner\Application Data\LimeWire\simpp.xml
c:\documents and settings\Owner\Application Data\LimeWire\spam.dat
c:\documents and settings\Owner\Application Data\LimeWire\tables.props
c:\documents and settings\Owner\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Owner\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Owner\Application Data\LimeWire\version.xml
c:\documents and settings\Owner\Application Data\LimeWire\versions.props
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\audio.sxml3
c:\program files\BitComet
c:\program files\BitComet\archive\4ed997169a99888cadae66f2023080e69e7bf42b.torrent
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\share\my_shares.xml
c:\program files\BitComet\torrents\Lo_uR_eed09-Aug-2009.part1.rar.xml
c:\program files\BitComet\torrents\Lou Reed - 1974 - Rock 'N' Roll Animal ( Live ).torrent
c:\program files\BitComet\torrents\Lou Reed - 1974 - Rock 'N' Roll Animal ( Live ).xml

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-28 02:56 . 2009-11-28 02:57 -------- d-----w- c:\program files\QuickTime
2009-11-27 22:32 . 2009-11-27 22:32 -------- d-----w- c:\program files\ESET
2009-11-19 04:19 . 2009-11-25 14:21 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2009-11-19 04:19 . 2009-10-29 20:39 679936 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-19 04:19 . 2009-10-29 20:39 614400 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-12 00:04 . 2009-11-12 00:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-12 00:03 . 2009-11-12 00:03 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 00:02 . 2009-11-12 00:02 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-11 20:50 . 2009-11-11 20:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-11 20:50 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 20:50 . 2009-11-11 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-11 20:50 . 2009-11-19 05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 20:50 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 03:36 . 2009-11-11 21:06 -------- d-----w- c:\program files\ThreatFire
2009-11-11 01:42 . 2009-11-25 14:23 -------- d-----w- c:\program files\Panda Security
2009-11-09 04:02 . 2009-11-09 04:02 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-09 04:02 . 2009-11-09 04:02 -------- d-----w- c:\program files\real
2009-11-01 03:22 . 2009-11-01 03:23 -------- d-----w- c:\program files\iTunes
2009-11-01 03:10 . 2009-11-01 03:10 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 21:53 . 2005-10-22 00:33 -------- d-----w- c:\program files\Java
2009-11-27 20:13 . 2004-08-04 05:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 01:42 . 2008-09-03 03:19 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-11-18 20:20 . 2005-10-22 00:36 -------- d-----w- c:\program files\Pure Networks
2009-11-16 01:56 . 2008-02-23 13:41 -------- d-----w- c:\program files\Trend Micro
2009-11-12 00:49 . 2008-04-24 16:05 -------- d-----w- c:\program files\Advanced System Optimizer
2009-11-11 21:32 . 2007-02-22 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-09 04:03 . 2005-10-22 00:36 -------- d-----w- c:\program files\Common Files\Real
2009-11-09 04:02 . 2008-11-06 11:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-06 01:42 . 2008-11-06 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-04 03:02 . 2005-10-22 00:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-01 03:22 . 2005-12-28 13:26 -------- d-----w- c:\program files\iPod
2009-11-01 03:22 . 2007-07-04 06:03 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 03:06 . 2008-04-08 01:46 -------- d-----w- c:\program files\Safari
2009-10-11 23:57 . 2005-12-28 13:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-11 23:56 . 2005-10-22 00:52 143304 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 04:08 . 2005-10-22 00:28 -------- d-----w- c:\program files\Microsoft Works
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-04-17 19:51 . 2006-07-12 23:15 168 --sh--r- c:\windows\system32\240ED6BF9D.sys
2009-04-17 19:51 . 2006-07-12 23:15 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2009-11-27 20:13 . 0CCD9F78F0539530115AB33FEFB214EB . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-25_17.38.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 14:35 . 2009-11-29 14:35 16384 c:\windows\Temp\Perflib_Perfdata_540.dat
- 2008-08-07 23:32 . 2009-11-25 13:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-07 23:32 . 2009-11-27 14:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-10-28 01:09 . 2009-11-25 13:52 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-28 01:09 . 2009-11-27 14:49 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2008-08-07 23:32 . 2009-11-25 13:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-07 23:32 . 2009-11-27 14:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-28 02:53 . 2009-11-28 02:53 796672 c:\windows\Installer\f158e8.msi
+ 2009-11-28 02:57 . 2009-11-28 02:57 9473024 c:\windows\Installer\f15b79.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-05-10 7086080]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"PivotSoftware"="c:\program files\WinPortrait\wpctrl.exe" [2005-01-26 698104]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-21 995528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-09 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-12 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\progra~1\mcafee\MCAFEE~1\mssshell.dll" [2005-07-18 155769]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgpswx.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"c:\\Program Files\\Adobe\\Adobe GoLive CS\\GoLive.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"c:\\Program Files\\Linksys Wireless-G USB Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"22702:TCP"= 22702:TCP:BitComet 22702 TCP
"22702:UDP"= 22702:UDP:BitComet 22702 UDP

R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\Seagate Replica\bin\Seagate-Replica-SysMon.exe [9/16/2009 3:13 PM 78288]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/24/2009 3:42 PM 36368]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [9/25/2008 9:51 AM 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [9/25/2008 10:02 AM 61952]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [9/25/2008 9:51 AM 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [9/25/2008 9:50 AM 10368]
S2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe [9/16/2009 3:13 PM 1818624]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/24/2009 2:49 PM 50192]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2/24/2009 2:49 PM 677128]
S3 CpPwdSvc;CopyPwd Service;c:\program files\Laplink\PCmover\x32\cppwdsvc.exe [3/26/2009 11:24 AM 46384]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [3/24/2008 5:03 PM 91392]
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776000276-866684552-4279383214-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-12 04:59]

2009-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776000276-866684552-4279383214-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-12 04:59]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent ... Status.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://us.ard.yahoo.com/SIG=14s5qqe8o/M ... .yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Lab&query=
FF - plugin: c:\documents and settings\mickey\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Service]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\W5A 50N 06021]
@DACL=(02 0000)
"Analog Caps"="type(LCD)vcp(page0(02 04 05 06 08 0E 10 12 14(05 0< 0B) 16 18 1A 1E 20 30 3E 60(01 03) 8A 8C 9B 9C 9D 9E 9F A0 AA(01 04) AC AE B6 C6 C8 C9 D6(01 04) DF ))\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00asset_eep(40)\00\00\00mccs_ver(2.1)\00\00\00\09\00\00És\1e\00\00Ês\1e\1e\00asset_eep(40)mccs_ver(2.1)"
.
Completion time: 2009-11-29 10:01
ComboFix-quarantined-files.txt 2009-11-29 15:00
ComboFix2.txt 2009-11-25 17:44

Pre-Run: 188,715,065,344 bytes free
Post-Run: 188,711,063,552 bytes free

- - End Of File - - 57A298DDE5FD15EC43979D26FE8D320B



DDS (Ver_09-11-24.02) - NTFSx86
Run by Owner at 10:18:31.12 on Sun 11/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1435 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PivotSoftware] c:\program files\winportrait\wpctrl.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [Startup Manager] c:\program files\advanced system optimizer\startUp manager.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\AOLDES~1.LNK -
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/prof ... itStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent ... Status.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\progra~1\mcafee\mcafee~1\mssshell.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1sy4oo2z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://us.ard.yahoo.com/SIG=14s5qqe8o/M ... .yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Lab&query=
FF - plugin: c:\documents and settings\mickey\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\seagate replica\bin\Seagate-Replica-Service.exe [2009-9-16 1818624]
R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\seagate replica\bin\Seagate-Replica-SysMon.exe [2009-9-16 78288]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-24 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-2-24 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-24 677128]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-9-25 2944]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-9-25 10368]
S3 CpPwdSvc;CopyPwd Service;c:\program files\laplink\pcmover\x32\cppwdsvc.exe [2009-3-26 46384]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2008-3-24 91392]

=============== Created Last 30 ================

2009-11-29 14:51:21 0 d-----w- C:\ComboFix
2009-11-27 22:32:14 0 d-----w- c:\program files\ESET
2009-11-25 17:22:13 0 d-sha-r- C:\cmdcons
2009-11-25 17:17:21 98816 ----a-w- c:\windows\sed.exe
2009-11-25 17:17:21 77312 ----a-w- c:\windows\MBR.exe
2009-11-25 17:17:21 260608 ----a-w- c:\windows\PEV.exe
2009-11-25 17:17:21 161792 ----a-w- c:\windows\SWREG.exe
2009-11-19 04:19:06 0 d-----w- c:\docume~1\owner\applic~1\QuickScan
2009-11-12 03:41:58 607 ----a-w- c:\windows\Uninstall Manager.INI
2009-11-12 00:04:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-11 20:50:31 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-11 20:50:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 20:50:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-11 20:50:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 20:50:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 04:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 04:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-11 03:36:19 0 d-----w- c:\program files\ThreatFire
2009-11-11 01:42:37 0 d-----w- c:\program files\Panda Security
2009-11-09 04:02:39 0 d-----w- c:\program files\common files\xing shared
2009-11-01 03:22:30 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-11-27 20:13:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 01:42:57 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-11-09 04:02:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-06 01:42:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-04-17 19:51:56 168 --sh--r- c:\windows\system32\240ED6BF9D.sys
2009-04-17 19:51:56 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-07 23:32:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

============= FINISH: 10:19:19.42 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-24.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/20/2005 2:49:49 PM
System Uptime: 11/29/2009 10:14:24 AM (0 hours ago)

Motherboard: Intel Corporation | | D945GCZ
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 175.783 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 2.234 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\GWY0889\4&581EE68&0&80861500&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\GWY0889\4&581EE68&0&80861500&00&02
Service: pdiddcci

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\GWY0889\4&581EE68&0&80861100&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\GWY0889\4&581EE68&0&80861100&00&02
Service: pdiddcci

==== System Restore Points ===================

RP329: 8/31/2009 10:18:08 AM - System Checkpoint
RP330: 9/8/2009 7:16:01 PM - System Checkpoint
RP331: 9/8/2009 10:09:18 PM - Software Distribution Service 3.0
RP332: 9/9/2009 10:13:16 PM - System Checkpoint
RP333: 9/17/2009 10:22:58 PM - System Checkpoint
RP334: 9/17/2009 11:20:55 PM - Software Distribution Service 3.0
RP335: 9/18/2009 3:28:18 PM - Installed PCmover Professional.
RP336: 9/24/2009 11:06:01 AM - System Checkpoint
RP337: 9/25/2009 4:15:54 PM - System Checkpoint
RP338: 9/29/2009 2:33:19 PM - System Checkpoint
RP339: 10/1/2009 8:17:58 PM - System Checkpoint
RP340: 10/6/2009 12:03:29 AM - Software Distribution Service 3.0
RP341: 10/13/2009 11:47:23 PM - Software Distribution Service 3.0
RP342: 10/16/2009 5:02:32 PM - System Checkpoint
RP343: 10/19/2009 10:10:13 AM - System Checkpoint
RP344: 10/21/2009 8:07:34 AM - System Checkpoint
RP345: 10/25/2009 1:32:48 AM - System Checkpoint
RP346: 10/28/2009 3:14:53 PM - System Checkpoint
RP347: 10/29/2009 4:02:13 PM - System Checkpoint
RP348: 11/3/2009 11:29:48 PM - Software Distribution Service 3.0
RP349: 11/5/2009 9:17:39 AM - System Checkpoint
RP350: 11/6/2009 9:29:16 PM - System Checkpoint
RP351: 11/8/2009 8:35:03 PM - System Checkpoint
RP352: 11/9/2009 9:07:14 PM - System Checkpoint
RP353: 11/10/2009 8:22:45 PM - Installed Antispyware
RP354: 11/11/2009 4:29:11 PM - Software Distribution Service 3.0
RP355: 11/11/2009 7:03:28 PM - Installed Java(TM) 6 Update 17
RP356: 11/11/2009 7:49:09 PM - Advance System Optimizer Wed, Nov 11, 09 19:49
RP357: 11/11/2009 7:49:36 PM - Systweak System Optimizer Wed, Nov 11, 09 19:49
RP358: 11/11/2009 7:53:52 PM - Advanced Registry Optimizer Wed, Nov 11, 09 19:53
RP359: 11/11/2009 7:57:34 PM - Advanced Registry Optimizer - Before Optimize
RP360: 11/12/2009 9:17:47 PM - System Checkpoint
RP361: 11/16/2009 9:52:14 AM - System Checkpoint
RP362: 11/17/2009 7:08:29 PM - System Checkpoint
RP363: 11/19/2009 12:51:03 AM - System Checkpoint
RP364: 11/22/2009 8:50:03 PM - System Checkpoint
RP365: 11/24/2009 2:28:26 PM - Software Distribution Service 3.0
RP366: 11/27/2009 3:23:38 PM - post malware
RP367: 11/27/2009 4:44:16 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP368: 11/27/2009 4:46:26 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP369: 11/27/2009 4:48:52 PM - Removed Java(TM) 6 Update 3
RP370: 11/27/2009 4:52:51 PM - Removed Java(TM) 6 Update 5
RP371: 11/27/2009 4:58:49 PM - Removed Java(TM) 6 Update 7
RP372: 11/27/2009 9:55:04 PM - Installed QuickTime
RP373: 11/28/2009 10:51:22 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
ACDSee for PENTAX 2.0
Acrobat.com
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe SVG Viewer 3.0
Advanced Registry Optimizer
Advanced System Optimizer
AnswerWorks 4.0 Runtime - English
Antispyware
AOL Pictures Tools (version 10.6.0.4)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AQUAZONE DESKTOP GARDEN
ArcSoft Software Suite
AT&T Yahoo! Applications
Bonjour
Brother MFL-Pro Suite
Calendar Creator 10
Canon Camera WIA Driver
Canon EOS-1D Mark II WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 20D WIA Driver
Canon Utilities EOS Capture 1.2
Canon Utilities EOS Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
CCScore
Cook'n with Betty Crocker
Creative WebCam Notebook Driver (1.04.01.0322)
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2008
Dev-C++ 5 beta 9 release (4.9.9.2)
Digital Media Reader
Discover PC and Windows Basics
DiscwareLite
DivX 5.2.1 (Playback Only)
Documents To Go
Dogz 5
Download Updater (AOL LLC)
Encyclopaedia Britannica CD Installer
EOS Capture 1.2
EOS Viewer Utility 1.2.1
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
EzTune
fflink
FloorPlan 3D v10
GnuCash 2.2.6
Google Chrome
Google SketchUp 7
Google Toolbar for Internet Explorer
Greeting Cards Deluxe
HijackThis 2.0.2
HotFax MessageCenter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hoyle Board Games 2005
Hoyle Card Games 2005
Hoyle Casino 2006 (remove only)
Hoyle Friday Night Poker
Hoyle Games Demo 2005
Hoyle Puzzle Games 2005
Intel Audio Studio
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
iPod for Windows 2006-03-23
iTunes
Java(TM) 6 Update 17
kgcbase
Kodak EasyShare software
Lexmark 2300 Series
Lexmark Fax Solutions
Lexmark Software Uninstall
Linksys Wireless-G USB Network Adapter
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft IntelliPoint 4.1
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Nero BurnRights
Nero OEM
netbrdg
Notifier
OfficeReady Professional 3.0
OfotoXMI
OpenOffice.org Installer 1.0
Palm Desktop
PCmover Professional
PhotoShow Deluxe 4
PhotoStitch
Picasa 3
Plucker 1.6
PowerDVD
Quicken 2005
Quicken WillMaker Plus 2006
QuickTime
Recovery Software Suite Gateway
Safari
SAPI
SBC Yahoo! DSL Home Networking Installer
Seagate Replica v3.0.768.5345
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SHASTA
Shockwave
SigmaTel Audio
skin0001
SKINXSDK
SoftV92 Data Fax Modem with SmartCP
SpongeBob SquarePants Employee of the Month
staticcr
TaxCut New York 2008
TaxCut Premium + State + Efile 2008
tooltips
Trend Micro AntiVirus
Troy Oz Conversion Tool-DEMO 3.10
TrueSwitch Wizard SBC
TurboTax Deluxe 2007
Ulead PhotoImpact 10 SE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
USB Wireless Keyboard Driver
Virtual Earth 3D (Beta)
VPRINTOL
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
WordPerfect Office X3
Yahoo! Search Protection
Yahoo! Software Update
ZIP Reader 8.00.0018

==== Event Viewer Messages From Past Week ========

11/27/2009 9:49:58 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/27/2009 9:49:58 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The WUSB54Gv4SVC service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The McAfee AntiSpyware Real-Time Scanner service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Brother Popup Suspend service for Resource manager service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7031] - The Seagate-Replica-SysMon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Restart the service.
11/27/2009 5:27:20 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/27/2009 5:27:12 PM, error: Service Control Manager [7034] - The Trend Micro Unauthorized Change Prevention Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 4:45:19 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/27/2009 3:13:35 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\drivers\atapi.sys could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
11/25/2009 12:41:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WUSB54Gv4SVC service.
11/25/2009 12:24:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Seagate-Replica-Service service to connect.
11/25/2009 12:24:36 PM, error: Service Control Manager [7000] - The Seagate-Replica-Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2009 12:24:34 PM, error: Service Control Manager [7031] - The Seagate-Replica-Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2500 milliseconds: Restart the service.
11/25/2009 12:24:29 PM, error: Service Control Manager [7034] - The Portrait Displays Display Tune Service service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 12:24:29 PM, error: Service Control Manager [7034] - The Asset Management Daemon service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 12:24:29 PM, error: Service Control Manager [7031] - The Seagate-Replica-Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2500 milliseconds: Restart the service.
11/25/2009 12:14:30 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 12:14:19 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 12:13:44 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
thyroidnos
Active Member
 
Posts: 11
Joined: November 15th, 2009, 10:32 pm

Re: Stealth search engine

Unread postby thyroidnos » November 29th, 2009, 11:23 am

Ok i did the two scans...limewire and bitcomet had been removed previously....here it goes

ComboFix 09-11-28.04 - Owner 11/29/2009 9:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1316 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\LimeWire
c:\documents and settings\Owner\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Owner\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Owner\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Owner\Application Data\LimeWire\downloads.dat
c:\documents and settings\Owner\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Owner\Application Data\LimeWire\gnutella.net
c:\documents and settings\Owner\Application Data\LimeWire\installation.props
c:\documents and settings\Owner\Application Data\LimeWire\library.dat
c:\documents and settings\Owner\Application Data\LimeWire\library5.dat
c:\documents and settings\Owner\Application Data\LimeWire\limewire.props
c:\documents and settings\Owner\Application Data\LimeWire\lock
c:\documents and settings\Owner\Application Data\LimeWire\mojito.props
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\310B24C2d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\39E91805d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF4d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A88d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Owner\Application Data\LimeWire\player.props
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Owner\Application Data\LimeWire\questions.props
c:\documents and settings\Owner\Application Data\LimeWire\responses.cache
c:\documents and settings\Owner\Application Data\LimeWire\simpp.xml
c:\documents and settings\Owner\Application Data\LimeWire\spam.dat
c:\documents and settings\Owner\Application Data\LimeWire\tables.props
c:\documents and settings\Owner\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Owner\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Owner\Application Data\LimeWire\version.xml
c:\documents and settings\Owner\Application Data\LimeWire\versions.props
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\audio.sxml3
c:\program files\BitComet
c:\program files\BitComet\archive\4ed997169a99888cadae66f2023080e69e7bf42b.torrent
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\share\my_shares.xml
c:\program files\BitComet\torrents\Lo_uR_eed09-Aug-2009.part1.rar.xml
c:\program files\BitComet\torrents\Lou Reed - 1974 - Rock 'N' Roll Animal ( Live ).torrent
c:\program files\BitComet\torrents\Lou Reed - 1974 - Rock 'N' Roll Animal ( Live ).xml

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-28 02:56 . 2009-11-28 02:57 -------- d-----w- c:\program files\QuickTime
2009-11-27 22:32 . 2009-11-27 22:32 -------- d-----w- c:\program files\ESET
2009-11-19 04:19 . 2009-11-25 14:21 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2009-11-19 04:19 . 2009-10-29 20:39 679936 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-19 04:19 . 2009-10-29 20:39 614400 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-12 00:04 . 2009-11-12 00:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-12 00:03 . 2009-11-12 00:03 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 00:02 . 2009-11-12 00:02 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-11 20:50 . 2009-11-11 20:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-11 20:50 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 20:50 . 2009-11-11 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-11 20:50 . 2009-11-19 05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 20:50 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 03:36 . 2009-11-11 21:06 -------- d-----w- c:\program files\ThreatFire
2009-11-11 01:42 . 2009-11-25 14:23 -------- d-----w- c:\program files\Panda Security
2009-11-09 04:02 . 2009-11-09 04:02 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-09 04:02 . 2009-11-09 04:02 -------- d-----w- c:\program files\real
2009-11-01 03:22 . 2009-11-01 03:23 -------- d-----w- c:\program files\iTunes
2009-11-01 03:10 . 2009-11-01 03:10 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 21:53 . 2005-10-22 00:33 -------- d-----w- c:\program files\Java
2009-11-27 20:13 . 2004-08-04 05:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 01:42 . 2008-09-03 03:19 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-11-18 20:20 . 2005-10-22 00:36 -------- d-----w- c:\program files\Pure Networks
2009-11-16 01:56 . 2008-02-23 13:41 -------- d-----w- c:\program files\Trend Micro
2009-11-12 00:49 . 2008-04-24 16:05 -------- d-----w- c:\program files\Advanced System Optimizer
2009-11-11 21:32 . 2007-02-22 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-09 04:03 . 2005-10-22 00:36 -------- d-----w- c:\program files\Common Files\Real
2009-11-09 04:02 . 2008-11-06 11:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-06 01:42 . 2008-11-06 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-04 03:02 . 2005-10-22 00:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-01 03:22 . 2005-12-28 13:26 -------- d-----w- c:\program files\iPod
2009-11-01 03:22 . 2007-07-04 06:03 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 03:06 . 2008-04-08 01:46 -------- d-----w- c:\program files\Safari
2009-10-11 23:57 . 2005-12-28 13:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-11 23:56 . 2005-10-22 00:52 143304 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 04:08 . 2005-10-22 00:28 -------- d-----w- c:\program files\Microsoft Works
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-04-17 19:51 . 2006-07-12 23:15 168 --sh--r- c:\windows\system32\240ED6BF9D.sys
2009-04-17 19:51 . 2006-07-12 23:15 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2009-11-27 20:13 . 0CCD9F78F0539530115AB33FEFB214EB . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-25_17.38.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 14:35 . 2009-11-29 14:35 16384 c:\windows\Temp\Perflib_Perfdata_540.dat
- 2008-08-07 23:32 . 2009-11-25 13:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-07 23:32 . 2009-11-27 14:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-10-28 01:09 . 2009-11-25 13:52 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-28 01:09 . 2009-11-27 14:49 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2008-08-07 23:32 . 2009-11-25 13:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-07 23:32 . 2009-11-27 14:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-28 02:53 . 2009-11-28 02:53 796672 c:\windows\Installer\f158e8.msi
+ 2009-11-28 02:57 . 2009-11-28 02:57 9473024 c:\windows\Installer\f15b79.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-05-10 7086080]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"PivotSoftware"="c:\program files\WinPortrait\wpctrl.exe" [2005-01-26 698104]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-21 995528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-09 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-12 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\progra~1\mcafee\MCAFEE~1\mssshell.dll" [2005-07-18 155769]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgpswx.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129941372\\EE\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"c:\\Program Files\\Adobe\\Adobe GoLive CS\\GoLive.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"c:\\Program Files\\Linksys Wireless-G USB Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"22702:TCP"= 22702:TCP:BitComet 22702 TCP
"22702:UDP"= 22702:UDP:BitComet 22702 UDP

R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\Seagate Replica\bin\Seagate-Replica-SysMon.exe [9/16/2009 3:13 PM 78288]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/24/2009 3:42 PM 36368]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [9/25/2008 9:51 AM 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [9/25/2008 10:02 AM 61952]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [9/25/2008 9:51 AM 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [9/25/2008 9:50 AM 10368]
S2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe [9/16/2009 3:13 PM 1818624]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/24/2009 2:49 PM 50192]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2/24/2009 2:49 PM 677128]
S3 CpPwdSvc;CopyPwd Service;c:\program files\Laplink\PCmover\x32\cppwdsvc.exe [3/26/2009 11:24 AM 46384]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [3/24/2008 5:03 PM 91392]
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776000276-866684552-4279383214-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-12 04:59]

2009-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776000276-866684552-4279383214-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-12 04:59]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent ... Status.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sy4oo2z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://us.ard.yahoo.com/SIG=14s5qqe8o/M ... .yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Lab&query=
FF - plugin: c:\documents and settings\mickey\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Service]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\W5A 50N 06021]
@DACL=(02 0000)
"Analog Caps"="type(LCD)vcp(page0(02 04 05 06 08 0E 10 12 14(05 0< 0B) 16 18 1A 1E 20 30 3E 60(01 03) 8A 8C 9B 9C 9D 9E 9F A0 AA(01 04) AC AE B6 C6 C8 C9 D6(01 04) DF ))\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00asset_eep(40)\00\00\00mccs_ver(2.1)\00\00\00\09\00\00És\1e\00\00Ês\1e\1e\00asset_eep(40)mccs_ver(2.1)"
.
Completion time: 2009-11-29 10:01
ComboFix-quarantined-files.txt 2009-11-29 15:00
ComboFix2.txt 2009-11-25 17:44

Pre-Run: 188,715,065,344 bytes free
Post-Run: 188,711,063,552 bytes free

- - End Of File - - 57A298DDE5FD15EC43979D26FE8D320B



DDS (Ver_09-11-24.02) - NTFSx86
Run by Owner at 10:18:31.12 on Sun 11/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1435 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Gateway\EzTune\dtsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PivotSoftware] c:\program files\winportrait\wpctrl.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [Startup Manager] c:\program files\advanced system optimizer\startUp manager.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\AOLDES~1.LNK -
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/prof ... itStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent ... Status.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\progra~1\mcafee\mcafee~1\mssshell.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1sy4oo2z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://us.ard.yahoo.com/SIG=14s5qqe8o/M ... .yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Lab&query=
FF - plugin: c:\documents and settings\mickey\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\seagate replica\bin\Seagate-Replica-Service.exe [2009-9-16 1818624]
R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\seagate replica\bin\Seagate-Replica-SysMon.exe [2009-9-16 78288]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-24 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-2-24 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-24 677128]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-9-25 2944]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-9-25 10368]
S3 CpPwdSvc;CopyPwd Service;c:\program files\laplink\pcmover\x32\cppwdsvc.exe [2009-3-26 46384]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2008-3-24 91392]

=============== Created Last 30 ================

2009-11-29 14:51:21 0 d-----w- C:\ComboFix
2009-11-27 22:32:14 0 d-----w- c:\program files\ESET
2009-11-25 17:22:13 0 d-sha-r- C:\cmdcons
2009-11-25 17:17:21 98816 ----a-w- c:\windows\sed.exe
2009-11-25 17:17:21 77312 ----a-w- c:\windows\MBR.exe
2009-11-25 17:17:21 260608 ----a-w- c:\windows\PEV.exe
2009-11-25 17:17:21 161792 ----a-w- c:\windows\SWREG.exe
2009-11-19 04:19:06 0 d-----w- c:\docume~1\owner\applic~1\QuickScan
2009-11-12 03:41:58 607 ----a-w- c:\windows\Uninstall Manager.INI
2009-11-12 00:04:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-11 20:50:31 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-11 20:50:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 20:50:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-11 20:50:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 20:50:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 04:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 04:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-11 03:36:19 0 d-----w- c:\program files\ThreatFire
2009-11-11 01:42:37 0 d-----w- c:\program files\Panda Security
2009-11-09 04:02:39 0 d-----w- c:\program files\common files\xing shared
2009-11-01 03:22:30 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-11-27 20:13:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 01:42:57 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-11-09 04:02:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-06 01:42:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-04-17 19:51:56 168 --sh--r- c:\windows\system32\240ED6BF9D.sys
2009-04-17 19:51:56 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-07 23:32:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

============= FINISH: 10:19:19.42 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-24.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/20/2005 2:49:49 PM
System Uptime: 11/29/2009 10:14:24 AM (0 hours ago)

Motherboard: Intel Corporation | | D945GCZ
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 175.783 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 2.234 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\GWY0889\4&581EE68&0&80861500&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\GWY0889\4&581EE68&0&80861500&00&02
Service: pdiddcci

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\GWY0889\4&581EE68&0&80861100&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\GWY0889\4&581EE68&0&80861100&00&02
Service: pdiddcci

==== System Restore Points ===================

RP329: 8/31/2009 10:18:08 AM - System Checkpoint
RP330: 9/8/2009 7:16:01 PM - System Checkpoint
RP331: 9/8/2009 10:09:18 PM - Software Distribution Service 3.0
RP332: 9/9/2009 10:13:16 PM - System Checkpoint
RP333: 9/17/2009 10:22:58 PM - System Checkpoint
RP334: 9/17/2009 11:20:55 PM - Software Distribution Service 3.0
RP335: 9/18/2009 3:28:18 PM - Installed PCmover Professional.
RP336: 9/24/2009 11:06:01 AM - System Checkpoint
RP337: 9/25/2009 4:15:54 PM - System Checkpoint
RP338: 9/29/2009 2:33:19 PM - System Checkpoint
RP339: 10/1/2009 8:17:58 PM - System Checkpoint
RP340: 10/6/2009 12:03:29 AM - Software Distribution Service 3.0
RP341: 10/13/2009 11:47:23 PM - Software Distribution Service 3.0
RP342: 10/16/2009 5:02:32 PM - System Checkpoint
RP343: 10/19/2009 10:10:13 AM - System Checkpoint
RP344: 10/21/2009 8:07:34 AM - System Checkpoint
RP345: 10/25/2009 1:32:48 AM - System Checkpoint
RP346: 10/28/2009 3:14:53 PM - System Checkpoint
RP347: 10/29/2009 4:02:13 PM - System Checkpoint
RP348: 11/3/2009 11:29:48 PM - Software Distribution Service 3.0
RP349: 11/5/2009 9:17:39 AM - System Checkpoint
RP350: 11/6/2009 9:29:16 PM - System Checkpoint
RP351: 11/8/2009 8:35:03 PM - System Checkpoint
RP352: 11/9/2009 9:07:14 PM - System Checkpoint
RP353: 11/10/2009 8:22:45 PM - Installed Antispyware
RP354: 11/11/2009 4:29:11 PM - Software Distribution Service 3.0
RP355: 11/11/2009 7:03:28 PM - Installed Java(TM) 6 Update 17
RP356: 11/11/2009 7:49:09 PM - Advance System Optimizer Wed, Nov 11, 09 19:49
RP357: 11/11/2009 7:49:36 PM - Systweak System Optimizer Wed, Nov 11, 09 19:49
RP358: 11/11/2009 7:53:52 PM - Advanced Registry Optimizer Wed, Nov 11, 09 19:53
RP359: 11/11/2009 7:57:34 PM - Advanced Registry Optimizer - Before Optimize
RP360: 11/12/2009 9:17:47 PM - System Checkpoint
RP361: 11/16/2009 9:52:14 AM - System Checkpoint
RP362: 11/17/2009 7:08:29 PM - System Checkpoint
RP363: 11/19/2009 12:51:03 AM - System Checkpoint
RP364: 11/22/2009 8:50:03 PM - System Checkpoint
RP365: 11/24/2009 2:28:26 PM - Software Distribution Service 3.0
RP366: 11/27/2009 3:23:38 PM - post malware
RP367: 11/27/2009 4:44:16 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP368: 11/27/2009 4:46:26 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP369: 11/27/2009 4:48:52 PM - Removed Java(TM) 6 Update 3
RP370: 11/27/2009 4:52:51 PM - Removed Java(TM) 6 Update 5
RP371: 11/27/2009 4:58:49 PM - Removed Java(TM) 6 Update 7
RP372: 11/27/2009 9:55:04 PM - Installed QuickTime
RP373: 11/28/2009 10:51:22 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
ACDSee for PENTAX 2.0
Acrobat.com
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe SVG Viewer 3.0
Advanced Registry Optimizer
Advanced System Optimizer
AnswerWorks 4.0 Runtime - English
Antispyware
AOL Pictures Tools (version 10.6.0.4)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AQUAZONE DESKTOP GARDEN
ArcSoft Software Suite
AT&T Yahoo! Applications
Bonjour
Brother MFL-Pro Suite
Calendar Creator 10
Canon Camera WIA Driver
Canon EOS-1D Mark II WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 20D WIA Driver
Canon Utilities EOS Capture 1.2
Canon Utilities EOS Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
CCScore
Cook'n with Betty Crocker
Creative WebCam Notebook Driver (1.04.01.0322)
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2008
Dev-C++ 5 beta 9 release (4.9.9.2)
Digital Media Reader
Discover PC and Windows Basics
DiscwareLite
DivX 5.2.1 (Playback Only)
Documents To Go
Dogz 5
Download Updater (AOL LLC)
Encyclopaedia Britannica CD Installer
EOS Capture 1.2
EOS Viewer Utility 1.2.1
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
EzTune
fflink
FloorPlan 3D v10
GnuCash 2.2.6
Google Chrome
Google SketchUp 7
Google Toolbar for Internet Explorer
Greeting Cards Deluxe
HijackThis 2.0.2
HotFax MessageCenter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hoyle Board Games 2005
Hoyle Card Games 2005
Hoyle Casino 2006 (remove only)
Hoyle Friday Night Poker
Hoyle Games Demo 2005
Hoyle Puzzle Games 2005
Intel Audio Studio
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
iPod for Windows 2006-03-23
iTunes
Java(TM) 6 Update 17
kgcbase
Kodak EasyShare software
Lexmark 2300 Series
Lexmark Fax Solutions
Lexmark Software Uninstall
Linksys Wireless-G USB Network Adapter
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft IntelliPoint 4.1
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Nero BurnRights
Nero OEM
netbrdg
Notifier
OfficeReady Professional 3.0
OfotoXMI
OpenOffice.org Installer 1.0
Palm Desktop
PCmover Professional
PhotoShow Deluxe 4
PhotoStitch
Picasa 3
Plucker 1.6
PowerDVD
Quicken 2005
Quicken WillMaker Plus 2006
QuickTime
Recovery Software Suite Gateway
Safari
SAPI
SBC Yahoo! DSL Home Networking Installer
Seagate Replica v3.0.768.5345
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SHASTA
Shockwave
SigmaTel Audio
skin0001
SKINXSDK
SoftV92 Data Fax Modem with SmartCP
SpongeBob SquarePants Employee of the Month
staticcr
TaxCut New York 2008
TaxCut Premium + State + Efile 2008
tooltips
Trend Micro AntiVirus
Troy Oz Conversion Tool-DEMO 3.10
TrueSwitch Wizard SBC
TurboTax Deluxe 2007
Ulead PhotoImpact 10 SE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
USB Wireless Keyboard Driver
Virtual Earth 3D (Beta)
VPRINTOL
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
WordPerfect Office X3
Yahoo! Search Protection
Yahoo! Software Update
ZIP Reader 8.00.0018

==== Event Viewer Messages From Past Week ========

11/27/2009 9:49:58 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/27/2009 9:49:58 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The WUSB54Gv4SVC service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The McAfee AntiSpyware Real-Time Scanner service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Brother Popup Suspend service for Resource manager service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 5:27:20 PM, error: Service Control Manager [7031] - The Seagate-Replica-SysMon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Restart the service.
11/27/2009 5:27:20 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/27/2009 5:27:12 PM, error: Service Control Manager [7034] - The Trend Micro Unauthorized Change Prevention Service service terminated unexpectedly. It has done this 1 time(s).
11/27/2009 4:45:19 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/27/2009 3:13:35 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\drivers\atapi.sys could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
11/25/2009 12:41:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WUSB54Gv4SVC service.
11/25/2009 12:24:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Seagate-Replica-Service service to connect.
11/25/2009 12:24:36 PM, error: Service Control Manager [7000] - The Seagate-Replica-Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2009 12:24:34 PM, error: Service Control Manager [7031] - The Seagate-Replica-Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2500 milliseconds: Restart the service.
11/25/2009 12:24:29 PM, error: Service Control Manager [7034] - The Portrait Displays Display Tune Service service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 12:24:29 PM, error: Service Control Manager [7034] - The Asset Management Daemon service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 12:24:29 PM, error: Service Control Manager [7031] - The Seagate-Replica-Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2500 milliseconds: Restart the service.
11/25/2009 12:14:30 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 12:14:19 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 12:13:44 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
thyroidnos
Active Member
 
Posts: 11
Joined: November 15th, 2009, 10:32 pm

Re: Stealth search engine

Unread postby shinybeast » November 30th, 2009, 11:44 am

Hello thyroidnos,

A little tidying up to do.

CFScript

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad (Start > Run... > type notepad and press enter)
    Copy the text in the code box below and paste it into notepad.

    Code: Select all
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22702:TCP"=-
    "22702:UDP"=-
    
    FCopy::
    c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys
    
    DDS::
    mRun: [Malwarebytes Anti-Malware (reboot)]
    
    SkipFix::
    

  4. Save this as CFScript.txt in the same location as ComboFix.exe (should be your Desktop)

    Image
  5. Refering to the picture above, drag CFScript.txt and drop it into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

*Do not forget to enable your protection programs before you connect to the internet!*

Please reply with combofix.txt and a new HijackThis log.
Also please inform me if the computer is still behaving as it should. :)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware