Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo (won't Go Away With Vundofix) Popups


  • This topic is locked This topic is locked
16 replies to this topic

#1 HackPolice

HackPolice

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 08 March 2008 - 11:22 PM

Hello, I started working with anti-spyware and anti-virus 4 years ago. I had one of my own computer issues and received help on a similar forum. I joined the staff for that forum and quickly learned how to read hijackthis logs and fix most issues. However, recently I have been helping different people around the world with their own spyware/malware/virus problems. I realize that my skills are outdated. Aside from this topic, is there any way I can receive modern training for fixing such problems? Anyways here is the hijackthis log and the vundofix log from the person's computer that I am trying to fix. I would also really appreciate any feedback on my own fix and possibly an explanation as to why it did not work?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:29 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS .EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Blink\blinktool.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NewDotNet\nnrun.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Blink\blinktool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\shellmon.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://schools.nyc.gov/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhff.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WordReferenceEnEs - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\WordReferenceEnEs\tbu11\wordreferenceEnEs.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Starware Screensavers Toolbar - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\tbu1A\freeze_us.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM57b55f01] Rundll32.exe "C:\WINDOWS\system32\pacdrgva.dll",s
O4 - HKLM\..\Run: [54866c9d] rundll32.exe "C:\WINDOWS\system32\mcgalelr.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kuuu] C:\PROGRA~1\COMMON~1\kuuu\kuuum .exe
O4 - HKCU\..\Run: [FEW] "C:\Program Files\_wef_\sf .exe" /scan
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.43/ttinst.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A95FA0DC-BE45-494F-9C96-D1460D0CA5A0}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Blink Service - Blink.com, Inc. - C:\Program Files\Blink\blinktool.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWl0Y2hlbGw\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vggqqpko.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\rtenedu.html

--
End of file - 10053 bytes

VundoFix V6.7.8

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 5:35:52 PM 2/24/2008

Listing files found while scanning....

C:\WINDOWS\system32\afnltnyr.dll
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\cdxqvkwl.dll
C:\WINDOWS\system32\crvynwwb.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\dgeciagf.dll
C:\WINDOWS\system32\dmumvivp.dll
C:\WINDOWS\system32\ecbcxnaa.dll
C:\WINDOWS\system32\efcbbbx.dll
C:\windows\system32\ffhkj.ini
C:\windows\system32\ffhkj.ini2
C:\windows\system32\gebcy.dll
C:\windows\system32\geeda.dll
C:\windows\system32\jkhff.dll
C:\windows\system32\mljgd.dll
C:\windows\system32\mljjg.dll
C:\WINDOWS\system32\oxyrkwps.dll
C:\windows\system32\oxyrkwps.dllbox
C:\windows\system32\pmkjk.dll
C:\windows\system32\pmnno.dll
C:\windows\system32\ssttt.dll
C:\windows\system32\vtsts.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\afnltnyr.dll
C:\WINDOWS\system32\afnltnyr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdxqvkwl.dll
C:\WINDOWS\system32\cdxqvkwl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\crvynwwb.dll
C:\WINDOWS\system32\crvynwwb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dgeciagf.dll
C:\WINDOWS\system32\dgeciagf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dmumvivp.dll
C:\WINDOWS\system32\dmumvivp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ecbcxnaa.dll
C:\WINDOWS\system32\ecbcxnaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcbbbx.dll
C:\WINDOWS\system32\efcbbbx.dll Could not be deleted.

Attempting to delete C:\windows\system32\ffhkj.ini
C:\windows\system32\ffhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\ffhkj.ini2
C:\windows\system32\ffhkj.ini2 Has been deleted!

Attempting to delete C:\windows\system32\gebcy.dll
C:\windows\system32\gebcy.dll Has been deleted!

Attempting to delete C:\windows\system32\geeda.dll
C:\windows\system32\geeda.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhff.dll
C:\windows\system32\jkhff.dll Has been deleted!

Attempting to delete C:\windows\system32\mljgd.dll
C:\windows\system32\mljgd.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjg.dll
C:\windows\system32\mljjg.dll Has been deleted!

Attempting to delete C:\windows\system32\oxyrkwps.dllbox
C:\windows\system32\oxyrkwps.dllbox Has been deleted!

Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnno.dll
C:\windows\system32\pmnno.dll Has been deleted!

Attempting to delete C:\windows\system32\ssttt.dll
C:\windows\system32\ssttt.dll Has been deleted!

Attempting to delete C:\windows\system32\vtsts.dll
C:\windows\system32\vtsts.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 5:52:14 PM 2/24/2008

Listing files found while scanning....

C:\WINDOWS\system32\efcbbbx.dll
C:\windows\system32\efhkj.ini
C:\windows\system32\efhkj.ini2
C:\windows\system32\jkhfe.dll
C:\windows\system32\jkhff.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcbbbx.dll
C:\WINDOWS\system32\efcbbbx.dll Could not be deleted.

Attempting to delete C:\windows\system32\efhkj.ini
C:\windows\system32\efhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\efhkj.ini2
C:\windows\system32\efhkj.ini2 Has been deleted!

Attempting to delete C:\windows\system32\jkhfe.dll
C:\windows\system32\jkhfe.dll Could not be deleted.

Attempting to delete C:\windows\system32\jkhff.dll
C:\windows\system32\jkhff.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcbbbx.dll
C:\WINDOWS\system32\efcbbbx.dll Could not be deleted.

Attempting to delete C:\windows\system32\efhkj.ini
C:\windows\system32\efhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\efhkj.ini2
C:\windows\system32\efhkj.ini2 Has been deleted!

Attempting to delete C:\windows\system32\jkhfe.dll
C:\windows\system32\jkhfe.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhff.dll
C:\windows\system32\jkhff.dll Has been deleted!

Performing Repairs to the registry.
Done!

Now this is the solution that I told the person to try, which they did but it didn't work. Perhaps it is because they could not locate some of the files I asked them to find?

NOTE: The HijackThis log and Vundofix log are from before the person followed these instructions below.

IMPORTANT: Please Follow ALL of these instructions exactly as stated and in their exact order.

Click Start > Open My Computer.
Select the Tools menu at the top and click Folder Options.
Select the View tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the "Scan for Vundo" button.
Once it's done scanning, click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will tell you that it will reboot your computer,click "OK".
Also, it is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot. Just follow the above instructions starting from "click the 'Scan for Vundo' button" when VundoFix appears on the reboot.
*If VundoFix still cannot delete a file on reboot then add that file to be deleted via HijackThis by following the next instructions and navigating to the file's location.

Start Hijackthis
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to C:\WINDOWS\system32\efcbbbx.dll and click on it once, and then click on the Open button. You will now be asked if you would like to reboot your computer to delete the file. Click on the No button to reboot later ONLY IF you have more file to add to be deleted on reboot. If there are more files to delete, then click the button labeled Delete a file on reboot... again and navigate to that file's location, click it once, and click open. Repeat this process for any other files you might need to add. When you are adding the last file Click the Yes button to reboot now. (If you forget to do this just close HijackThis and reboot your computer normally)

Open HijackThis and Click Do a System Scan Only.
Check the box next to the following entries in HijackThis and click Fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhff.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Starware Screensavers Toolbar - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A
64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [BM57b55f01] Rundll32.exe "C:\WINDOWS\system32\pacdrgva.dll",s
O4 - HKLM\..\Run: [54866c9d] rundll32.exe "C:\WINDOWS\system32\mcgalelr.dll",b
O4 - HKCU\..\Run: [kuuu] C:\PROGRA~1\COMMON~1\kuuu\kuuum .exe
O4 - HKCU\..\Run: [FEW] "C:\Program Files\_wef_\sf .exe" /scan
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWl0Y2hlbGw\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vggqqpko.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

THIS IS VERY IMPORTANT:
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\system32\pacdrgva.dll
C:\WINDOWS\system32\mcgalelr.dll
*Delete the files pacdrgva.dll and mcgalelr.dll

Navigate to the following locations and delete these folders (if they exist):
C:\Program Files\MyWaySA
C:\Program Files\Starware316
C:\PROGRA~1\COMMON~1\kuuu
C:\Program Files\_wef_
C:\WINDOWS\TWl0Y2hlbGw
C:\Program Files\Network Monitor

Download ATF Cleaner here:
http://www.spychecker.com/download/download_atfcleaner.html
Save it to your Desktop.
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Reboot your Computer.

Click Start > Open My Computer.
Select the Tools menu at the top and click Folder Options.
Select the View tab. Under the Hidden files and folders heading:
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.

Thank you, any help is greatly appreciated and will be repayed with my own time devoted to helping others. :thumbsup:

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:30 PM

Posted 09 March 2008 - 07:31 PM

Hi HackPolice and welcome to Bleeping Computer.
I will be handling your log and helping you to get cleaned up.

Please take note of the following:

1. Please do not make any system changes yet. as any changes you make may well alter your log.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Starbuck

BBPP6nz.png


#3 HackPolice

HackPolice
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 10 March 2008 - 04:19 PM

Here is the latest hijackthis log, thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:02 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://schools.nyc.gov/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17E5B992-1D4C-4271-B8D4-1B098E64C470} -
C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {187D574F-5FAC-4F85-8547-CD70727EE89B} -
C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {1B10F514-4CDF-4453-F0B5-13A3928BADC4} -
C:\WINDOWS\system32\sgp.dll (file missing)
O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} -
C:\WINDOWS\system32\byvwwuu.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program
Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {732948de-d602-4abf-94ab-0d4d12b4064a} -
C:\WINDOWS\system32\auhntdl.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -
C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: {8327d7c0-6f55-82c8-65f4-08656bebbbd7} -
{7dbbbeb6-5680-4f56-8c28-55f60c7d7238} - C:\WINDOWS\system32\nlbohtxa.dll (file missing)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} -
C:\WINDOWS\system32\efcbbbx.dll (file missing)
O2 - BHO: TBSB04757 - {A1697815-8A79-4F11-8448-B05E283EFC2B} -
C:\PROGRA~1\FREEZE~1.COM\tbu1A\FREEZE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: XBTP09580 - {B16F8052-1A10-4967-9F98-1A21ECC782F2} -
C:\PROGRA~1\WORDRE~1\tbu11\WORDRE~1.DLL
O2 - BHO: 0 - {D3B99CCB-54F0-4BCD-20AA-B5D53732B5D0} - C:\Program
Files\MSN\qufapy994.dll (file missing)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} -
C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O2 - BHO: (no name) - {EE1F6275-2A1A-4747-98E3-3DFB7A986EDD} - C:\Program
Files\MSN Gaming Zone\meso83122.dll (file missing)
O2 - BHO: (no name) - {FF82225F-0BB3-49FA-82FC-1EABBF3F2096} - C:\Program
Files\MSN Gaming Zone\meso4444.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WordReferenceEnEs - {01E69986-A054-4C52-ABE8-EF63DF1C5211} -
C:\Program Files\WordReferenceEnEs\tbu11\wordreferenceEnEs.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar5.dll
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} -
C:\Program Files\Freeze.com Toolbar\tbu1A\freeze_us.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [54866c9d] rundll32.exe
"C:\WINDOWS\system32\glsgqune.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe
61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E72
8F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [BM57b55f01] Rundll32.exe
"C:\WINDOWS\system32\dceydpdf.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer
720\dlbcserv.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common
Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol
toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\go
ogle\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program
Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} -
C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} -
www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} -
C:\Program Files\Blink\home.js
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader
Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl
Object) -
http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX
Control) - http://a.download.toontown.com/sv1.0.15.43/ttinst.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C}
(CPlayFirstWeddingDashControl Object) -
http://aolsvc.aol.com/onlinegames/free-tri...sh.1.0.0.47.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} -
http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: byvwwuu - C:\WINDOWS\SYSTEM32\byvwwuu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner -
C:\WINDOWS\system32\vggqqpko.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: FreezeScreenSaver - Unknown owner -
C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America
Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\rtenedu.html

--
End of file - 11892 bytes

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:30 PM

Posted 10 March 2008 - 05:07 PM

Hi HackPolice

In my first post i said.....

1. Please do not make any system changes yet. as any changes you make may well alter your log.

The new log you have posted looks completely different to the original.
Any fix i was working on will now have to be completely revised!
By altering things you will only slow down the help i can give you.

Do you want me to continue?

BBPP6nz.png


#5 HackPolice

HackPolice
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 10 March 2008 - 07:06 PM

Sorry Starbuck I was not clear enough in my first post. I stated somewhere towards the end:

NOTE: The HijackThis log and Vundofix log are from before the person followed these instructions below.


The computer still has the same problems that it has always had. I tried to fix it and the first post contains the hijackthis and vundofix logs from BEFORE I tried fixing it. I just now got and posted the recent log. The reason that I was posting the old logs was because I was wondering if anyone could help tell me what I did wrong in my fix and help me understand why the computer was not any better than before. Once again I am truly sorry for misleading you and confusing you. I would greatly appreciate it if you just looked at the new log and helped me fix that at least. If possible, however, I would also like to understand what I was doing wrong in my original fix that I tried to get rid of the malware problems.

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:30 PM

Posted 10 March 2008 - 08:01 PM

Ok, cross wires there.
You would have been better to have just posted the original log.
You actually disguised the main problems a bit by trying to fix them. ( main problems are not as evidant in the 2nd log.)
I'll explain in my fix.

Edited by Starbuck, 10 March 2008 - 08:54 PM.

BBPP6nz.png


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:30 PM

Posted 12 March 2008 - 03:28 AM

Hi HackPolice

I would also like to understand what I was doing wrong in my original fix that I tried to get rid of the malware problems.

In the original Hjt log....
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\LEXPPS .EXE

and
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper .exe

Point to the new Vundo infection..... notice the difference in spacing!
also....
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com

Points to a possible AWF infection.
But none of these were showing in the new log!

We'll still check for them though.

Step 1
You have NewDotNet installed.
First, Download LSPFix.exe to a convenient location. Do NOT run this program yet.
This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:
Start > Control Panel > Add or Remove Programs and remove the following:
New.Net Applications or New.Net Domains (anything that says New.Net / NewDotNet)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Step 2
Please download ComboFix

**Note: It is important that it is saved directly to your desktop**

There are full instructions on how to download and run ComboFix here:
How to use ComboFix
Please follow all the instructions to the letter...(this is very important)

When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. This may cause it to stall

Step 3
Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

Step 4
I'd like to see an Uninstall list.

Open HijackThis... click on Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save..... copy and paste the results in your next post.
More information with a screenshot, can be found here.

In your next reply, please submit:
ComboFix.txt
AWF.txt
Uninstall list
and a new Hjt log.

Thanks

BBPP6nz.png


#8 HackPolice

HackPolice
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 14 March 2008 - 06:22 PM

Thank you for helping me Starbuck. I really appreciate your support! The computer appears to be working fine and there haven't been any popups since running ComboFix.

Here is the ComboFix log:
ComboFix 08-03-10.1 - Candette 2008-03-12 19:39:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.132 [GMT -4:00]
Running from: C:\Documents and Settings\Candette\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\clear.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\cloudy.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\foggy.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\haze.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\mcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\nclear.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\ncloudy.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\nfoggy.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\nmcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\npcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\nrain.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\pcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\rain.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\Tem244D.tmp
C:\Documents and Settings\All Users\Application Data\Starware316\TemE7.tmp
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\LocalService\Application Data\Starware316
C:\Documents and Settings\LocalService\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\LocalService\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316
C:\Documents and Settings\Mitchell\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem104.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem14A.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem14F.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem197.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem244.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem2E.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem2FC.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem3C.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem72.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem73.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Tem92.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\TemB8.tmp
C:\Documents and Settings\Mitchell\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Mitchell\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Mitchell\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Mitchell\My Documents\SEMBLY~1
C:\Documents and Settings\Mitchell\My Documents\SEMBLY~1\??sembly\
C:\Documents and Settings\Mitchell\My Documents\SEMBLY~1\chkntfs .exe
C:\Documents and Settings\Mitchell\My Documents\SEMBLY~1\chkntfs.exe
C:\Documents and Settings\Mitchell\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Mitchell\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Mitchell\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Nicole\Application Data\Starware316
C:\Documents and Settings\Nicole\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\Nicole\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Nicole\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Nicole\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Nicole\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Nicole\Application Data\WinTouch
C:\Documents and Settings\Nicole\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Private\Application Data\Starware316
C:\Documents and Settings\Private\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Private\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Private\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\Private\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Private\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Private\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Private\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Private\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Private\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Private\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\smbols~1\r?ndll32.exe
C:\Program Files\inetget2
C:\Program Files\installer\.lock
C:\Program Files\installer\sfs.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\MSN\rtenedu.html
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\BM57b55f01.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\dinerdash.exe
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\byvwwuu.dll
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Configurator\Configurator.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Games\GamesOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Games\images\active\Games0.bmp
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Manager\ManagerOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Movies\MoviesOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\AlertArchive.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\WeatherOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\WINDOWS\system32\crurmttw.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dceydpdf.dll
C:\WINDOWS\system32\drivers\drv.sys
C:\WINDOWS\system32\drivers\MSKSSRVV.sys
C:\WINDOWS\system32\eujbhujg.dll
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\fkvibbcl.dll
C:\WINDOWS\system32\gyfoafqk.ini
C:\WINDOWS\system32\hgaxmshv.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\iDlo01\iDlo011065.exe
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\kfmpnbmy.dll
C:\WINDOWS\system32\ktcchtpn.ini
C:\WINDOWS\system32\kthsjdla.ini
C:\WINDOWS\system32\kwtnmvmh.dll
C:\WINDOWS\system32\lcbbivkf.ini
C:\WINDOWS\system32\ldtahchq.dll
C:\WINDOWS\system32\lhrqttkx.ini
C:\WINDOWS\system32\lmqjpigg.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\oriltkmn.ini
C:\WINDOWS\system32\owxvrnlm.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pc.dll
C:\WINDOWS\system32\poyfqsjv.ini
C:\WINDOWS\system32\pqtcgqfk.ini
C:\WINDOWS\system32\qdptvrnt.ini
C:\WINDOWS\system32\qjvagjuf.dll
C:\WINDOWS\system32\rjakqrfh.dll
C:\WINDOWS\system32\rlelagcm.ini
C:\WINDOWS\system32\rqhdoopx.dll
C:\WINDOWS\system32\rxbxtytd.ini
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\tfrxulev.dll
C:\WINDOWS\system32\vgrqfhyn.ini
C:\WINDOWS\system32\vpgtmjnt.ini
C:\WINDOWS\system32\vpmimpcy.ini
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vuojhjhw.ini
C:\WINDOWS\system32\vynbsvoq.ini
C:\WINDOWS\system32\wttmrurc.ini
C:\WINDOWS\system32\wvusspn.dll
C:\WINDOWS\system32\xancthok.dll
C:\WINDOWS\system32\ybpxxyys.dll
C:\WINDOWS\system32\yfjvdsri.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_DRV
-------\LEGACY_MSKSSRVV
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_TNIDRIVER
-------\DomainService
-------\MSKSSRVV
-------\TnIDriver


((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-12 19:07 . 2008-03-12 19:07 <DIR> d-------- C:\Program Files\TeamViewer3
2008-03-12 19:07 . 2008-03-12 19:07 <DIR> d-------- C:\Documents and Settings\Candette\Application Data\TeamViewer
2008-03-12 19:07 . 2008-03-12 19:07 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 19:06 . 2008-03-12 19:06 <DIR> d-------- C:\Documents and Settings\Candette\temp
2008-03-11 21:09 . 2008-03-11 21:09 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\AVG7
2008-03-10 18:00 . 2008-03-10 18:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-10 18:00 . 2008-03-10 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 17:20 . 2008-03-10 17:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-10 17:20 . 2008-03-10 17:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 23:37 . 2008-03-09 23:41 <DIR> d-------- C:\Program Files\nvcoi
2008-03-09 23:21 . 2008-03-10 17:01 376,832 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-03-09 23:21 . 2008-03-10 17:01 37,376 --a------ C:\WINDOWS\mrofinu572.exe
2008-03-09 10:51 . 2008-03-09 10:54 <DIR> d-------- C:\Documents and Settings\Mitchell\Application Data\AVG7
2008-03-08 23:11 . 2008-03-10 17:02 <DIR> d-------- C:\Documents and Settings\Candette\Application Data\AVG7
2008-03-08 23:10 . 2008-03-08 23:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-08 23:10 . 2008-03-08 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 23:10 . 2008-03-08 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-08 22:35 . 2008-03-08 23:10 1,307,741 --ahs---- C:\WINDOWS\system32\enuqgslg.ini
2008-03-08 13:12 . 2008-03-08 13:13 1,307,681 --ahs---- C:\WINDOWS\system32\kndistjv.ini
2008-03-07 21:26 . 2008-03-08 13:12 1,307,621 --ahs---- C:\WINDOWS\system32\hwlxicvh.ini
2008-03-06 19:59 . 2008-03-06 19:59 1,307,184 --ahs---- C:\WINDOWS\system32\htrsdwjs.ini
2008-03-05 19:58 . 2008-03-06 19:51 1,307,954 --ahs---- C:\WINDOWS\system32\hwevavfc.ini
2008-03-04 19:53 . 2008-03-05 18:43 1,303,558 --ahs---- C:\WINDOWS\system32\nosebalf.ini
2008-03-04 19:17 . 2008-03-04 19:47 1,303,378 --ahs---- C:\WINDOWS\system32\bralflpp.ini
2008-03-04 17:32 . 2008-03-04 15:32 105,984 --a------ C:\WINDOWS\b152.exe
2008-03-02 21:45 . 2008-03-04 19:13 1,303,258 --ahs---- C:\WINDOWS\system32\gbttklst.ini
2008-03-02 12:26 . 2008-03-02 10:26 73,728 --a------ C:\WINDOWS\b153.exe
2008-02-29 01:10 . 2008-02-29 01:10 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-02-25 11:00 . 2008-02-25 09:00 81,920 --a------ C:\WINDOWS\b154.exe
2008-02-24 18:35 . 2008-03-04 19:46 <DIR> d-------- C:\VundoFix Backups
2008-02-22 22:44 . 2008-02-22 22:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 23:33 . 2008-02-21 23:33 <DIR> d-------- C:\bm2000_AudreyGrant
2008-02-21 23:33 . 2008-02-21 23:33 286,720 --a------ C:\WINDOWS\iun506.exe
2008-02-18 12:26 . 2008-02-18 12:26 338,140 --a------ C:\WINDOWS\system32\RCX8.tmp
2008-02-18 00:29 . 2008-02-22 22:40 <DIR> d-------- C:\Program Files\Registry Defender
2008-02-18 00:01 . 2008-02-18 00:41 <DIR> d-------- C:\c1f9f921a4c88b376ab9
2008-02-17 22:05 . 2003-02-28 19:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-17 19:15 . 2008-02-17 19:15 <DIR> d-------- C:\Documents and Settings\Mitchell\Application Data\PlayFirst
2008-02-17 19:07 . 2008-03-10 17:01 338,432 --a------ C:\WINDOWS\system32\jkhff.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 23:39 --------- d-----w C:\Program Files\installer
2008-03-12 23:06 --------- d-----w C:\Program Files\America Online 8.0
2008-03-10 03:21 41,723 --sh--w C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-03-06 23:50 --------- d-----w C:\Program Files\iTunes
2008-02-29 20:49 --------- d-----w C:\Program Files\Blink
2008-02-18 03:21 --------- d-----w C:\Program Files\SpyDefender Pro
2008-02-18 03:21 --------- d-----w C:\Program Files\MalwareAlarm
2008-02-18 03:21 --------- d-----w C:\Program Files\Dot1XCfg
2008-02-17 00:18 --------- d-----w C:\Program Files\AOL Games
2008-02-11 01:51 --------- d-----w C:\Documents and Settings\Mitchell\Application Data\AdobeUM
2008-01-27 06:39 --------- d-----w C:\Documents and Settings\Mitchell\Application Data\Talkback
2008-01-26 05:07 --------- d-----w C:\Documents and Settings\Candette\Application Data\Lavasoft
2008-01-26 04:30 33,224 ----a-w C:\WINDOWS\xpupdate .exe
2008-01-26 04:13 --------- d-----w C:\Program Files\WordReferenceEnEs
2008-01-26 03:57 --------- d-----w C:\Program Files\iWin Games
2008-01-26 03:54 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-26 03:54 --------- d-----w C:\Program Files\Common Files\kuuu
2008-01-26 02:30 --------- d-----w C:\Program Files\Alwil Software
2008-01-25 19:23 --------- d-----w C:\Program Files\IObit
2008-01-25 07:05 --------- d-----w C:\Documents and Settings\Private\Application Data\Talkback
2008-01-25 02:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-24 23:32 --------- d-----w C:\Documents and Settings\Nicole\Application Data\Talkback
2008-01-23 16:49 10 ----a-w C:\Program Files\.autoreg
2008-01-23 08:13 167,545 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-15 21:52 140,800 --sh--w C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2006-01-26 01:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
<pre>
----a-w			69,632 2008-01-26 04:30:15  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			61,440 2008-01-26 00:00:02  C:\Program Files\Dot1XCfg\Dot1XCfg .exe
----a-w		   579,072 2008-03-10 21:01:51  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w		   219,136 2008-03-10 21:02:24  C:\Program Files\Grisoft\AVG7\avgw .exe
----a-w		   256,576 2008-03-06 23:50:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,694,208 2008-01-26 04:30:27  C:\Program Files\Messenger\msmsgs .exe
----a-w		 1,630,720 2008-01-25 21:20:05  C:\Program Files\SpyDefender Pro\SpyDefender .exe
----a-w		 5,058,560 2008-02-18 04:45:18  C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean .exe
----a-w			33,224 2008-01-26 04:30:23  C:\WINDOWS\xpupdate .exe
----a-w			15,360 2008-03-10 21:01:44  C:\WINDOWS\system32\ctfmon .exe
----a-w		   174,592 2008-03-10 21:00:45  C:\WINDOWS\system32\lexpps .exe
</pre>


((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 339,968 2005-03-30 02:05:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 81,920 2004-07-27 21:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 221,184 2004-07-27 21:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 53,248 2005-02-23 21:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 86,016 2005-01-27 06:02:00 C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe

----a-w 460,784 2007-03-15 15:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 1,838,592 2007-08-17 04:06:14 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe

----a-w 68,856 2007-06-21 18:14:05 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 256,576 2006-10-30 14:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 32,881 2003-11-19 22:48:14 C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe

----a-w 1,327,104 2004-08-22 20:31:28 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe

----a-w 1,767 2007-11-02 18:58:30 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTrayErrors.txt

----a-w 53,248 2004-09-14 13:50:48 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

----a-w 131,072 2004-09-14 13:50:48 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 26,112 2006-10-16 02:45:39 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 77,824 2005-04-06 07:19:18 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-04-06 07:23:14 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-04-06 07:22:32 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 127,035 2004-12-06 06:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17E5B992-1D4C-4271-B8D4-1B098E64C470}]
C:\WINDOWS\system32\jkhfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{187D574F-5FAC-4F85-8547-CD70727EE89B}]
C:\WINDOWS\system32\jkhff.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B10F514-4CDF-4453-F0B5-13A3928BADC4}]
C:\WINDOWS\system32\sgp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3615EE58-6F38-47BA-9DD9-C99BD611C6A6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{732948de-d602-4abf-94ab-0d4d12b4064a}]
C:\WINDOWS\system32\auhntdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7dbbbeb6-5680-4f56-8c28-55f60c7d7238}]
C:\WINDOWS\system32\nlbohtxa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1697815-8A79-4F11-8448-B05E283EFC2B}]
2007-02-20 20:36 868424 --a------ C:\PROGRA~1\FREEZE~1.COM\tbu1A\FREEZE~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3629775-F423-4B91-A096-153BCF14AA81}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3B99CCB-54F0-4BCD-20AA-B5D53732B5D0}]
C:\Program Files\MSN\qufapy994.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE1F6275-2A1A-4747-98E3-3DFB7A986EDD}]
C:\Program Files\MSN Gaming Zone\meso83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF82225F-0BB3-49FA-82FC-1EABBF3F2096}]
C:\Program Files\MSN Gaming Zone\meso4444.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\STSYSTRA.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"54866c9d"="C:\WINDOWS\system32\glsgqune.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 14:04 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 8.0 Tray Icon.lnk - C:\Program Files\America Online 8.0\aoltray.exe [2006-10-15 22:45:07 36940]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-06 22:51:35 24576]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-09-24 19:48:00 315392]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 05:47:22 151552]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16:12:08 16423]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YourScreen.lnk
backup=C:\WINDOWS\pss\YourScreen.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2006-12-13 17:15 2785256 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\lexpps .exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 15:55]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 16:12]

.
Contents of the 'Scheduled Tasks' folder
"2007-07-23 19:50:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 22:26:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-12 22:33:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 02:33:51
.
2008-03-12 23:07:35 --- E O F ---


Here is the AWF Finder log:


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Fri 03/14/2008
The current time is: 19:06:17.40


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 10:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/25/2006 07:58 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/06/2005 03:19 AM 77,824 hkcmd.exe
04/06/2005 03:23 AM 114,688 igfxpers.exe
04/06/2005 03:22 AM 94,208 igfxtray.exe
3 File(s) 286,720 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

03/29/2005 10:05 PM 339,968 atiptaxx.exe
1 File(s) 339,968 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 05:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

01/27/2005 02:02 AM 86,016 DMXLauncher.exe
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

08/17/2007 12:06 AM 1,838,592 GoogleDesktop.exe
1 File(s) 1,838,592 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

06/21/2007 02:14 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

08/22/2004 04:31 PM 1,327,104 MpfTray.exe
11/02/2007 02:58 PM 1,767 MpfTrayErrors.txt
2 File(s) 1,328,871 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

09/14/2004 09:50 AM 131,072 mm_tray.exe
09/14/2004 09:50 AM 53,248 mmtask.exe
2 File(s) 184,320 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

10/15/2006 10:45 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 02:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 05:50 PM 81,920 issch.exe
07/27/2004 05:50 PM 221,184 isuspm.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

11/19/2003 06:48 PM 32,881 jusched.exe
1 File(s) 32,881 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Feb 16 2008 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
77824 Apr 6 2005 "C:\DRIVERS\VIDEO\ONBOARD\HKCMD.EXE"
77824 Apr 6 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Apr 6 2005 "C:\DRIVERS\VIDEO\ONBOARD\IGFXPERS.EXE"
114688 Apr 6 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Apr 6 2005 "C:\DRIVERS\VIDEO\ONBOARD\IGFXTRAY.EXE"
94208 Apr 6 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
339968 Mar 29 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
86016 Jan 27 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
98304 Oct 5 2007 "C:\My Games\Big Island Blends\googlestubinst.exe"
98304 Oct 6 2007 "C:\My Games\Build-a-lot\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Cake Mania™ 2\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Delicious 2 Deluxe\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Delicious Deluxe\googlestubinst.exe"
98304 Dec 7 2007 "C:\My Games\Diner Dash - Hometown Hero\googlestubinst.exe"
98304 Nov 16 2007 "C:\My Games\Jane's Hotel\googlestubinst.exe"
98304 Oct 2 2007 "C:\My Games\JEOPARDY! 2\googlestubinst.exe"
98304 Oct 2 2007 "C:\My Games\Sally's Salon\googlestubinst.exe"
98304 Nov 17 2007 "C:\My Games\The Scruffs\googlestubinst.exe"
52272 Jan 26 2007 "C:\Program Files\Google\googletoolbar5user.exe"
743016 Jan 25 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
1507328 Jan 25 2006 "C:\Program Files\Real\RealArcade\GoogleInstApp.exe"
138168 Jan 26 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
1838592 Aug 17 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1838592 Aug 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1838592 Aug 17 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
68856 Jun 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
98304 Oct 5 2007 "C:\My Games\Big Island Blends\googlestubinst.exe"
98304 Oct 6 2007 "C:\My Games\Build-a-lot\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Cake Mania™ 2\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Delicious 2 Deluxe\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Delicious Deluxe\googlestubinst.exe"
98304 Dec 7 2007 "C:\My Games\Diner Dash - Hometown Hero\googlestubinst.exe"
98304 Nov 16 2007 "C:\My Games\Jane's Hotel\googlestubinst.exe"
98304 Oct 2 2007 "C:\My Games\JEOPARDY! 2\googlestubinst.exe"
98304 Oct 2 2007 "C:\My Games\Sally's Salon\googlestubinst.exe"
98304 Nov 17 2007 "C:\My Games\The Scruffs\googlestubinst.exe"
52272 Jan 26 2007 "C:\Program Files\Google\googletoolbar5user.exe"
743016 Jan 25 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
1507328 Jan 25 2006 "C:\Program Files\Real\RealArcade\GoogleInstApp.exe"
138168 Jan 26 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
1838592 Aug 17 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1838592 Aug 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1838592 Aug 17 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
68856 Jun 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1327104 Aug 22 2004 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
1767 Nov 2 2007 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTrayErrors.txt"
53248 May 26 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmtask.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe"
135168 May 26 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
26112 Oct 15 2006 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"


end of report

Here is the HijackThis Uninstall log:

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Toolbar 4.0
AOLIcon
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG 7.5
Babylon
Belle's Beauty Boutique (remove only)
Betty's Beer Bar
Blink Search 1.1 build 152
Bridge Master 2000 Audrey Grant
CardRd81
CCScore
Cinema Tycoon (remove only)
Clinton Blues Screen Saver
Conexant D850 56K V.9x DFVc Modem
CR2
Delicious Deluxe (remove only)
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio v3.0
DellSupport
Digital Line Detect
Diner Dash - Flo on the Go (remove only)
Diner Dash (remove only)
Diner Dash 2 (remove only)
Disney's Toontown Online
Dream Day Wedding (remove only)
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Family Feud (remove only)
Family Feud 2 (remove only)
Family Feud Holiday Bundle (remove only)
Family Feud Hollywood Edition (remove only)
Family Restaurant
Freeze.com Toolbar
Fruit Fall Deluxe (remove only)
Gap Snow Day
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
Granny in Paradise (remove only)
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections
Intel® PROSafe for Wired Connections
Internet Explorer Default Page
iTunes
iWin Games (remove only)
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Living 3D Waterfalls Screen Saver
Macromedia Flash Player
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Helper
Mozilla Firefox (2.0.0.7)
MSN
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MyWay Search Assistant
NetWaiting
NetZeroInstallers
Notifier
OTOY
OTtBP
OTtBPSDK
Pdf995
PdfEdit995
Photo Click
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickTime
RealArcade
RealPlayer Basic
Registry Defender
Roll
Roller Rush (remove only)
Saints and Sinners Bowling (remove only)
Sandlot Games Client Services
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SFR
SHASTA
Shopmania (remove only)
SKIN0001
SKINXSDK
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpongeBob Diner Dash (remove only)
Spybot - Search & Destroy
SpywareBlaster 4.0
Super Granny 3 (remove only)
TaxCut Premium 2006
TeamViewer 3
Teddy Factory (remove only)
Tennis Titans
The Poppit Show (remove only)
TI Connect 1.6
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Verizon Online
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
Wheel of Fortune (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
Winferno Registry Power Cleaner
WIRELESS
Wonderful Wizard of Oz
WordPerfect Office 12
WordReferenceEnEs
YourScreen

Here is the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:53 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://schools.nyc.gov/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17E5B992-1D4C-4271-B8D4-1B098E64C470} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {187D574F-5FAC-4F85-8547-CD70727EE89B} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {1B10F514-4CDF-4453-F0B5-13A3928BADC4} - C:\WINDOWS\system32\sgp.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {732948de-d602-4abf-94ab-0d4d12b4064a} - C:\WINDOWS\system32\auhntdl.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: {8327d7c0-6f55-82c8-65f4-08656bebbbd7} - {7dbbbeb6-5680-4f56-8c28-55f60c7d7238} - C:\WINDOWS\system32\nlbohtxa.dll (file missing)
O2 - BHO: TBSB04757 - {A1697815-8A79-4F11-8448-B05E283EFC2B} - C:\PROGRA~1\FREEZE~1.COM\tbu1A\FREEZE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: XBTP09580 - {B16F8052-1A10-4967-9F98-1A21ECC782F2} - C:\PROGRA~1\WORDRE~1\tbu11\WORDRE~1.DLL
O2 - BHO: 0 - {D3B99CCB-54F0-4BCD-20AA-B5D53732B5D0} - C:\Program Files\MSN\qufapy994.dll (file missing)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O2 - BHO: (no name) - {EE1F6275-2A1A-4747-98E3-3DFB7A986EDD} - C:\Program Files\MSN Gaming Zone\meso83122.dll (file missing)
O2 - BHO: (no name) - {FF82225F-0BB3-49FA-82FC-1EABBF3F2096} - C:\Program Files\MSN Gaming Zone\meso4444.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WordReferenceEnEs - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\WordReferenceEnEs\tbu11\wordreferenceEnEs.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [54866c9d] rundll32.exe "C:\WINDOWS\system32\glsgqune.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.43/ttinst.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...sh.1.0.0.47.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11209 bytes

Once again, Starbuck, I really appreciate the work that you and your fellow volunteers put in to helping others. Thank you for everything! If I could I would recommend that you be promoted to the offiical HJT Team! :thumbsup:

#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:30 PM

Posted 16 March 2008 - 07:52 PM

Hi HackPolice,

Ok, we've taken out a big chunk of the malware, but there's still loads of work to do.

Step 1
Please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes.
You can enable it again after you're clean.
Open Spybot and click on 'Mode' then click 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.

Reboot the computer.

Step 2
You have some dubious/Rogue programs installed on your system:
Freeze.com Toolbar ... Freeze.com Toolbar is a toolbar that makes unwanted changes to your browser, such as reconfiguring browser’s search settings. It tracks browsing and search queries.
It is recommended that you remove this, but it's up to you..

Winferno Registry Power Cleaner ...This is classed as a 'Low Risk Software'. A Low Risk Software application may be a program that you knowingly and deliberately installed and that you wish to keep. Although some Low Risk Software programs may track online habits
It is recommended that you remove this, but it's up to you..

Registry Defender ... This is classed as a 'Rogue Security Program'. A Rogue Security Program is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.
It is recommended that you remove this.

To remove these programs:
Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following if they exist:

Freeze.com Toolbar
Winferno Registry Power Cleaner
Registry Defender


Step 3
Run Hijackthis again, click scan, and Put a checkmark next to each of these items.
O2 - BHO: (no name) - {17E5B992-1D4C-4271-B8D4-1B098E64C470} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {187D574F-5FAC-4F85-8547-CD70727EE89B} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {1B10F514-4CDF-4453-F0B5-13A3928BADC4} - C:\WINDOWS\system32\sgp.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {732948de-d602-4abf-94ab-0d4d12b4064a} - C:\WINDOWS\system32\auhntdl.dll (file missing)
O2 - BHO: {8327d7c0-6f55-82c8-65f4-08656bebbbd7} - {7dbbbeb6-5680-4f56-8c28-55f60c7d7238} - C:\WINDOWS\system32\nlbohtxa.dll (file missing)
O2 - BHO: 0 - {D3B99CCB-54F0-4BCD-20AA-B5D53732B5D0} - C:\Program Files\MSN\qufapy994.dll (file missing)
O2 - BHO: (no name) - {EE1F6275-2A1A-4747-98E3-3DFB7A986EDD} - C:\Program Files\MSN Gaming Zone\meso83122.dll (file missing)
O2 - BHO: (no name) - {FF82225F-0BB3-49FA-82FC-1EABBF3F2096} - C:\Program Files\MSN Gaming Zone\meso4444.dll (file missing)
O4 - HKLM\..\Run: [54866c9d] rundll32.exe "C:\WINDOWS\system32\glsgqune.dll",b


Optional
O2 - BHO: TBSB04757 - {A1697815-8A79-4F11-8448-B05E283EFC2B} - C:\PROGRA~1\FREEZE~1.COM\tbu1A\FREEZE~1.DLL
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll

If you removed: 'Freeze.com Toolbar'

Then close all other windows, browers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Reboot your computer to complete the process.

Step 4
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
RenV::
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Grisoft\AVG7\avgcc .exe
C:\Program Files\Grisoft\AVG7\avgw .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Messenger\msmsgs .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\lexpps .exe

File::
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\enuqgslg.ini
C:\WINDOWS\system32\kndistjv.ini
C:\WINDOWS\system32\hwlxicvh.ini
C:\WINDOWS\system32\htrsdwjs.ini
C:\WINDOWS\system32\hwevavfc.ini
C:\WINDOWS\system32\nosebalf.ini
C:\WINDOWS\system32\bralflpp.ini
C:\WINDOWS\b152.exe
C:\WINDOWS\system32\gbttklst.ini
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\system32\RCX8.tmp
C:\WINDOWS\system32\jkhff.exe
C:\WINDOWS\system32\glsgqune.dll
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\xpupdate .exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe

Folder::
C:\VundoFix Backups
C:\Program Files\MalwareAlarm
C:\Program Files\SpyDefender Pro
C:\Program Files\Dot1XCfg
C:\Program Files\Common Files\Sandlot Shared

Driver::
FreezeScreenSaver

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

DirLook::
C:\c1f9f921a4c88b376ab9
Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.
Posted Image

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

Step 5
You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\Program Files\DellSupport\bak\DSAgnt.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
"C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTrayErrors.txt"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
"C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
"C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

Step 6
Make sure that you can see hidden files.
  • Click Start.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
Step 7
There's a file on your system that i need checked out please.

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\.autoreg

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

In your next reply, please submit:
New ComboFix.txt
New AWF.txt
Jotti scan result
and a new Hjt log.

Thanks.

BBPP6nz.png


#10 HackPolice

HackPolice
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 23 March 2008 - 06:32 PM

Thanks for the help Starbuck! :thumbsup:

There was one entry that I could not find in HijackThis so I couldn't fix it. This is the entry:
O2 - BHO: TBSB04757 - {A1697815-8A79-4F11-8448-B05E283EFC2B} - C:\PROGRA~1\FREEZE~1.COM\tbu1A\FREEZE~1.DLL


Here is the ComboFix log:

ComboFix 08-03-22.1 - Candette 2008-03-23 18:55:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.213 [GMT -4:00]
Running from: C:\Documents and Settings\Candette\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Candette\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\bralflpp.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\enuqgslg.ini
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\system32\gbttklst.ini
C:\WINDOWS\system32\glsgqune.dll
C:\WINDOWS\system32\htrsdwjs.ini
C:\WINDOWS\system32\hwevavfc.ini
C:\WINDOWS\system32\hwlxicvh.ini
C:\WINDOWS\system32\jkhff.exe
C:\WINDOWS\system32\kndistjv.ini
C:\WINDOWS\system32\nosebalf.ini
C:\WINDOWS\system32\RCX8.tmp
C:\WINDOWS\xpupdate .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Candette\first.main
C:\Documents and Settings\Candette\wef.log
C:\Program Files\Common Files\Sandlot Shared
C:\Program Files\Common Files\Sandlot Shared\slgsvs.dll
C:\Program Files\Common Files\Sandlot Shared\unins000.dat
C:\Program Files\Common Files\Sandlot Shared\unins000.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Dot1XCfg
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\Uninstall.exe
C:\Program Files\SpyDefender Pro
C:\Program Files\SpyDefender Pro\SpyDefender .exe
C:\VundoFix Backups
C:\VundoFix Backups\accdd.ini.bad
C:\VundoFix Backups\accdd.ini2.bad
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\awtqo.dll.bad
C:\VundoFix Backups\awvtt.dll.bad
C:\VundoFix Backups\bntajfrj.dll.bad
C:\VundoFix Backups\bqgpwirm.dll.bad
C:\VundoFix Backups\cjolcnwk.dll.bad
C:\VundoFix Backups\crvynwwb.dll.bad
C:\VundoFix Backups\ddaya.dll.bad
C:\VundoFix Backups\ddcca.dll.bad
C:\VundoFix Backups\efcbbbx.dll.bad
C:\VundoFix Backups\efhkj.ini.bad
C:\VundoFix Backups\efhkj.ini2.bad
C:\VundoFix Backups\ffhkj.ini.bad
C:\VundoFix Backups\ffhkj.ini2.bad
C:\VundoFix Backups\gebcy.dll.bad
C:\VundoFix Backups\geeda.dll.bad
C:\VundoFix Backups\jkhfe.dll.bad
C:\VundoFix Backups\jkhff.dll.bad
C:\VundoFix Backups\mljgd.dll.bad
C:\VundoFix Backups\mljjg.dll.bad
C:\VundoFix Backups\oxyrkwps.dllbox.bad
C:\VundoFix Backups\pmkjk.dll.bad
C:\VundoFix Backups\pmnno.dll.bad
C:\VundoFix Backups\qybtjcdo.dll.bad
C:\VundoFix Backups\qybtjcdo.dllbox.bad
C:\VundoFix Backups\ssttt.dll.bad
C:\VundoFix Backups\vtsts.dll.bad
C:\VundoFix Backups\zxjuagny.dll.bad
C:\VundoFix Backups\zxjuagny.dllbox.bad
C:\WINDOWS\b138.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\bralflpp.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\enuqgslg.ini
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\system32\gbttklst.ini
C:\WINDOWS\system32\htrsdwjs.ini
C:\WINDOWS\system32\hwevavfc.ini
C:\WINDOWS\system32\hwlxicvh.ini
C:\WINDOWS\system32\jkhff.exe
C:\WINDOWS\system32\kndistjv.ini
C:\WINDOWS\system32\nosebalf.ini
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCX8.tmp
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\xpupdate .exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FREEZESCREENSAVER
-------\Service_FreezeScreenSaver


((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-12 19:07 . 2008-03-12 19:07 <DIR> d-------- C:\Program Files\TeamViewer3
2008-03-12 19:07 . 2008-03-12 19:07 <DIR> d-------- C:\Documents and Settings\Candette\Application Data\TeamViewer
2008-03-12 19:07 . 2008-03-12 19:07 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 19:06 . 2008-03-12 19:06 <DIR> d-------- C:\Documents and Settings\Candette\temp
2008-03-11 21:09 . 2008-03-11 21:09 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\AVG7
2008-03-10 18:00 . 2008-03-10 18:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-10 18:00 . 2008-03-10 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 17:20 . 2008-03-14 19:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-10 17:20 . 2008-03-14 19:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 23:37 . 2008-03-22 15:13 <DIR> d-------- C:\Program Files\nvcoi
2008-03-09 10:51 . 2008-03-23 12:16 <DIR> d-------- C:\Documents and Settings\Mitchell\Application Data\AVG7
2008-03-08 23:11 . 2008-03-23 13:37 <DIR> d-------- C:\Documents and Settings\Candette\Application Data\AVG7
2008-03-08 23:10 . 2008-03-08 23:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-08 23:10 . 2008-03-08 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 23:10 . 2008-03-08 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-29 01:10 . 2008-02-29 01:10 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 22:05 --------- d-----w C:\Program Files\America Online 8.0
2008-03-22 22:51 --------- d-----w C:\Program Files\iWin.com
2008-03-22 22:47 --------- d-----w C:\Program Files\AOL Games
2008-03-22 18:14 --------- d-----w C:\Program Files\iTunes
2008-03-22 17:48 --------- d-----w C:\Program Files\Registry Defender
2008-03-22 17:47 --------- d-----w C:\Program Files\Freeze.com Toolbar
2008-03-15 02:31 --------- d-----w C:\Documents and Settings\Candette\Application Data\Apple Computer
2008-03-12 23:39 --------- d-----w C:\Program Files\installer
2008-03-10 21:00 174,592 ----a-w C:\WINDOWS\system32\lexpps.exe
2008-02-29 20:49 --------- d-----w C:\Program Files\Blink
2008-02-23 02:44 --------- d-----w C:\Program Files\Trend Micro
2008-02-22 03:33 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-02-17 23:15 --------- d-----w C:\Documents and Settings\Mitchell\Application Data\PlayFirst
2008-02-11 01:51 --------- d-----w C:\Documents and Settings\Mitchell\Application Data\AdobeUM
2008-01-27 06:39 --------- d-----w C:\Documents and Settings\Mitchell\Application Data\Talkback
2008-01-26 05:07 --------- d-----w C:\Documents and Settings\Candette\Application Data\Lavasoft
2008-01-26 04:13 --------- d-----w C:\Program Files\WordReferenceEnEs
2008-01-26 03:54 --------- d-----w C:\Program Files\Common Files\kuuu
2008-01-26 02:30 --------- d-----w C:\Program Files\Alwil Software
2008-01-25 19:23 --------- d-----w C:\Program Files\IObit
2008-01-25 07:05 --------- d-----w C:\Documents and Settings\Private\Application Data\Talkback
2008-01-25 02:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-24 23:32 --------- d-----w C:\Documents and Settings\Nicole\Application Data\Talkback
2008-01-23 16:49 10 ----a-w C:\Program Files\.autoreg
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-01-26 01:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
<pre>
----a-w		 5,058,560 2008-02-18 04:45:18  C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean .exe
</pre>


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\c1f9f921a4c88b376ab9 ----

2008-02-04 16:09 37496 --a------ C:\c1f9f921a4c88b376ab9\mrtstub.exe
2008-02-04 16:09 18214008 --a------ C:\c1f9f921a4c88b376ab9\mrt.exe


((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 339,968 2005-03-30 02:05:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 81,920 2004-07-27 21:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
----a-w 69,632 2008-01-26 04:30:15 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

----a-w 221,184 2004-07-27 21:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 53,248 2005-02-23 21:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 86,016 2005-01-27 06:02:00 C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe

----a-w 460,784 2007-03-15 15:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 1,838,592 2007-08-17 04:06:14 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe

----a-w 68,856 2007-06-21 18:14:05 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 256,576 2006-10-30 14:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 256,576 2008-03-06 23:50:59 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 32,881 2003-11-19 22:48:14 C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe

----a-w 1,327,104 2004-08-22 20:31:28 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe

----a-w 1,767 2007-11-02 18:58:30 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTrayErrors.txt

----a-w 53,248 2004-09-14 13:50:48 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

----a-w 131,072 2004-09-14 13:50:48 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 26,112 2006-10-16 02:45:39 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 77,824 2005-04-06 07:19:18 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-04-06 07:23:14 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-04-06 07:22:32 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 127,035 2004-12-06 06:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\STSYSTRA.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-06 19:50 256576]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-10 17:01 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-10 17:02 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 14:04 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 8.0 Tray Icon.lnk - C:\Program Files\America Online 8.0\aoltray.exe [2006-10-15 22:45:07 36940]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-06 22:51:35 24576]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-09-24 19:48:00 315392]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 05:47:22 151552]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16:12:08 16423]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YourScreen.lnk
backup=C:\WINDOWS\pss\YourScreen.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2006-12-13 17:15 2785256 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 16:12]

.
Contents of the 'Scheduled Tasks' folder
"2007-07-23 19:50:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 19:01:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-23 19:03:13
ComboFix-quarantined-files.txt 2008-03-23 23:02:57
ComboFix2.txt 2008-03-13 02:33:56
.
2008-03-12 23:07:35 --- E O F ---

Here is the AWF log:


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Sun 03/23/2008
The current time is: 19:07:56.34


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 10:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/25/2006 07:58 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/06/2005 03:19 AM 77,824 hkcmd.exe
04/06/2005 03:23 AM 114,688 igfxpers.exe
04/06/2005 03:22 AM 94,208 igfxtray.exe
3 File(s) 286,720 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

03/29/2005 10:05 PM 339,968 atiptaxx.exe
1 File(s) 339,968 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 05:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

01/27/2005 02:02 AM 86,016 DMXLauncher.exe
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

08/17/2007 12:06 AM 1,838,592 GoogleDesktop.exe
1 File(s) 1,838,592 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

06/21/2007 02:14 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

08/22/2004 04:31 PM 1,327,104 MpfTray.exe
11/02/2007 02:58 PM 1,767 MpfTrayErrors.txt
2 File(s) 1,328,871 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

09/14/2004 09:50 AM 131,072 mm_tray.exe
09/14/2004 09:50 AM 53,248 mmtask.exe
2 File(s) 184,320 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

10/15/2006 10:45 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 02:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 05:50 PM 81,920 issch.exe
07/27/2004 05:50 PM 221,184 isuspm.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

11/19/2003 06:48 PM 32,881 jusched.exe
1 File(s) 32,881 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Feb 16 2008 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\qttask.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
77824 Apr 6 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Apr 6 2005 "C:\DRIVERS\VIDEO\ONBOARD\HKCMD.EXE"
77824 Apr 6 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Apr 6 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Apr 6 2005 "C:\DRIVERS\VIDEO\ONBOARD\IGFXPERS.EXE"
114688 Apr 6 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Apr 6 2005 "C:\WINDOWS\system32\igfxtray.exe"
94208 Apr 6 2005 "C:\DRIVERS\VIDEO\ONBOARD\IGFXTRAY.EXE"
94208 Apr 6 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
339968 Mar 29 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
339968 Mar 29 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
86016 Jan 27 2005 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
86016 Jan 27 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
98304 Oct 5 2007 "C:\My Games\Big Island Blends\googlestubinst.exe"
98304 Oct 6 2007 "C:\My Games\Build-a-lot\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Cake Mania™ 2\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Delicious 2 Deluxe\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Delicious Deluxe\googlestubinst.exe"
98304 Dec 7 2007 "C:\My Games\Diner Dash - Hometown Hero\googlestubinst.exe"
98304 Nov 16 2007 "C:\My Games\Jane's Hotel\googlestubinst.exe"
98304 Oct 2 2007 "C:\My Games\JEOPARDY! 2\googlestubinst.exe"
98304 Oct 2 2007 "C:\My Games\Sally's Salon\googlestubinst.exe"
98304 Nov 17 2007 "C:\My Games\The Scruffs\googlestubinst.exe"
52272 Jan 26 2007 "C:\Program Files\Google\googletoolbar5user.exe"
743016 Jan 25 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
68856 Jun 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1507328 Jan 25 2006 "C:\Program Files\Real\RealArcade\GoogleInstApp.exe"
138168 Jan 26 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
1838592 Aug 17 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1838592 Aug 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1838592 Aug 17 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
68856 Jun 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
98304 Oct 5 2007 "C:\My Games\Big Island Blends\googlestubinst.exe"
98304 Oct 6 2007 "C:\My Games\Build-a-lot\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Cake Mania™ 2\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Delicious 2 Deluxe\googlestubinst.exe"
98304 Sep 21 2007 "C:\My Games\Delicious Deluxe\googlestubinst.exe"
98304 Dec 7 2007 "C:\My Games\Diner Dash - Hometown Hero\googlestubinst.exe"
98304 Nov 16 2007 "C:\My Games\Jane's Hotel\googlestubinst.exe"
98304 Oct 2 2007 "C:\My Games\JEOPARDY! 2\googlestubinst.exe"
98304 Oct 2 2007 "C:\My Games\Sally's Salon\googlestubinst.exe"
98304 Nov 17 2007 "C:\My Games\The Scruffs\googlestubinst.exe"
52272 Jan 26 2007 "C:\Program Files\Google\googletoolbar5user.exe"
743016 Jan 25 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
68856 Jun 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1507328 Jan 25 2006 "C:\Program Files\Real\RealArcade\GoogleInstApp.exe"
138168 Jan 26 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
1838592 Aug 17 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1838592 Aug 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1838592 Aug 17 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
68856 Jun 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1327104 Aug 22 2004 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"
1327104 Aug 22 2004 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
1767 Nov 2 2007 "C:\Program Files\McAfee.com\Personal Firewall\MpfTrayErrors.txt"
1767 Nov 2 2007 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTrayErrors.txt"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
53248 May 26 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmtask.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe"
135168 May 26 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
26112 Oct 15 2006 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Oct 15 2006 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"


end of report

The Jotti Scan said that the .autoreg file was OK. All of the scanners reported: Found Nothing.

Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:55 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://schools.nyc.gov/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17E5B992-1D4C-4271-B8D4-1B098E64C470} - (no file)
O2 - BHO: (no name) - {187D574F-5FAC-4F85-8547-CD70727EE89B} - (no file)
O2 - BHO: (no name) - {1B10F514-4CDF-4453-F0B5-13A3928BADC4} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {732948de-d602-4abf-94ab-0d4d12b4064a} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7dbbbeb6-5680-4f56-8c28-55f60c7d7238} - (no file)
O2 - BHO: (no name) - {A1697815-8A79-4F11-8448-B05E283EFC2B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: XBTP09580 - {B16F8052-1A10-4967-9F98-1A21ECC782F2} - C:\PROGRA~1\WORDRE~1\tbu11\WORDRE~1.DLL
O2 - BHO: (no name) - {D3B99CCB-54F0-4BCD-20AA-B5D53732B5D0} - (no file)
O2 - BHO: (no name) - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - (no file)
O2 - BHO: (no name) - {EE1F6275-2A1A-4747-98E3-3DFB7A986EDD} - (no file)
O2 - BHO: (no name) - {FF82225F-0BB3-49FA-82FC-1EABBF3F2096} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WordReferenceEnEs - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\WordReferenceEnEs\tbu11\wordreferenceEnEs.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.15.43/ttinst.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...sh.1.0.0.47.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10570 bytes

Once again thanks for all the help!

#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:30 PM

Posted 23 March 2008 - 07:33 PM

Thanks HackPolice

It'll take me awhile to go through these reports.
Bang goes my bank holiday monday lol
I'll get back to you soon.

Starbuck.

BBPP6nz.png


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:30 PM

Posted 25 March 2008 - 12:15 AM

Hi HackPolice

Thanks for the help Starbuck!

You are very welcome.

Step 1
Run Hijackthis again, click scan, and Put a checkmark next to each of these items.
O2 - BHO: (no name) - {17E5B992-1D4C-4271-B8D4-1B098E64C470} - (no file)
O2 - BHO: (no name) - {187D574F-5FAC-4F85-8547-CD70727EE89B} - (no file)
O2 - BHO: (no name) - {1B10F514-4CDF-4453-F0B5-13A3928BADC4} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {732948de-d602-4abf-94ab-0d4d12b4064a} - (no file)
O2 - BHO: (no name) - {7dbbbeb6-5680-4f56-8c28-55f60c7d7238} - (no file)
O2 - BHO: (no name) - {A1697815-8A79-4F11-8448-B05E283EFC2B} - (no file)
O2 - BHO: (no name) - {D3B99CCB-54F0-4BCD-20AA-B5D53732B5D0} - (no file)
O2 - BHO: (no name) - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - (no file)
O2 - BHO: (no name) - {EE1F6275-2A1A-4747-98E3-3DFB7A986EDD} - (no file)
O2 - BHO: (no name) - {FF82225F-0BB3-49FA-82FC-1EABBF3F2096} - (no file)

Then close all other windows, browers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Reboot your computer to complete the process.

Step 2
Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\DellSupport\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell\Media Experience\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\McAfee.com\Personal Firewall\bak
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Java\j2re1.4.2_03\bin\bak
C:\WINDOWS\system32\dla\bak
C:\WINDOWS\system32\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

Step 3
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

Note: if you didn't remove Registry Power Cleaner in the previous fix.... please leave out this line:
C:\Program Files\Winferno


Folder::
C:\Program Files\Freeze.com Toolbar
C:\Program Files\Winferno
Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.
Posted Image

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

In your next reply, please submit:
New AWF.txt
New ComboFix.txt
and a new Hjt log.

Thanks.

BBPP6nz.png


#13 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:06:30 AM

Posted 07 April 2008 - 09:40 AM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

#14 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:06:30 AM

Posted 07 April 2008 - 09:51 PM

user returned and will add the requested info in a few days

#15 HackPolice

HackPolice
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 12 April 2008 - 06:18 PM

Thanks for the help Starbuck! The computer appears to be working flawlessly. I removed some of the unnecessary startup entries (Kodak, AOL tray, ITunes) so that it would start up and run a little bit faster.

AWF log:


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Sat 04/12/2008
The current time is: 18:27:29.60


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

ComboFix log:

ComboFix 08-04-12.4 - Candette 2008-04-12 18:45:31.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.167 [GMT -4:00]
Running from: C:\Documents and Settings\Candette\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Candette\Desktop\CFScript.txt
* Created a new restore point
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Freeze.com Toolbar
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\Program Files\Winferno
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean .exe
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-05 20:07 . 2008-04-05 20:08 <DIR> d-------- C:\Documents and Settings\Private\Application Data\AVG7
2008-04-04 21:35 . 2008-04-04 21:35 <DIR> d-------- C:\Documents and Settings\Candette\Application Data\TaxCut
2008-03-31 21:16 . 2008-03-31 21:16 <DIR> d-------- C:\Documents and Settings\Mitchell\Application Data\TaxCut
2008-03-31 21:14 . 2008-03-31 21:15 <DIR> d-------- C:\Program Files\TaxCut07
2008-03-31 21:14 . 2008-04-04 17:44 <DIR> d-------- C:\Program Files\PDF995
2008-03-31 21:10 . 2008-03-31 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TaxCut
2008-03-26 16:49 . 2008-03-26 16:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 16:49 . 2008-03-26 16:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-23 19:07 . 2005-04-06 03:23 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-03-23 19:07 . 2005-04-06 03:22 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-03-23 19:07 . 2005-04-06 03:19 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-03-12 19:07 . 2008-03-12 19:07 <DIR> d-------- C:\Program Files\TeamViewer3
2008-03-12 19:07 . 2008-03-12 19:07 <DIR> d-------- C:\Documents and Settings\Candette\Application Data\TeamViewer
2008-03-12 19:07 . 2008-03-12 19:07 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 19:06 . 2008-03-12 19:06 <DIR> d-------- C:\Documents and Settings\Candette\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 22:27 --------- d-----w C:\Program Files\QuickTime
2008-04-12 22:27 --------- d-----w C:\Program Files\iTunes
2008-04-12 22:27 --------- d-----w C:\Program Files\DellSupport
2008-04-12 22:15 --------- d-----w C:\Documents and Settings\Candette\Application Data\AVG7
2008-04-12 21:45 --------- d-----w C:\Program Files\America Online 8.0
2008-04-12 17:34 --------- d-----w C:\Documents and Settings\Mitchell\Application Data\AVG7
2008-04-08 01:28 --------- d-----w C:\Documents and Settings\Nicole\Application Data\AVG7
2008-04-04 21:44 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2008-04-04 21:44 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2008-03-23 23:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-23 23:23 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-22 22:51 --------- d-----w C:\Program Files\iWin.com
2008-03-22 22:47 --------- d-----w C:\Program Files\AOL Games
2008-03-22 17:48 --------- d-----w C:\Program Files\Registry Defender
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 02:31 --------- d-----w C:\Documents and Settings\Candette\Application Data\Apple Computer
2008-03-12 23:39 --------- d-----w C:\Program Files\installer
2008-03-10 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 22:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 21:00 174,592 ----a-w C:\WINDOWS\system32\lexpps.exe
2008-03-09 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-09 03:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-09 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 20:49 --------- d-----w C:\Program Files\Blink
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-23 02:44 --------- d-----w C:\Program Files\Trend Micro
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-22 03:33 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-17 23:15 --------- d-----w C:\Documents and Settings\Mitchell\Application Data\PlayFirst
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-23 16:49 10 ----a-w C:\Program Files\.autoreg
2006-01-26 01:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-12_22.33.15.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 12:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-10-25 13:51:24 4,179,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\E712E36662CF9424E9E81F09DC367E73\7.4.0\datatierapi.dll
+ 2007-10-25 13:51:26 79,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\E712E36662CF9424E9E81F09DC367E73\7.4.0\formrendermgmt.dll
+ 2007-10-25 13:51:26 165,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\E712E36662CF9424E9E81F09DC367E73\7.4.0\primitives.dll
+ 2007-10-25 13:51:28 5,076,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\E712E36662CF9424E9E81F09DC367E73\7.4.0\taxcut.exe
+ 2007-10-25 13:51:32 8,217,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\E712E36662CF9424E9E81F09DC367E73\7.4.0\ustax.dll
+ 2008-04-05 01:40:33 97,566 ----a-r C:\WINDOWS\Installer\{58381EE3-A57D-448F-BC8E-FFC66987615E}\ARPPRODUCTICON.exe
+ 2008-04-04 21:43:20 139,264 ----a-r C:\WINDOWS\Installer\{663E217E-FC26-4249-9E8E-F190CD63E737}\ARPPRODUCTICON.exe
+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-12-06 06:05:00 127,035 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe
- 2007-12-07 02:21:45 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-12-07 02:21:45 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-07 02:21:45 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-07 02:21:47 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-07 02:21:47 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 02:21:48 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-12-10 01:56:47 384,816 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-10 11:29:48 384,816 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-02-27 01:51:17 135,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pdf995ps5ui.dll
+ 2008-04-04 21:44:36 135,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pdf995ps5ui.dll
- 2007-02-27 01:51:17 17,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pdf995ui5.DLL
+ 2008-04-04 21:44:37 15,872 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pdf995ui5.DLL
- 2007-02-27 01:51:17 470,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pscript5-32.dll
+ 2008-04-04 21:44:36 470,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pscript5-32.dll
- 2007-02-27 01:51:17 135,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pdf995ps5ui.dll
+ 2008-04-04 21:44:36 135,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pdf995ps5ui.dll
- 2007-02-27 01:51:15 218,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\Pdf995ui.dll
+ 2008-04-04 21:44:26 218,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\Pdf995ui.dll
- 2007-02-27 01:51:17 17,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pdf995ui5.DLL
+ 2008-04-04 21:44:37 15,872 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pdf995ui5.DLL
- 2007-02-27 01:51:15 225,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\Pscript.dll
+ 2008-04-04 21:44:26 225,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\Pscript.dll
- 2007-02-27 01:51:17 470,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pscript5-32.dll
+ 2008-04-04 21:44:36 470,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pscript5-32.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\STSYSTRA.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-10 17:01 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-10 17:02 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 14:04 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 8.0 Tray Icon.lnk - C:\Program Files\America Online 8.0\aoltray.exe [2006-10-15 22:45:07 36940]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-06 22:51:35 24576]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-09-24 19:48:00 315392]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 05:47:22 151552]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16:12:08 16423]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YourScreen.lnk
backup=C:\WINDOWS\pss\YourScreen.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2006-12-13 17:15 2785256 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 16:12]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-07-23 19:50:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 18:49:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-12 18:52:45
ComboFix-quarantined-files.txt 2008-04-12 22:52:41
ComboFix2.txt 2008-03-23 23:03:13
ComboFix3.txt 2008-03-13 02:33:56
Pre-Run: 133,117,358,080 bytes free
Post-Run: 133,088,194,560 bytes free
.
2008-04-10 02:45:48 --- E O F ---

New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:23 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://schools.nyc.gov/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: XBTP09580 - {B16F8052-1A10-4967-9F98-1A21ECC782F2} - C:\PROGRA~1\WORDRE~1\tbu11\WORDRE~1.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WordReferenceEnEs - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\WordReferenceEnEs\tbu11\wordreferenceEnEs.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.15.43/ttinst.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...sh.1.0.0.47.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9070 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users