Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan:win32/vundo.gen!d


  • This topic is locked This topic is locked
28 replies to this topic

#1 angiedenise

angiedenise

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 12 April 2008 - 09:27 PM

Hi. I'm hoping to find some help here. I have had a virus for about a week. I have tried everything -- to no avail. Windows OneCare has identified trojan:win32/vundo.gen!d and worm:win32/agent.af and has supposedly "removed" them, but I still have a virus. I have tried to follow the directions for posting a problem -- hope I did it right! :-)

Blessings,
Angie

Deckard's System Scanner v20071014.68
Run by Angie Amos on 2008-04-12 18:23:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
116: 2008-04-13 01:23:58 UTC - RP876 - Deckard's System Scanner Restore Point
115: 2008-04-12 20:54:00 UTC - RP875 - Microsoft OneCare Protection Checkpoint
114: 2008-04-12 10:43:45 UTC - RP874 - System Checkpoint
113: 2008-04-11 09:33:00 UTC - RP873 - System Checkpoint
112: 2008-04-10 09:13:18 UTC - RP872 - Microsoft OneCare Protection Checkpoint


-- First Restore Point --
1: 2008-04-06 07:48:31 UTC - RP761 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Angie Amos.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:55 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QdrModule\QdrModule15.exe
C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\ie.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Bat\X_Bat.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\Angie Amos\Desktop\dss.exe
C:\PROGRA~1\Yahoo!\YUM\yum.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Angie Amos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {DC10588F-7FDB-4770-A50D-A0E55ED89658} - C:\WINDOWS\system32\qoMfedET.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - S-1-5-18 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

--
End of file - 10126 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>

S1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys (file missing)
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-08 10:46:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-12 14:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 14:49:29 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 14:49:28 0 d-------- C:\WINDOWS\LastGood
2008-04-12 13:37:15 0 d-------- C:\Program Files\QdrPack
2008-04-12 01:10:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-12 01:08:46 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-04-12 01:08:13 0 d-------- C:\Program Files\Bat
2008-04-11 12:44:48 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-04-11 11:44:58 229526 --a------ C:\WINDOWS\system32\000080.exe
2008-04-11 06:47:23 0 dr-h----- C:\Documents and Settings\Angie Amos\Recent
2008-04-11 06:29:24 0 d-------- C:\Program Files\Trend Micro
2008-04-11 06:28:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-11 06:24:38 0 d-------- C:\Program Files\CCleaner
2008-04-09 15:33:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-09 15:33:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-04-09 15:33:25 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-09 15:33:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-09 15:33:25 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-09 15:33:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-09 15:33:25 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-09 15:33:25 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-09 15:33:25 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-09 15:33:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-09 15:33:25 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-09 15:33:25 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-09 15:33:25 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-09 15:33:25 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-09 15:33:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-09 15:33:25 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-09 15:33:24 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-09 12:59:52 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-08 00:18:22 0 d-------- C:\WINDOWS\system32\bits
2008-04-07 23:52:50 0 d-------- C:\6cc6832e643e12fb29e0dca664
2008-04-07 22:47:09 1172 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 22:45:07 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-07 22:45:07 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-07 22:45:07 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-07 22:45:06 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-07 22:45:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-07 22:45:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-07 22:45:05 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-07 22:44:55 0 d-------- C:\Documents and Settings\Angie Amos\SmitfraudFix
2008-04-07 21:43:20 0 d-------- C:\Program Files\180search assistant
2008-04-07 21:43:19 0 d-------- C:\Program Files\180solutions
2008-04-07 21:43:19 0 d-------- C:\Program Files\180searchassistant
2008-04-07 05:59:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-07 05:56:36 0 d-------- C:\Program Files\Common Files\iS3
2008-04-07 05:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-07 05:49:40 19968 --a------ C:\WINDOWS\stcloader.exe
2008-04-07 05:49:39 9728 --a------ C:\WINDOWS\bokja.exe
2008-04-07 05:37:21 15616 --a------ C:\WINDOWS\mssvr.exe
2008-04-07 05:37:21 23040 --a------ C:\WINDOWS\bjam.dll
2008-04-07 05:37:20 26112 --a------ C:\WINDOWS\2020search.dll
2008-04-07 05:37:18 30208 --a------ C:\WINDOWS\180ax.exe
2008-04-07 05:37:17 19200 --a------ C:\WINDOWS\saiemod.dll
2008-04-07 05:37:12 18432 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-06 18:00:25 1288 --ahs---- C:\WINDOWS\system32\TEdefMoq.ini2
2008-04-06 17:56:57 0 d-------- C:\Program Files\seekmo
2008-04-06 17:56:56 0 d-------- C:\Program Files\zango
2008-04-06 14:56:41 0 d-------- C:\VundoFix Backups
2008-04-06 09:03:50 0 d-------- C:\Documents and Settings\Angie Amos\.housecall6.6
2008-04-06 01:23:07 14848 --a------ C:\WINDOWS\voiceip.dll
2008-04-06 01:23:07 9472 --a------ C:\WINDOWS\swin32.dll
2008-04-06 01:23:07 16128 --a------ C:\WINDOWS\cdsm32.dll
2008-04-06 01:23:07 0 d-------- C:\Program Files\stc
2008-04-06 01:23:06 17152 --a------ C:\WINDOWS\mspphe.dll
2008-04-06 01:23:06 29184 --a------ C:\WINDOWS\2020search2.dll
2008-04-06 01:23:04 12288 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-04-06 01:23:04 32512 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-04-06 01:23:03 23040 --a------ C:\WINDOWS\updatetc.exe
2008-04-06 01:23:03 17408 --a------ C:\WINDOWS\salm.exe
2008-04-06 01:23:02 24320 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-06 01:23:02 0 d-------- C:\WINDOWS\FLEOK
2008-04-06 01:23:01 30208 --a------ C:\WINDOWS\msapasrc.dll
2008-04-06 01:23:00 28928 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-06 01:23:00 22272 --a------ C:\WINDOWS\msa64chk.dll
2008-04-06 01:22:59 9728 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-06 01:22:59 20736 --a------ C:\WINDOWS\shdocpl.dll
2008-04-06 01:22:59 17920 --a------ C:\WINDOWS\shdocpe.dll
2008-04-06 01:22:59 24064 --a------ C:\WINDOWS\ntnut.exe
2008-04-06 01:22:58 17920 --a------ C:\WINDOWS\winsb.dll
2008-04-06 01:22:58 30208 --a------ C:\WINDOWS\browserad.dll
2008-04-06 01:22:58 0 d-------- C:\Program Files\Sysmnt
2008-04-06 01:22:57 24832 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-06 01:22:57 22272 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-06 01:22:57 13056 --a------ C:\WINDOWS\avifile32.dll
2008-04-06 01:22:57 28416 --a------ C:\WINDOWS\autodisc32.dll
2008-04-06 01:22:56 24064 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-06 01:22:56 17152 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-06 01:22:56 27392 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-06 01:22:56 10496 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-06 01:22:56 12288 --a------ C:\WINDOWS\athprxy32.dll
2008-04-06 01:22:56 12544 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-06 01:22:56 13824 --a------ C:\WINDOWS\asferror32.dll
2008-04-06 01:22:56 10240 --a------ C:\WINDOWS\apphelp32.dll
2008-04-06 00:48:15 272464 --ahs---- C:\WINDOWS\system32\feKQstwa.ini2
2008-04-06 00:44:23 0 d-------- C:\Program Files\QdrModule
2008-04-06 00:44:07 0 d-------- C:\Program Files\QdrDrive
2008-04-06 00:43:54 0 d-------- C:\Program Files\ISM
2008-04-06 00:43:02 91561 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-04 22:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe
2008-03-20 02:26:29 0 d-------- C:\Program Files\Bonjour
2008-03-20 02:19:46 0 d-------- C:\Program Files\Apple Software Update
2008-03-20 02:19:19 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-20 02:17:55 0 d-------- C:\Program Files\Common Files\Apple
2008-03-20 02:17:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-17 17:13:37 0 d-------- C:\Program Files\Smilebox


-- Find3M Report ---------------------------------------------------------------

2008-04-12 12:09:47 5018 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-12 12:09:47 104 -r-hs---- C:\WINDOWS\system32\AEB55C9F59.sys
2008-04-12 01:08:46 0 d-------- C:\Program Files\Common Files
2008-04-11 06:24:49 0 d-------- C:\Program Files\Yahoo!
2008-04-09 13:27:31 0 d-------- C:\Program Files\iTunes
2008-04-09 13:27:18 0 d-------- C:\Program Files\iPod
2008-04-09 13:25:29 0 d-------- C:\Program Files\QuickTime
2008-04-09 05:58:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-09 05:49:59 0 d-------- C:\Program Files\LimeWire
2008-04-09 05:36:28 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-07 05:50:05 0 d-------- C:\Documents and Settings\Angie Amos\Application Data\SUPERAntiSpyware.com
2008-04-07 05:49:39 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-04 23:49:13 0 d-------- C:\Documents and Settings\Angie Amos\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
03/07/2008 09:15 PM 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
04/03/2008 01:05 PM 147456 --a------ C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC10588F-7FDB-4770-A50D-A0E55ED89658}]
C:\WINDOWS\system32\qoMfedET.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/22/2008 07:43 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [04/03/2008 06:53 AM]
"Microsoft Windows Installer"="C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\ie.exe" []
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" [04/04/2008 01:17 PM]

C:\Documents and Settings\Angie Amos\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [4/12/2008 1:08:05 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [12/27/2005 5:22:03 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/27/2005 5:18:19 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/2/2006 5:29:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMfedET

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-04-12 18:25:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.66GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 509.98 MiB / 197.22 MiB
Pagefile Memory (total/avail): 1248.68 MiB / 805.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.13 MiB

C: is Fixed (NTFS) - 145.97 GiB total, 81.62 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L160P0 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 145.97 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"="C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1136703139\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1136703139\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1136703139\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1136703139\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yahoo! Browser"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Angie Amos\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AMOSABODE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Angie Amos
LOGONSERVER=\\AMOSABODE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp
USERDOMAIN=AMOSABODE
USERNAME=Angie Amos
USERPROFILE=C:\Documents and Settings\Angie Amos
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Angie Amos (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\Yahoo!\Common\unybase.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Backspin Billiards (remove only) --> "C:\Program Files\Yahoo! Games\Backspin Billiards\Uninstall.exe"
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Frets On Fire --> "C:\Documents and Settings\Angie Amos\My Documents\Frets on Fire\Uninstall.exe"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google AFE --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
GTOneCare --> MsiExec.exe /X{72690A58-4C2A-4CDE-928C-DF925B125F43}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_4158bdfb\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
MGI PhotoSuite 4 (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
MGI Photovista 2.02(Remove only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\Photovista\Uninst.isu"
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Windows Live OneCare Resources v2.0.2500.22 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.22 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.22 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Angie Amos\Application Data\Move Networks\ie_bin\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Angie Amos\Application Data\Move Networks\ie_bin\unins000.exe"
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe"
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Plaxo Toolbar for Outlook (with AIM Enhancements) --> C:\Program Files\Plaxo\2.13.1.3\uninstall.exe
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SBC Yahoo! DSL Home Networking Installer --> C:\Program Files\2Wire\Uninstaller.exe
SeaWar The Battles 2 Demo --> "C:\Program Files\TerraGame\SeaWar The Battles 2 Demo\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
The Print Shop 20 --> MsiExec.exe /I{863DCE5B-D6CA-4DC5-9F95-7DCFED15DE8F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type7382 / Error
Event Submitted/Written: 04/12/2008 06:25:04 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Event Record #/Type7381 / Error
Event Submitted/Written: 04/12/2008 05:46:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ybrowser.exe, version 2006.8.11.1, faulting module unknown, version 0.0.0.0, fault address 0x68023f45.
Processing media-specific event for [ybrowser.exe!ws!]

Event Record #/Type7374 / Warning
Event Submitted/Written: 04/12/2008 01:26:00 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7372 / Warning
Event Submitted/Written: 04/12/2008 01:20:37 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}', feature 'iTunes' failed during request for component '{E8A1D3E2-F5D3-4B24-AB93-52F7E602A235}'

Event Record #/Type7371 / Warning
Event Submitted/Written: 04/12/2008 01:20:37 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}', feature 'iTunes', component '{2A7E5403-A5F5-4D02-AE05-7E93F2F0B9F4}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\iTunesAddIn.CalendarHelper\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type28 / Warning
Event Submitted/Written: 04/12/2008 01:53:53 PM
Event ID/Source: 1006 / OneCareMP
Event Description:
%AMOSABODE29 scan has detected spyware or other potentially unwanted software.

For more information please see the following:
%AMOSABODE295

Scan ID: {51C81C01-D9C0-43B6-93C4-8BC0F0705A13}

Scan Type: %AMOSABODE02

Scan Parameters: %AMOSABODE09

User: AMOSABODE\Angie Amos

Name: %AMOSABODE291

ID: %AMOSABODE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %AMOSABODE296

Detection Type: 1.5.1944.02

Event Record #/Type15 / Error
Event Submitted/Written: 04/12/2008 01:38:00 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Event Record #/Type13 / Error
Event Submitted/Written: 04/12/2008 01:38:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type9 / Error
Event Submitted/Written: 04/12/2008 01:35:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type6 / Error
Event Submitted/Written: 04/12/2008 01:33:20 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
SASKUTIL



-- End of Deckard's System Scanner: finished at 2008-04-12 18:25:49 ------------

KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 3:42:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 700711


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 15334
Number of viruses found 5
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 00:11:24

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2476A051-23F9-4946-9CBB-E44664A703DE}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\000090.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\WINDOWS\system32\000090.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\WINDOWS\system32\000090.exe NSIS: infected - 2 skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\BatSetup.exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\Perflib_Perfdata_af0.dat Object is locked skipped

C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\syswcc32.exe RarSFX: infected - 4 skipped

C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\~DF2EDA.tmp Object is locked skipped

Scan process completed.
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 3:49:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 700711


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Memory


Scan Statistics
Total number of scanned objects 2170
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:00:41

Infected Object Name Virus Name Last Action
[1584] wmsdkns.exe => C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped

[1828] QdrModule15.exe => C:\Program Files\QdrModule\QdrModule15.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

[1140] iexplore.exe => C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

Scan process completed.
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 5:01:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 700711


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 88380
Number of viruses found 11
Number of infected objects 28
Number of suspicious objects 0
Duration of the scan process 01:11:59

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-04092008-130354.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped

C:\Documents and Settings\Angie Amos\.housecall6.6\Quarantine\03 Track 3.wma.bac_a03536 Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\.housecall6.6\Quarantine\awtsQKef.dll.bac_a03536 Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\Angie Amos\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\BatSetup.exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\Perflib_Perfdata_af0.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe RarSFX: infected - 4 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\~DF2EDA.tmp Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\charlie patton son house.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Angie Amos\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Angie Amos\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Angie Amos\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Program Files\Bat\Info.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe NSIS: infected - 1 skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped

C:\Program Files\QdrModule\QdrModule15.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\Program Files\Yahoo!\Messenger\logs\billing_Angie Amos.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\client_Angie Amos.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\network_Angie Amos.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP864\A0051205.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP865\A0051396.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP875\A0061690.exe Infected: Trojan-Downloader.Win32.Small.ujl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP875\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2476A051-23F9-4946-9CBB-E44664A703DE}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\000090.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\WINDOWS\system32\000090.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\WINDOWS\system32\000090.exe NSIS: infected - 2 skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 6:19:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 700711


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\
D:\

Scan Statistics
Total number of scanned objects 88407
Number of viruses found 11
Number of infected objects 28
Number of suspicious objects 0
Duration of the scan process 01:12:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-04092008-130354.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped

C:\Documents and Settings\Angie Amos\.housecall6.6\Quarantine\03 Track 3.wma.bac_a03536 Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\.housecall6.6\Quarantine\awtsQKef.dll.bac_a03536 Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\Angie Amos\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\History\History.IE5\MSHist012008041220080413\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\BatSetup.exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\Perflib_Perfdata_af0.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe RarSFX: infected - 4 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\~DF2EDA.tmp Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\charlie patton son house.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Angie Amos\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Angie Amos\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Angie Amos\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Program Files\Bat\Info.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe NSIS: infected - 1 skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped

C:\Program Files\QdrModule\QdrModule15.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\Program Files\Yahoo!\Messenger\logs\billing_Angie Amos.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\client_Angie Amos.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\network_Angie Amos.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP864\A0051205.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP865\A0051396.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP875\A0061690.exe Infected: Trojan-Downloader.Win32.Small.ujl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP875\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2476A051-23F9-4946-9CBB-E44664A703DE}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\000090.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\WINDOWS\system32\000090.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\WINDOWS\system32\000090.exe NSIS: infected - 2 skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 6:19:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 700711


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\
D:\

Scan Statistics
Total number of scanned objects 88407
Number of viruses found 11
Number of infected objects 28
Number of suspicious objects 0
Duration of the scan process 01:12:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-04092008-130354.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped

C:\Documents and Settings\Angie Amos\.housecall6.6\Quarantine\03 Track 3.wma.bac_a03536 Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\.housecall6.6\Quarantine\awtsQKef.dll.bac_a03536 Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\Angie Amos\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\History\History.IE5\MSHist012008041220080413\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\BatSetup.exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\Perflib_Perfdata_af0.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\syswcc32.exe RarSFX: infected - 4 skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temp\~DF2EDA.tmp Object is locked skipped

C:\Documents and Settings\Angie Amos\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Angie Amos\My Documents\Karahs ipod photos\charlie patton son house.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Angie Amos\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Angie Amos\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Angie Amos\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Program Files\Bat\Info.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe NSIS: infected - 1 skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped

C:\Program Files\QdrModule\QdrModule15.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\Program Files\Yahoo!\Messenger\logs\billing_Angie Amos.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\client_Angie Amos.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\network_Angie Amos.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP864\A0051205.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP865\A0051396.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP873\A0061640.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP875\A0061690.exe Infected: Trojan-Downloader.Win32.Small.ujl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP875\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2476A051-23F9-4946-9CBB-E44664A703DE}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\000090.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\WINDOWS\system32\000090.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped

C:\WINDOWS\system32\000090.exe NSIS: infected - 2 skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:59 PM

Posted 13 April 2008 - 04:42 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {DC10588F-7FDB-4770-A50D-A0E55ED89658} - C:\WINDOWS\system32\qoMfedET.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\ANGIEA~1\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - S-1-5-18 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'Default user')
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\QdrDrive <--folder
C:\Program Files\Bat <--folder
C:\Program Files\QdrModule <--folder

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the box --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Reboot back into normal mode.

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3 angiedenise

angiedenise
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 13 April 2008 - 10:26 AM

Hi, again. Thanks so much for your quick response. I was able to follow all of the instructions except:

1) My computer would not delete C:\WINDOWS\system32\wmsdkns.exe
- Message came up: "Cannot delete wmsdkns. Access is denied. Make sure the disk is not full or write-protected
and that the file is not currently in use."
2) Windows could not find "-->cleanmgr," so I was unable to run it. (I did run CCleaner, thinking that it might possibly
serve the same purpose?)

In any case, the background on my screen is no longer displaying the message: "Warning: Spyware threat has been detected on your PC," and I have not been seeing any pop-ups since I rebooted. I will include the requested logs below. Thanks again for all the help!!!


ComboFix 08-04-12.8 - Angie Amos 2008-04-13 7:56:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.139 [GMT -7:00]
Running from: C:\Documents and Settings\Angie Amos\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Angie Amos\Application Data\FunWebProducts
C:\Documents and Settings\Angie Amos\Application Data\FunWebProducts\Data\Angie Amos\avatar.dat
C:\Documents and Settings\Angie Amos\Application Data\FunWebProducts\Data\Angie Amos\register.dat
C:\Documents and Settings\Angie Amos\Application Data\FunWebProducts\Data\Angie Amos\zbucks.dat
C:\Documents and Settings\Angie Amos\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Angie Amos\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Angie Amos\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\9683FDE1.urr
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive15.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dicy.gz
C:\Program Files\QdrModule\kwdy.gz
C:\Program Files\QdrModule\pckr.dat
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\WinBudget
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\123messenger.per
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\BM8f103d30.xml
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\000090.exe
C:\WINDOWS\system32\feKQstwa.ini
C:\WINDOWS\system32\feKQstwa.ini2
C:\WINDOWS\system32\ilekdxxr.ini
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\TEdefMoq.ini
C:\WINDOWS\system32\TEdefMoq.ini2
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\telefonos.txt
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\textos.txt
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 00:25 . 2008-04-13 00:25 54,272 --a------ C:\WINDOWS\system32\L92EF.tmp
2008-04-13 00:25 . 2008-04-13 00:25 8,268 --a------ C:\WINDOWS\system32\LAC91.tmp
2008-04-13 00:25 . 2008-04-13 00:25 397 --a------ C:\WINDOWS\system32\LC8D4.tmp
2008-04-13 00:25 . 2008-04-13 00:25 397 --a------ C:\WINDOWS\system32\LC549.tmp
2008-04-13 00:25 . 2008-04-13 00:25 397 --a------ C:\WINDOWS\system32\LB1F0.tmp
2008-04-13 00:25 . 2008-04-13 00:25 397 --a------ C:\WINDOWS\system32\LADD9.tmp
2008-04-12 18:23 . 2008-04-12 18:23 <DIR> d-------- C:\Deckard
2008-04-12 14:49 . 2008-04-12 14:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 14:49 . 2008-04-12 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 01:10 . 2008-04-12 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-12 01:08 . 2008-04-13 00:26 <DIR> d-------- C:\Program Files\Bat
2008-04-12 01:08 . 2008-04-13 00:26 41,724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-04-11 12:44 . 2008-04-11 12:44 187,904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-04-11 06:29 . 2008-04-11 06:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 06:28 . 2008-04-11 06:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-11 06:24 . 2008-04-11 06:25 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 13:05 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-04-09 13:04 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-04-09 12:59 . 2008-04-12 22:14 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-09 12:42 . 2008-04-09 12:42 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-09 07:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-09 07:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-09 07:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-09 06:08 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-04-08 00:18 . 2008-04-08 00:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-08 00:16 . 2007-03-29 05:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-04-08 00:16 . 2007-03-29 05:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-04-08 00:16 . 2007-03-29 05:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-04-08 00:16 . 2007-03-29 05:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-08 00:16 . 2007-03-29 05:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-04-08 00:16 . 2007-03-29 05:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-04-07 22:47 . 2008-04-07 23:35 1,172 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 22:45 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-07 22:45 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-07 22:45 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-07 22:45 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-07 22:45 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-07 22:45 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-07 22:45 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-07 22:44 . 2008-04-07 22:48 <DIR> d-------- C:\Documents and Settings\Angie Amos\SmitfraudFix
2008-04-07 05:59 . 2008-04-07 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-07 05:56 . 2008-04-07 05:56 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-07 05:56 . 2008-04-07 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-06 18:06 . 2008-04-07 18:06 526 --ahs---- C:\WINDOWS\system32\rbcxdovw.ini
2008-04-06 14:56 . 2008-04-06 14:56 <DIR> d-------- C:\VundoFix Backups
2008-04-06 09:03 . 2008-04-06 14:44 <DIR> d-------- C:\Documents and Settings\Angie Amos\.housecall6.6
2008-04-06 00:42 . 2008-04-06 00:42 396 --a------ C:\WINDOWS\system32\L1E68.tmp
2008-04-06 00:42 . 2008-04-06 00:42 396 --a------ C:\WINDOWS\system32\L18CB.tmp
2008-04-06 00:42 . 2008-04-06 00:42 396 --a------ C:\WINDOWS\system32\L138B.tmp
2008-04-06 00:42 . 2008-04-06 00:42 396 --a------ C:\WINDOWS\system32\L1149.tmp
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-20 02:26 . 2008-03-20 02:26 <DIR> d-------- C:\Program Files\Bonjour
2008-03-20 02:19 . 2008-04-09 13:05 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-20 02:19 . 2008-03-20 02:19 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-20 02:17 . 2008-03-20 02:17 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-20 02:17 . 2008-03-20 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-17 17:13 . 2008-03-17 17:13 <DIR> d-------- C:\Program Files\Smilebox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 13:24 --------- d-----w C:\Program Files\Yahoo!
2008-04-09 20:27 --------- d-----w C:\Program Files\iTunes
2008-04-09 20:27 --------- d-----w C:\Program Files\iPod
2008-04-09 20:25 --------- d-----w C:\Program Files\QuickTime
2008-04-09 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-09 12:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-09 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 12:49 --------- d-----w C:\Program Files\LimeWire
2008-04-09 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-04-09 12:36 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-07 12:50 --------- d-----w C:\Documents and Settings\Angie Amos\Application Data\SUPERAntiSpyware.com
2008-04-07 12:49 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-05 06:49 --------- d-----w C:\Documents and Settings\Angie Amos\Application Data\LimeWire
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 393,216 2004-09-15 08:52:53 C:\Program Files\2Wire\bak\2PortalMon.exe

----a-r 313,472 2006-03-31 00:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 57,344 2005-06-07 06:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

----a-w 1,404,928 2004-10-15 01:42:54 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe

----a-w 50,792 2006-04-20 17:10:13 C:\Program Files\Common Files\AOL\1136703139\ee\bak\AOLSoftware.exe

----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe

----a-w 81,920 2005-06-10 16:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 249,856 2005-06-10 16:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 53,248 2005-02-23 22:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 16,384 2007-11-15 17:24:00 C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe

----a-w 460,784 2007-03-15 18:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 168,448 2005-12-28 00:30:34 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe

----a-w 274,432 2005-09-16 16:43:06 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 17:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-09-25 08:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 8,192 2006-09-18 21:46:30 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe

----a-w 110,592 2006-09-18 21:46:30 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

----a-w 8,720,384 2007-12-19 01:47:24 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe

----a-w 227,914 2007-12-12 01:21:12 C:\Program Files\Plaxo\2.13.1.3\bak\PlaxoHelper.exe

----a-w 155,648 2006-12-26 03:53:00 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 06:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 26,112 2005-12-28 00:22:30 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 98,304 2003-07-14 19:30:26 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe

----a-w 129,536 2006-07-22 00:19:46 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe

----a-w 4,670,968 2007-03-02 01:11:26 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

----a-w 15,360 2004-08-04 11:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 11:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 77,824 2005-09-20 16:32:24 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-09-20 16:36:20 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-09-20 16:35:40 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 127,035 2004-12-06 07:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-12-27 17:22:03 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-27 17:18:19 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 05:29:26 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"= C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136703139\\ee\\aim6.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-10-06 22:24]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 17:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 08:02:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-04-13 8:06:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 15:06:28
Pre-Run: 87,059,931,136 bytes free
Post-Run: 86,989,459,456 bytes free
.
2008-04-09 19:46:47 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:20 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

--
End of file - 7652 bytes

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:59 PM

Posted 13 April 2008 - 01:50 PM

The logs are looking a lot better already!

It is a again a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Firstly download: DelDomains.inf
Locate DelDomains.inf right-click and select: Install
Note: you will not see any on-screen action ...
This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplyed.[/list]
Then download the ResetProtocolDefaults regscript
Download it and save it to your desktop.
Right click it and choose merge.
When it asks you if you want to merge the contents to the registry, click yes/ok.

Click start > run and type: notepad, then hit enter.
Copy and paste in the following text into the window.

File::
C:\WINDOWS\system32\L92EF.tmp
C:\WINDOWS\system32\LAC91.tmp
C:\WINDOWS\system32\LC8D4.tmp
C:\WINDOWS\system32\LC549.tmp
C:\WINDOWS\system32\LB1F0.tmp
C:\WINDOWS\system32\LADD9.tmp
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\WINDOWS\system32\rbcxdovw.ini
C:\WINDOWS\system32\L1E68.tmp
C:\WINDOWS\system32\L18CB.tmp
C:\WINDOWS\system32\L18CB.tmp
C:\WINDOWS\system32\L1149.tmp

Folder::
C:\Program Files\Bat

Click File > Save and call it "CFScript.txt" (without quotes).
Save it to your desktop.
Posted Image
Refering to the picture above, drag CFscript.txt into ComboFix.exe
Combofix will run, and a text file will open. Please post it back here.

Click here to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to Press any key to continue.
Type 1 and hit enter to search for cloned executables.
Please post the log it creates back here, along with the new Combofix log... :thumbsup:

#5 angiedenise

angiedenise
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 13 April 2008 - 05:17 PM

Okay, here are the new logs... :thumbsup:



ComboFix 08-04-12.8 - Angie Amos 2008-04-13 15:03:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.234 [GMT -7:00]
Running from: C:\Documents and Settings\Angie Amos\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angie Amos\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\system32\L1149.tmp
C:\WINDOWS\system32\L18CB.tmp
C:\WINDOWS\system32\L1E68.tmp
C:\WINDOWS\system32\L92EF.tmp
C:\WINDOWS\system32\LAC91.tmp
C:\WINDOWS\system32\LADD9.tmp
C:\WINDOWS\system32\LB1F0.tmp
C:\WINDOWS\system32\LC549.tmp
C:\WINDOWS\system32\LC8D4.tmp
C:\WINDOWS\system32\rbcxdovw.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Angie Amos\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Angie Amos\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Angie Amos\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Bat
C:\Program Files\Bat\Bat.dll
C:\Program Files\Bat\Bat.dll.intermediate.manifest
C:\Program Files\Bat\Bat.exe
C:\Program Files\Bat\Bat.original
C:\Program Files\Bat\Info.dll
C:\Program Files\Bat\un_BatSetup_15041.exe
C:\Program Files\Bat\un_BatSetup_15041.txt
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Bat\X_Bat.log
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive15.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dicy.gz
C:\Program Files\QdrModule\kwdy.gz
C:\Program Files\QdrModule\pckr.dat
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\QdrPack\trgts.gz
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\000090.exe
C:\WINDOWS\system32\L1149.tmp
C:\WINDOWS\system32\L18CB.tmp
C:\WINDOWS\system32\L1E68.tmp
C:\WINDOWS\system32\L92EF.tmp
C:\WINDOWS\system32\LAC91.tmp
C:\WINDOWS\system32\LADD9.tmp
C:\WINDOWS\system32\LB1F0.tmp
C:\WINDOWS\system32\LC549.tmp
C:\WINDOWS\system32\LC8D4.tmp
C:\WINDOWS\system32\rbcxdovw.ini

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 12:35 . 2008-04-13 12:35 54,272 --a------ C:\WINDOWS\system32\LE2E9.tmp
2008-04-13 12:35 . 2008-04-13 12:35 14,848 --a------ C:\OwSO.exe
2008-04-13 12:35 . 2008-04-13 12:35 8,268 --a------ C:\WINDOWS\system32\L1052.tmp
2008-04-13 12:35 . 2008-04-13 12:35 397 --a------ C:\WINDOWS\system32\L1582.tmp
2008-04-13 12:35 . 2008-04-13 12:35 397 --a------ C:\WINDOWS\system32\L1488.tmp
2008-04-13 12:35 . 2008-04-13 12:35 397 --a------ C:\WINDOWS\system32\L136E.tmp
2008-04-13 12:35 . 2008-04-13 12:35 397 --a------ C:\WINDOWS\system32\L1265.tmp
2008-04-12 18:23 . 2008-04-12 18:23 <DIR> d-------- C:\Deckard
2008-04-12 14:49 . 2008-04-12 14:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 14:49 . 2008-04-12 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 01:10 . 2008-04-12 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-11 06:29 . 2008-04-11 06:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 06:28 . 2008-04-11 06:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-11 06:24 . 2008-04-11 06:25 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 13:05 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-04-09 13:04 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-04-09 12:59 . 2008-04-13 09:14 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-09 12:42 . 2008-04-09 12:42 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-09 07:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-09 07:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-09 07:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-09 06:08 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-04-08 00:18 . 2008-04-08 00:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-08 00:16 . 2007-03-29 05:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-04-08 00:16 . 2007-03-29 05:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-04-08 00:16 . 2007-03-29 05:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-04-08 00:16 . 2007-03-29 05:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-08 00:16 . 2007-03-29 05:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-04-08 00:16 . 2007-03-29 05:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-04-07 22:47 . 2008-04-07 23:35 1,172 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 22:45 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-07 22:45 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-07 22:45 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-07 22:45 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-07 22:45 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-07 22:45 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-07 22:45 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-07 22:44 . 2008-04-07 22:48 <DIR> d-------- C:\Documents and Settings\Angie Amos\SmitfraudFix
2008-04-07 05:59 . 2008-04-07 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-07 05:56 . 2008-04-07 05:56 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-07 05:56 . 2008-04-07 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-06 09:03 . 2008-04-06 14:44 <DIR> d-------- C:\Documents and Settings\Angie Amos\.housecall6.6
2008-04-06 00:42 . 2008-04-06 00:42 396 --a------ C:\WINDOWS\system32\L138B.tmp
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-20 02:26 . 2008-03-20 02:26 <DIR> d-------- C:\Program Files\Bonjour
2008-03-20 02:19 . 2008-04-09 13:05 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-20 02:19 . 2008-03-20 02:19 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-20 02:17 . 2008-03-20 02:17 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-20 02:17 . 2008-03-20 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-17 17:13 . 2008-03-17 17:13 <DIR> d-------- C:\Program Files\Smilebox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 19:09 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-11 13:24 --------- d-----w C:\Program Files\Yahoo!
2008-04-09 20:27 --------- d-----w C:\Program Files\iTunes
2008-04-09 20:27 --------- d-----w C:\Program Files\iPod
2008-04-09 20:25 --------- d-----w C:\Program Files\QuickTime
2008-04-09 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-09 12:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-09 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 12:49 --------- d-----w C:\Program Files\LimeWire
2008-04-09 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-04-09 12:36 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-07 12:50 --------- d-----w C:\Documents and Settings\Angie Amos\Application Data\SUPERAntiSpyware.com
2008-04-07 12:49 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-05 06:49 --------- d-----w C:\Documents and Settings\Angie Amos\Application Data\LimeWire
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 01:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-09 19:32 20,480 ----a-w C:\WINDOWS\system32\L4125.tmp
2008-01-29 19:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-13_ 8.05.53.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 15:04:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_40c.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 393,216 2004-09-15 08:52:53 C:\Program Files\2Wire\bak\2PortalMon.exe

----a-r 313,472 2006-03-31 00:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 57,344 2005-06-07 06:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

----a-w 1,404,928 2004-10-15 01:42:54 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe

----a-w 50,792 2006-04-20 17:10:13 C:\Program Files\Common Files\AOL\1136703139\ee\bak\AOLSoftware.exe

----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe

----a-w 81,920 2005-06-10 16:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 249,856 2005-06-10 16:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 53,248 2005-02-23 22:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 16,384 2007-11-15 17:24:00 C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe

----a-w 460,784 2007-03-15 18:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 168,448 2005-12-28 00:30:34 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe

----a-w 274,432 2005-09-16 16:43:06 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 17:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-09-25 08:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 8,192 2006-09-18 21:46:30 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe

----a-w 110,592 2006-09-18 21:46:30 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

----a-w 8,720,384 2007-12-19 01:47:24 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe

----a-w 227,914 2007-12-12 01:21:12 C:\Program Files\Plaxo\2.13.1.3\bak\PlaxoHelper.exe

----a-w 155,648 2006-12-26 03:53:00 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 06:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 26,112 2005-12-28 00:22:30 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 98,304 2003-07-14 19:30:26 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe

----a-w 129,536 2006-07-22 00:19:46 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe

----a-w 4,670,968 2007-03-02 01:11:26 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

----a-w 15,360 2004-08-04 11:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 11:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 77,824 2005-09-20 16:32:24 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-09-20 16:36:20 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-09-20 16:35:40 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 127,035 2004-12-06 07:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [ ]
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-12-27 17:22:03 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-27 17:18:19 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 05:29:26 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"= C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136703139\\ee\\aim6.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-10-06 22:24]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 17:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 15:06:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 15:07:22
ComboFix-quarantined-files.txt 2008-04-13 22:07:17
ComboFix2.txt 2008-04-13 15:06:39
Pre-Run: 86,913,380,352 bytes free
Post-Run: 86,900,391,936 bytes free
.
2008-04-09 19:46:47 --- E O F ---

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 04/13/2008
The current time is: 15:09:14.74


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\2WIRE\BAK

09/15/2004 01:52 AM 393,216 2PortalMon.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/16/2005 09:43 AM 274,432 iTunesHelper.exe
1 File(s) 274,432 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 09:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/25/2006 08:53 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 04:00 AM 15,360 ctfmon.exe
09/20/2005 09:32 AM 77,824 hkcmd.exe
09/20/2005 09:36 AM 114,688 igfxpers.exe
09/20/2005 09:35 AM 94,208 igfxtray.exe
4 File(s) 302,080 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 06:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 03:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

12/27/2005 05:30 PM 168,448 GoogleDesktop.exe
1 File(s) 168,448 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

09/18/2006 02:46 PM 8,192 mimboot.exe
09/18/2006 02:46 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\MYSPACE\IM\BAK

12/18/2007 06:47 PM 8,720,384 MySpaceIM.exe
1 File(s) 8,720,384 bytes

Directory of C:\PROGRA~1\PLAXO\2131~1.3\BAK

12/11/2007 06:21 PM 227,914 PlaxoHelper.exe
1 File(s) 227,914 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/27/2005 05:22 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\BROWSER\BAK

07/21/2006 05:19 PM 129,536 ybrwicon.exe
1 File(s) 129,536 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

03/01/2007 06:11 PM 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 12:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 05:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 09:59 AM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 09:44 AM 81,920 issch.exe
06/10/2005 09:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\DELLSU~2\GS_AGENT\CUSTOM\BAK

11/15/2007 10:24 AM 16,384 dsca.exe
1 File(s) 16,384 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SBCYAH~1\CONNEC~1\IPINSI~1\BAK

07/14/2003 12:30 PM 98,304 IPMon32.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\113670~1\EE\BAK

04/20/2006 10:10 AM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

393216 Sep 15 2004 "C:\Program Files\2Wire\bak\2PortalMon.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
267048 Mar 30 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
274432 Sep 16 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 9 2008 "C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe"
75048 Apr 9 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
413696 Mar 28 2008 "C:\Program Files\QuickTime\QTTask.exe"
155648 Dec 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Apr 5 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Sep 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\hkcmd.exe"
114688 Apr 5 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
114688 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxpers.exe"
94208 Apr 5 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
94208 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxtray.exe"
1404928 Oct 14 2004 "C:\drivers\audio\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
8192 Oct 29 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
8192 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
110592 Oct 29 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
110592 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
8720384 Dec 18 2007 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe"
226890 Oct 10 2007 "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe"
182860 Apr 12 2006 "C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe"
182855 Apr 17 2006 "C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe"
183367 Aug 30 2006 "C:\Program Files\Plaxo\2.8.1.2\PlaxoHelper.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\2.13.1.3\bak\PlaxoHelper.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670968 Mar 1 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
16384 Nov 15 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
98304 Jul 14 2003 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1136703139\ee\bak\AOLSoftware.exe"


end of report

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:59 PM

Posted 15 April 2008 - 11:26 AM

Ok, thanks for posting the logs. :thumbsup:

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.


You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\2Wire\bak\2PortalMon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe
C:\Program Files\Common Files\AOL\1136703139\ee\bak\AOLSoftware.exe
C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe
C:\Program Files\DellSupport\bak\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Program Files\Messenger\bak\msmsgs.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe
C:\Program Files\MySpace\IM\bak\MySpaceIM.exe
C:\Program Files\Plaxo\2.13.1.3\bak\PlaxoHelper.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe
C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe
C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
C:\WINDOWS\system32\bak\ctfmon.exe
C:\WINDOWS\system32\bak\hkcmd.exe
C:\WINDOWS\system32\bak\igfxpers.exe
C:\WINDOWS\system32\bak\igfxtray.exe
C:\WINDOWS\system32\dla\bak\tfswctrl.exe

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.

It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

#7 angiedenise

angiedenise
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 15 April 2008 - 06:31 PM

Wow -- thanks for the info and the directions! (Maybe I'll become a computer wiz someday -- ha, ha!) Here is the latest log:


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Tue 04/15/2008
The current time is: 16:21:43.54


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\2WIRE\BAK

09/15/2004 01:52 AM 393,216 2PortalMon.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/16/2005 09:43 AM 274,432 iTunesHelper.exe
1 File(s) 274,432 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 09:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/25/2006 08:53 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 04:00 AM 15,360 ctfmon.exe
09/20/2005 09:32 AM 77,824 hkcmd.exe
09/20/2005 09:36 AM 114,688 igfxpers.exe
09/20/2005 09:35 AM 94,208 igfxtray.exe
4 File(s) 302,080 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 06:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 03:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

12/27/2005 05:30 PM 168,448 GoogleDesktop.exe
1 File(s) 168,448 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

09/18/2006 02:46 PM 8,192 mimboot.exe
09/18/2006 02:46 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\MYSPACE\IM\BAK

12/18/2007 06:47 PM 8,720,384 MySpaceIM.exe
1 File(s) 8,720,384 bytes

Directory of C:\PROGRA~1\PLAXO\2131~1.3\BAK

12/11/2007 06:21 PM 227,914 PlaxoHelper.exe
1 File(s) 227,914 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/27/2005 05:22 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\BROWSER\BAK

07/21/2006 05:19 PM 129,536 ybrwicon.exe
1 File(s) 129,536 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

03/01/2007 06:11 PM 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 12:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 05:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 09:59 AM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 09:44 AM 81,920 issch.exe
06/10/2005 09:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\DELLSU~2\GS_AGENT\CUSTOM\BAK

11/15/2007 10:24 AM 16,384 dsca.exe
1 File(s) 16,384 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SBCYAH~1\CONNEC~1\IPINSI~1\BAK

07/14/2003 12:30 PM 98,304 IPMon32.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\113670~1\EE\BAK

04/20/2006 10:10 AM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

393216 Sep 15 2004 "C:\Program Files\2Wire\bak\2PortalMon.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
267048 Mar 30 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
274432 Sep 16 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 9 2008 "C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe"
75048 Apr 9 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
413696 Mar 28 2008 "C:\Program Files\QuickTime\QTTask.exe"
155648 Dec 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Sep 20 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Apr 5 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Sep 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\hkcmd.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Apr 5 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
114688 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxpers.exe"
94208 Sep 20 2005 "C:\WINDOWS\system32\igfxtray.exe"
94208 Apr 5 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
94208 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxtray.exe"
1404928 Oct 14 2004 "C:\drivers\audio\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
8192 Oct 29 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
8192 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
110592 Oct 29 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
110592 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
8720384 Dec 18 2007 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe"
226890 Oct 10 2007 "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe"
182860 Apr 12 2006 "C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe"
182855 Apr 17 2006 "C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe"
183367 Aug 30 2006 "C:\Program Files\Plaxo\2.8.1.2\PlaxoHelper.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\2.13.1.3\bak\PlaxoHelper.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670968 Mar 1 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
16384 Nov 15 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
98304 Jul 14 2003 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1136703139\ee\bak\AOLSoftware.exe"


end of report

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:59 PM

Posted 17 April 2008 - 04:13 PM

Ok, time for round #2! Let's do it! :thumbsup:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\Program Files\2Wire\bak\2PortalMon.exe"
"C:\Program Files\DellSupport\bak\DSAgnt.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
"C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
"C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
"C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.

It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

#9 angiedenise

angiedenise
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 17 April 2008 - 10:18 PM

Here is the latest: :thumbsup:


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Thu 04/17/2008
The current time is: 20:09:51.10


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\2WIRE\BAK

09/15/2004 01:52 AM 393,216 2PortalMon.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/16/2005 09:43 AM 274,432 iTunesHelper.exe
1 File(s) 274,432 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 09:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/25/2006 08:53 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 04:00 AM 15,360 ctfmon.exe
09/20/2005 09:32 AM 77,824 hkcmd.exe
09/20/2005 09:36 AM 114,688 igfxpers.exe
09/20/2005 09:35 AM 94,208 igfxtray.exe
4 File(s) 302,080 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 06:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 03:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

12/27/2005 05:30 PM 168,448 GoogleDesktop.exe
1 File(s) 168,448 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

09/18/2006 02:46 PM 8,192 mimboot.exe
09/18/2006 02:46 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\MYSPACE\IM\BAK

12/18/2007 06:47 PM 8,720,384 MySpaceIM.exe
1 File(s) 8,720,384 bytes

Directory of C:\PROGRA~1\PLAXO\2131~1.3\BAK

12/11/2007 06:21 PM 227,914 PlaxoHelper.exe
1 File(s) 227,914 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/27/2005 05:22 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\BROWSER\BAK

07/21/2006 05:19 PM 129,536 ybrwicon.exe
1 File(s) 129,536 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

03/01/2007 06:11 PM 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 12:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 05:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 09:59 AM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 09:44 AM 81,920 issch.exe
06/10/2005 09:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\DELLSU~2\GS_AGENT\CUSTOM\BAK

11/15/2007 10:24 AM 16,384 dsca.exe
1 File(s) 16,384 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SBCYAH~1\CONNEC~1\IPINSI~1\BAK

07/14/2003 12:30 PM 98,304 IPMon32.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\113670~1\EE\BAK

04/20/2006 10:10 AM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

393216 Sep 15 2004 "C:\Program Files\2Wire\2PortalMon.exe"
393216 Sep 15 2004 "C:\Program Files\2Wire\bak\2PortalMon.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
267048 Mar 30 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
274432 Sep 16 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 16 2008 "C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe"
75048 Apr 9 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
413696 Mar 28 2008 "C:\Program Files\QuickTime\QTTask.exe"
155648 Dec 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Sep 20 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Apr 5 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Sep 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\hkcmd.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Apr 5 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
114688 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxpers.exe"
94208 Sep 20 2005 "C:\WINDOWS\system32\igfxtray.exe"
94208 Apr 5 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
94208 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxtray.exe"
1404928 Oct 14 2004 "C:\drivers\audio\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
8192 Oct 29 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
8192 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
110592 Oct 29 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
110592 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
8720384 Dec 18 2007 "C:\Program Files\MySpace\IM\MySpaceIM.exe"
8720384 Dec 18 2007 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe"
226890 Oct 10 2007 "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe"
182860 Apr 12 2006 "C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe"
182855 Apr 17 2006 "C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe"
183367 Aug 30 2006 "C:\Program Files\Plaxo\2.8.1.2\PlaxoHelper.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\2.13.1.3\bak\PlaxoHelper.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670968 Mar 1 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
16384 Nov 15 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
16384 Nov 15 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
98304 Jul 14 2003 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\IPMon32.exe"
98304 Jul 14 2003 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1136703139\ee\bak\AOLSoftware.exe"


end of report

#10 angiedenise

angiedenise
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 18 April 2008 - 08:04 AM

Hi, again. During the night, OneCare detected a virus (Trojan:Win32/Quilzir.A). I followed the prompt to clean it. I'm not sure if this is the residue of what we have already been dealing with, but it has been several days since Onecare has "detected" anything. In any case, I don't seem to be suffering any ill effects from the virus, but I thought that the info might be helpful... :thumbsup:

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:59 PM

Posted 19 April 2008 - 04:16 AM

Thanks for letting me know about the OneCare notification. We're ever so close to finishing up here, but it's just unfortunate that you've got perhaps the most annoying and difficult to remove infections out there. It's a long draw out process, but we're very close to the finish line now.. :thumbsup:

This will be the last time I'll get you to run option #2, but there's one more file to tackle.

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\Program Files\Common Files\AOL\1136703139\ee\bak\AOLSoftware.exe"

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.

It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

#12 angiedenise

angiedenise
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 19 April 2008 - 12:59 PM

So glad that you know what you are doing -- I would be lost! :thumbsup:
Here is the latest:


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Sat 04/19/2008
The current time is: 10:45:45.73


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\2WIRE\BAK

09/15/2004 01:52 AM 393,216 2PortalMon.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/16/2005 09:43 AM 274,432 iTunesHelper.exe
1 File(s) 274,432 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 09:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/25/2006 08:53 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 04:00 AM 15,360 ctfmon.exe
09/20/2005 09:32 AM 77,824 hkcmd.exe
09/20/2005 09:36 AM 114,688 igfxpers.exe
09/20/2005 09:35 AM 94,208 igfxtray.exe
4 File(s) 302,080 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 06:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 03:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

12/27/2005 05:30 PM 168,448 GoogleDesktop.exe
1 File(s) 168,448 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

09/18/2006 02:46 PM 8,192 mimboot.exe
09/18/2006 02:46 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\MYSPACE\IM\BAK

12/18/2007 06:47 PM 8,720,384 MySpaceIM.exe
1 File(s) 8,720,384 bytes

Directory of C:\PROGRA~1\PLAXO\2131~1.3\BAK

12/11/2007 06:21 PM 227,914 PlaxoHelper.exe
1 File(s) 227,914 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/27/2005 05:22 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\BROWSER\BAK

07/21/2006 05:19 PM 129,536 ybrwicon.exe
1 File(s) 129,536 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

03/01/2007 06:11 PM 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 12:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 05:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 09:59 AM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 09:44 AM 81,920 issch.exe
06/10/2005 09:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\DELLSU~2\GS_AGENT\CUSTOM\BAK

11/15/2007 10:24 AM 16,384 dsca.exe
1 File(s) 16,384 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SBCYAH~1\CONNEC~1\IPINSI~1\BAK

07/14/2003 12:30 PM 98,304 IPMon32.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\113670~1\EE\BAK

04/20/2006 10:10 AM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

393216 Sep 15 2004 "C:\Program Files\2Wire\2PortalMon.exe"
393216 Sep 15 2004 "C:\Program Files\2Wire\bak\2PortalMon.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
267048 Mar 30 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
274432 Sep 16 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 16 2008 "C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe"
75048 Apr 9 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
413696 Mar 28 2008 "C:\Program Files\QuickTime\QTTask.exe"
155648 Dec 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Sep 20 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Apr 5 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Sep 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\hkcmd.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Apr 5 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
114688 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxpers.exe"
94208 Sep 20 2005 "C:\WINDOWS\system32\igfxtray.exe"
94208 Apr 5 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Sep 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
94208 Apr 5 2005 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxtray.exe"
1404928 Oct 14 2004 "C:\drivers\audio\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
1463352 Dec 8 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
168448 Dec 27 2005 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
8192 Oct 29 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
8192 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
110592 Oct 29 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
110592 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
8720384 Dec 18 2007 "C:\Program Files\MySpace\IM\MySpaceIM.exe"
8720384 Dec 18 2007 "C:\Program Files\MySpace\IM\bak\MySpaceIM.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe"
226890 Oct 10 2007 "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe"
182860 Apr 12 2006 "C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe"
182855 Apr 17 2006 "C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe"
183367 Aug 30 2006 "C:\Program Files\Plaxo\2.8.1.2\PlaxoHelper.exe"
227914 Dec 11 2007 "C:\Program Files\Plaxo\2.13.1.3\bak\PlaxoHelper.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Dec 27 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670968 Mar 1 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
16384 Nov 15 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
16384 Nov 15 2007 "C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
98304 Jul 14 2003 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\IPMon32.exe"
98304 Jul 14 2003 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1136703139\ee\AOLSoftware.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1136703139\ee\bak\AOLSoftware.exe"


end of report

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:59 PM

Posted 20 April 2008 - 06:53 AM

Great work, we're on the finishing straight now, let's run the 3rd option now.
Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\2Wire\bak
C:\Program Files\DellSupport\bak
C:\Program Files\iTunes\bak
C:\Program Files\Messenger\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\Program Files\Analog Devices\Core\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
C:\Program Files\MySpace\IM\bak
C:\Program Files\Plaxo\2.13.1.3\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\Yahoo!\browser\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
C:\Program Files\Common Files\AOL\IPHSend\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Dell Support Center\gs_agent\custom\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak
C:\Program Files\Common Files\AOL\1136703139\ee\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.

The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

#14 angiedenise

angiedenise
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 20 April 2008 - 09:59 AM

Here is the latest: :thumbsup:


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Sun 04/20/2008
The current time is: 7:56:09.35


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 12:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 05:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

127035 Dec 6 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"


end of report

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:59 PM

Posted 20 April 2008 - 11:48 AM

Ok, great! We've successfully cleaned that infection now..:thumbsup:

Please find and delete these two folders:
C:\WINDOWS\system32\dla\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak

Please perform this online scan: Kaspersky Webscan
Note that this scanner will only work on Internet Explorer, so please use this browser for the scan.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.

When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users