Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware.iSpynow popups


  • This topic is locked This topic is locked
30 replies to this topic

#1 jme248

jme248

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 28 November 2008 - 07:56 PM

The other night I randomly got a popup that was trying to get me to buy some spyware software removal program. The popup said spyware.ispynow was detected and I needed to enable protection. My only choice was to click enable or X out the window. When using search engines to research the problem, the results were automatically redirected to different targeted ad pages.

At first Malwarebytes wouldn't run, but I was able to follow some instructions I searched for online from a different computer and got the program to run after uninstalling a driver. Once Malwarebytes was running it removed several programs, and now my search results are fine, but I still get the same popup screen telling me about spyware.ispynow. So it seems it was partially removed but not completely. At this point, neither Malwarebytes, Norton or anything else I've tried ca find any problems.

Below are my log and info files. Thank you!

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jake Emen at 2008-11-28 19:52:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (15%) free of 81 GB
Total RAM: 2046 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:28 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jake Emen\Desktop\RSIT.exe
C:\Program Files\trend micro\Jake Emen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: SeoQuake - {9C590067-8A6A-4db6-B052-069283790B04} - C:\Program Files\SeoQuake\SeoQuake.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://drexel.blackboard.com
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.6.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tba...pointsSetup.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.5.0.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12111 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{377ED4BC-F892-44BE-B2CF-C0AF81FC3F4C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-11-28 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2005-04-20 472744]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2008-07-29 1041744]
{A057A204-BACC-4D26-CEC4-75A487FD6484} - MYPOINTS - C:\PROGRA~1\mypoints\mypoints.dll [2008-10-29 1909248]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-09-19 193136]
{9C590067-8A6A-4db6-B052-069283790B04} - SeoQuake - C:\Program Files\SeoQuake\SeoQuake.dll [2008-03-21 245760]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
""= []
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-22 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Reminder"=C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-03-27 126104]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-15 37376]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-02 185896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Weather"=C:\PROGRA~1\AWS\WEATHE~1\Weather.exe [2006-04-07 1343488]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-05-28 95800]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-10-18 79448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2005-04-18 71256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1155258632\ee\AOLSoftware.exe [2006-03-08 48280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-19 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
C:\PROGRA~1\ULEADS~1\ULEADP~1\ABMTSR.EXE [1999-07-28 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
NETGEAR Smart Wizard.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1155258632\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1155258632\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-11-28 19:52:12 ----D---- C:\Program Files\trend micro
2008-11-28 19:52:07 ----D---- C:\rsit
2008-11-28 18:38:39 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-28 16:48:12 ----D---- C:\WINDOWS\pss
2008-11-28 14:07:31 ----D---- C:\WINDOWS\system32\N360_BACKUP
2008-11-28 13:57:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-28 13:57:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 13:41:25 ----D---- C:\Program Files\Windows Sidebar
2008-11-28 13:41:09 ----D---- C:\Program Files\Norton 360
2008-11-28 13:38:50 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-28 13:38:41 ----D---- C:\Program Files\Symantec
2008-11-28 13:38:41 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-12 11:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 11:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 11:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-11-28 19:52:23 ----D---- C:\WINDOWS\Temp
2008-11-28 19:52:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-28 19:52:12 ----D---- C:\Program Files
2008-11-28 19:17:50 ----D---- C:\Program Files\Mozilla Firefox
2008-11-28 19:17:39 ----RASH---- C:\boot.ini
2008-11-28 19:17:39 ----A---- C:\WINDOWS\win.ini
2008-11-28 19:17:39 ----A---- C:\WINDOWS\system.ini
2008-11-28 19:14:44 ----A---- C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt
2008-11-28 19:14:34 ----D---- C:\WINDOWS
2008-11-28 19:13:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 19:13:25 ----D---- C:\WINDOWS\Registration
2008-11-28 18:36:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-28 17:53:52 ----SHD---- C:\WINDOWS\Installer
2008-11-28 17:53:14 ----HD---- C:\Config.Msi
2008-11-28 17:05:52 ----D---- C:\WINDOWS\Prefetch
2008-11-28 16:59:23 ----D---- C:\WINDOWS\WinSxS
2008-11-28 16:59:07 ----D---- C:\Program Files\Common Files
2008-11-28 16:59:06 ----D---- C:\WINDOWS\system32
2008-11-28 16:50:54 ----D---- C:\Program Files\Viewpoint
2008-11-28 16:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-28 16:35:59 ----ASH---- C:\hpqp.ini
2008-11-28 16:35:55 ----A---- C:\XP_TV.ini
2008-11-28 14:03:44 ----D---- C:\Documents and Settings\Jake Emen\Application Data\Symantec
2008-11-28 13:58:51 ----D---- C:\WINDOWS\system32\drivers
2008-11-28 13:58:50 ----HD---- C:\WINDOWS\inf
2008-11-28 13:40:12 ----A---- C:\WINDOWS\ULEAD32.INI
2008-11-28 12:49:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 12:48:49 ----SD---- C:\WINDOWS\Tasks
2008-11-28 12:27:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 08:20:53 ----D---- C:\WINDOWS\Debug
2008-11-26 01:35:33 ----D---- C:\Documents and Settings\Jake Emen\Application Data\Google
2008-11-26 01:32:29 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-11-26 01:32:29 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-25 18:07:58 ----D---- C:\Documents and Settings\Jake Emen\Application Data\WeatherBug
2008-11-22 00:55:48 ----D---- C:\Documents and Settings\Jake Emen\Application Data\StumbleUpon
2008-11-17 21:29:32 ----A---- C:\WINDOWS\Iedit.INI
2008-11-14 10:27:06 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-14 02:36:29 ----D---- C:\WINDOWS\Help
2008-11-12 11:24:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-29 16:35:27 ----D---- C:\Program Files\mypoints
2008-10-29 16:35:27 ----D---- C:\Documents and Settings\Jake Emen\Application Data\mypoints

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-24 17801]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-08-15 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1396224]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-16 1341466]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081127.048\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081127.048\NAVEX15.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081127.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-28 424320]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-16 56648]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 iComp;HP Analog TV Tuner; C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys [2006-01-17 1536000]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys [2005-03-10 265984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2005-04-18 46680]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-08-16 258103]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-03-16 1245064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-19 156656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-28 19:52:31

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Deskbar-->"C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Pictures Tools (version 10.6.0.6)-->C:\Program Files\AOL Pictures\10_6_0_6a\aolpInstaller.exe /u
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
BitTorrent 4.22.1-->"C:\Program Files\BitTorrent\uninstall.exe"
Bodog Poker Version 2.8.3.27-->"C:\Program Files\Bodog Poker\unins000.exe"
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49}
Canon i560-->C:\WINDOWS\system32\CNMCP58.exe "-PRINTERNAMECanon i560" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FileZilla Client 3.1.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
GIMPshop 2.2.8-->C:\Program Files\GIMPshop\uninst.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_FE4264652A965D92.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Guitar Pro 5.1-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP QuickPlay 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0026-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D17A2FDC-5C16-439C-A0E1-FF350079447E}\setup.exe" -l0x9 -removeonly
HP User Guides--System Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.12.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsearch Color Picker-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Microsearch\ColorPicker\DeIsL1.isu" -c"C:\Program Files\Microsearch\ColorPicker\_ISREG32.DLL"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
MyPoints Toolbar-->C:\Program Files\mypoints\uninstall.exe
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\Setup.exe"
NETGEAR WG511v2 wireless PC card-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B93D24B3-928D-4805-B379-4AA47CB3794E}
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2\Setup.exe" /X
Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Oasis from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OLYMPUS Master 2-->MsiExec.exe /X{CBC85F2E-1981-4C55-9418-908D08D2C6E8}
OLYMPUS muvee theaterPack-->MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
Pure Networks Port Magic-->C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
Quick Launch Buttons 5.20 G1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RitzPix E-Z Print & Share-->MsiExec.exe /X{CD55BC4A-C299-4632-91A9-88705157EAC2}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SeoQuake-->"C:\Program Files\SeoQuake\unins000.exe"
Snood for Windows version 3.52-W-->"C:\Program Files\Snood\unins000.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
StumbleUpon IE Toolbar-->C:\Program Files\StumbleUpon\uninstall.exe
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Text Twist (remove only)-->C:\Program Files\Yahoo! Games\TextTwist\Uninstall.exe {ADC4B5E2-AE11-A2BE-7EE5-4AED8B12145B}
Text Twist-->MsiExec.exe /X{ADC4B5E2-AE11-A2BE-7EE5-4AED8B12145B}
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Ulead PhotoImpact 5-->C:\WINDOWS\ISUninst.exe -f"C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\IS32Inst.dll"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free (disabled) (outdated)
AV: Norton 360
FW: Norton 360

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PAVILION
"PLATFORM"=MCD
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 29 November 2008 - 06:58 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 jme248

jme248
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 29 November 2008 - 01:34 PM

Hi, Thank you for the help, I appreciate it.

Here are the log files as requested:

1) SD Fix


SDFix: Version 1.240
Run by Jake Emen on Sat 11/29/2008 at 12:51 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
TDSSserv.sys
TDSSserv.sys)

Path :
\systemroot\system32\drivers\TDSSmplt.sys
\systemroot\system32\drivers\TDSSmhlt.sys

TDSSserv.sys - Deleted
TDSSserv.sys) - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\TDSSmhlt.sys - Deleted
C:\WINDOWS\system32\drivers\TDSSmplt.sys - Deleted
C:\WINDOWS\system32\TDSSosvd.dat - Deleted
C:\WINDOWS\system32\TDSSmtve.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSMTVE.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSOSVD.dat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 13:06:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1155258632\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155258632\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 28 Jul 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Thu 28 Jul 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Tue 12 Jul 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0a\AOLphx.exe"
Tue 12 Jul 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0a\rbm.exe"
Wed 9 Aug 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 3 Mar 2008 38,400 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0001.tmp"
Wed 28 Mar 2007 32,768 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0002.tmp"
Fri 25 May 2007 39,936 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0003.tmp"
Tue 3 Apr 2007 34,304 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0004.tmp"
Mon 2 Jul 2007 36,352 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0005.tmp"
Wed 5 Mar 2008 24,064 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0006.tmp"
Wed 11 Jul 2007 38,912 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0192.tmp"
Tue 10 Jul 2007 38,912 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0265.tmp"
Sat 7 Jul 2007 36,352 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0277.tmp"
Mon 9 Jul 2007 36,864 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0426.tmp"
Sat 7 Jul 2007 36,864 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0736.tmp"
Mon 9 Jul 2007 37,888 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0876.tmp"
Sun 8 Jul 2007 36,864 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL0926.tmp"
Sun 8 Jul 2007 37,888 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL1396.tmp"
Wed 5 Mar 2008 27,648 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL1428.tmp"
Mon 9 Jul 2007 37,888 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2017.tmp"
Tue 17 Jul 2007 39,936 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2183.tmp"
Wed 5 Mar 2008 28,160 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2219.tmp"
Tue 10 Jul 2007 38,400 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2263.tmp"
Tue 17 Jul 2007 39,936 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2400.tmp"
Sat 7 Jul 2007 36,864 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2682.tmp"
Wed 5 Mar 2008 24,064 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2743.tmp"
Sun 8 Jul 2007 36,864 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2797.tmp"
Mon 9 Jul 2007 37,376 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2826.tmp"
Mon 9 Jul 2007 37,888 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2842.tmp"
Mon 9 Jul 2007 37,888 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL2869.tmp"
Wed 11 Jul 2007 38,912 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL3080.tmp"
Sun 8 Jul 2007 36,864 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL3185.tmp"
Sun 8 Jul 2007 37,376 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL3259.tmp"
Wed 11 Jul 2007 38,912 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL3601.tmp"
Sun 8 Jul 2007 36,864 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL3627.tmp"
Sat 7 Jul 2007 36,864 ...H. --- "C:\Documents and Settings\Jake Emen\Desktop\~WRL3629.tmp"
Tue 12 Feb 2008 56,832 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL0001.tmp"
Tue 12 Feb 2008 56,832 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL0003.tmp"
Tue 12 Feb 2008 56,832 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL0005.tmp"
Tue 12 Feb 2008 57,344 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL0718.tmp"
Wed 18 Jul 2007 20,480 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL1173.tmp"
Tue 12 Feb 2008 55,808 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL1314.tmp"
Tue 12 Feb 2008 56,320 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL1860.tmp"
Tue 12 Feb 2008 55,296 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL2298.tmp"
Tue 12 Feb 2008 35,840 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL2574.tmp"
Wed 11 Jul 2007 19,968 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL3265.tmp"
Tue 12 Feb 2008 56,320 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL3516.tmp"
Tue 12 Feb 2008 56,320 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL3619.tmp"
Thu 17 Apr 2008 24,064 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL3695.tmp"
Tue 12 Feb 2008 57,344 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\~WRL3858.tmp"
Tue 24 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 29 Nov 2008 0 A..H. --- "C:\Documents and Settings\Jake Emen\Local Settings\Temp\BIT6.tmp"
Thu 6 Mar 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0001.tmp"
Sun 16 Mar 2008 46,592 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0002.tmp"
Fri 7 Mar 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0003.tmp"
Mon 24 Mar 2008 43,520 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0004.tmp"
Sun 6 Apr 2008 51,200 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0005.tmp"
Tue 8 Apr 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0006.tmp"
Wed 16 Apr 2008 52,224 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0007.tmp"
Wed 16 Apr 2008 48,640 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0008.tmp"
Tue 22 Apr 2008 53,248 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0009.tmp"
Tue 22 Apr 2008 53,248 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0010.tmp"
Tue 22 Apr 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0011.tmp"
Thu 24 Apr 2008 53,248 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0012.tmp"
Fri 25 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0013.tmp"
Mon 28 Apr 2008 54,272 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0014.tmp"
Mon 28 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0015.tmp"
Tue 6 May 2008 52,224 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0016.tmp"
Sun 18 May 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0017.tmp"
Wed 21 May 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0018.tmp"
Thu 22 May 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0019.tmp"
Thu 29 May 2008 58,368 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0020.tmp"
Wed 4 Jun 2008 59,904 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0021.tmp"
Thu 6 Mar 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0031.tmp"
Tue 17 Jun 2008 63,488 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0121.tmp"
Wed 21 May 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0141.tmp"
Fri 11 Apr 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0160.tmp"
Mon 17 Mar 2008 47,616 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0185.tmp"
Sun 30 Mar 2008 50,176 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0196.tmp"
Tue 29 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0252.tmp"
Tue 22 Apr 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0273.tmp"
Wed 21 May 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0275.tmp"
Tue 8 Jul 2008 64,512 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0310.tmp"
Fri 25 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0554.tmp"
Thu 8 May 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0630.tmp"
Mon 7 Apr 2008 50,688 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0657.tmp"
Mon 17 Mar 2008 48,128 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0733.tmp"
Mon 17 Mar 2008 47,104 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0929.tmp"
Thu 17 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL0951.tmp"
Sun 23 Mar 2008 29,696 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1097.tmp"
Tue 15 Apr 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1114.tmp"
Tue 22 Apr 2008 52,736 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1134.tmp"
Thu 17 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1190.tmp"
Thu 8 May 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1199.tmp"
Mon 24 Mar 2008 48,640 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1220.tmp"
Tue 4 Mar 2008 52,224 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1273.tmp"
Fri 7 Mar 2008 52,224 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1275.tmp"
Mon 17 Mar 2008 48,128 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1313.tmp"
Mon 17 Mar 2008 47,616 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1359.tmp"
Sat 29 Mar 2008 49,664 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1445.tmp"
Sun 30 Mar 2008 50,176 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1527.tmp"
Tue 17 Jun 2008 63,488 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1645.tmp"
Fri 6 Jun 2008 59,904 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1724.tmp"
Fri 25 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1755.tmp"
Tue 17 Jun 2008 63,488 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL1760.tmp"
Tue 29 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2050.tmp"
Tue 8 Apr 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2084.tmp"
Thu 22 May 2008 54,272 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2088.tmp"
Sun 30 Mar 2008 49,664 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2103.tmp"
Mon 17 Mar 2008 48,128 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2193.tmp"
Tue 29 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2288.tmp"
Tue 22 Apr 2008 53,248 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2318.tmp"
Tue 8 Apr 2008 50,688 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2336.tmp"
Fri 23 May 2008 54,784 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2364.tmp"
Mon 17 Mar 2008 48,128 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2488.tmp"
Tue 15 Apr 2008 52,224 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2568.tmp"
Tue 15 Apr 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2595.tmp"
Fri 6 Jun 2008 60,928 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2596.tmp"
Fri 23 May 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2888.tmp"
Fri 11 Apr 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL2927.tmp"
Wed 18 Jun 2008 63,488 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3013.tmp"
Mon 7 Apr 2008 50,688 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3129.tmp"
Wed 30 Apr 2008 53,760 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3268.tmp"
Thu 8 May 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3302.tmp"
Fri 25 Apr 2008 53,248 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3717.tmp"
Tue 8 Apr 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3772.tmp"
Fri 11 Apr 2008 51,712 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3801.tmp"
Thu 17 Apr 2008 53,248 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3909.tmp"
Mon 24 Mar 2008 48,640 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3931.tmp"
Fri 28 Mar 2008 49,152 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Random bleep\~WRL3953.tmp"
Thu 24 Aug 2006 1,071 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Fri 18 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Fri 18 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Thu 2 Oct 2008 22,528 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\BANS\Discount Football Merchandise\~WRL0369.tmp"
Thu 2 Oct 2008 27,136 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\BANS\Discount Football Merchandise\~WRL0649.tmp"
Thu 2 Oct 2008 27,136 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\BANS\Discount Football Merchandise\~WRL3089.tmp"
Tue 16 Oct 2007 20,480 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL0627.tmp"
Tue 16 Oct 2007 26,624 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL0710.tmp"
Tue 16 Oct 2007 19,968 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL0861.tmp"
Tue 16 Oct 2007 33,280 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL1369.tmp"
Tue 16 Oct 2007 19,968 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL2472.tmp"
Tue 16 Oct 2007 22,528 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL2481.tmp"
Tue 16 Oct 2007 19,968 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL2686.tmp"
Fri 26 Oct 2007 19,968 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL2697.tmp"
Tue 16 Oct 2007 22,016 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL3174.tmp"
Tue 16 Oct 2007 33,792 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL3277.tmp"
Tue 16 Oct 2007 33,280 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL3983.tmp"
Tue 16 Oct 2007 22,016 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\~WRL4092.tmp"
Sun 8 Jun 2008 24,576 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0005.tmp"
Wed 21 May 2008 30,720 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0166.tmp"
Wed 21 May 2008 29,696 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0175.tmp"
Mon 24 Mar 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0416.tmp"
Sun 8 Jun 2008 27,136 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0535.tmp"
Mon 3 Mar 2008 32,256 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0562.tmp"
Wed 21 May 2008 30,720 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0572.tmp"
Mon 24 Mar 2008 31,744 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0583.tmp"
Wed 21 May 2008 28,672 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0589.tmp"
Sun 8 Jun 2008 25,600 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0645.tmp"
Sun 8 Jun 2008 26,624 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0746.tmp"
Wed 21 May 2008 29,696 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0757.tmp"
Mon 24 Mar 2008 30,208 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL0905.tmp"
Wed 21 May 2008 27,136 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1028.tmp"
Mon 24 Mar 2008 30,208 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1114.tmp"
Wed 21 May 2008 25,088 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1207.tmp"
Mon 24 Mar 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1210.tmp"
Wed 3 Oct 2007 19,968 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1312.tmp"
Wed 21 May 2008 29,696 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1325.tmp"
Wed 21 May 2008 30,720 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1383.tmp"
Mon 24 Mar 2008 29,696 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1478.tmp"
Tue 17 Jun 2008 24,064 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1516.tmp"
Wed 21 May 2008 24,064 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1534.tmp"
Sun 8 Jun 2008 25,088 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL1911.tmp"
Mon 24 Mar 2008 31,744 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2053.tmp"
Wed 21 May 2008 30,720 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2069.tmp"
Sun 8 Jun 2008 29,184 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2078.tmp"
Mon 24 Mar 2008 26,112 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2260.tmp"
Wed 21 May 2008 24,576 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2379.tmp"
Wed 21 May 2008 26,112 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2387.tmp"
Wed 21 May 2008 29,696 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2389.tmp"
Wed 21 May 2008 27,136 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2452.tmp"
Wed 21 May 2008 28,672 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2469.tmp"
Wed 21 May 2008 29,696 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2683.tmp"
Sun 8 Jun 2008 28,160 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2772.tmp"
Mon 24 Mar 2008 29,184 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2861.tmp"
Sun 8 Jun 2008 24,576 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL2907.tmp"
Wed 16 Jul 2008 24,576 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3020.tmp"
Sun 8 Jun 2008 24,576 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3062.tmp"
Tue 17 Jun 2008 24,064 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3078.tmp"
Wed 21 May 2008 29,184 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3246.tmp"
Tue 4 Mar 2008 34,304 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3413.tmp"
Wed 21 May 2008 29,184 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3515.tmp"
Wed 21 May 2008 30,720 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3525.tmp"
Tue 4 Mar 2008 32,768 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3555.tmp"
Sun 8 Jun 2008 27,136 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3674.tmp"
Wed 21 May 2008 26,624 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3842.tmp"
Wed 21 May 2008 31,232 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL3963.tmp"
Wed 21 May 2008 30,720 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL4078.tmp"
Sun 8 Jun 2008 27,648 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\AC\~WRL4096.tmp"
Thu 3 Jul 2008 24,576 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0001.tmp"
Tue 25 Mar 2008 29,696 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0004.tmp"
Fri 4 Jul 2008 25,600 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0005.tmp"
Thu 17 Apr 2008 43,520 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0010.tmp"
Thu 21 Aug 2008 24,576 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0459.tmp"
Fri 4 Jul 2008 30,208 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0528.tmp"
Wed 16 Apr 2008 31,232 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0541.tmp"
Thu 17 Apr 2008 39,936 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0547.tmp"
Fri 25 Apr 2008 33,280 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0707.tmp"
Fri 25 Apr 2008 32,768 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0756.tmp"
Wed 26 Mar 2008 33,792 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0858.tmp"
Thu 17 Apr 2008 43,008 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL0860.tmp"
Thu 17 Apr 2008 41,984 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1006.tmp"
Thu 17 Apr 2008 45,568 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1244.tmp"
Fri 4 Jul 2008 28,160 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1313.tmp"
Sat 29 Mar 2008 26,112 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1342.tmp"
Fri 25 Apr 2008 25,600 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1531.tmp"
Fri 22 Aug 2008 26,112 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1585.tmp"
Fri 22 Aug 2008 29,696 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1630.tmp"
Thu 17 Apr 2008 45,056 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1680.tmp"
Thu 17 Apr 2008 44,544 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1878.tmp"
Fri 25 Apr 2008 30,720 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL1916.tmp"
Fri 22 Aug 2008 30,208 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2034.tmp"
Wed 26 Mar 2008 32,256 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2072.tmp"
Wed 26 Mar 2008 36,352 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2420.tmp"
Thu 17 Apr 2008 37,888 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2445.tmp"
Fri 4 Jul 2008 28,160 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2458.tmp"
Fri 4 Jul 2008 26,624 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2507.tmp"
Fri 25 Apr 2008 27,648 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2723.tmp"
Fri 22 Aug 2008 25,088 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2739.tmp"
Thu 17 Apr 2008 41,472 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL2791.tmp"
Tue 29 Apr 2008 24,576 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3029.tmp"
Thu 17 Apr 2008 41,984 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3085.tmp"
Fri 25 Apr 2008 26,624 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3092.tmp"
Thu 17 Apr 2008 41,984 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3239.tmp"
Thu 17 Apr 2008 31,232 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3470.tmp"
Fri 4 Jul 2008 32,256 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3561.tmp"
Fri 4 Jul 2008 32,256 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3570.tmp"
Thu 17 Apr 2008 36,352 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3623.tmp"
Thu 2 Oct 2008 25,600 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3770.tmp"
Thu 17 Apr 2008 40,960 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3850.tmp"
Wed 26 Mar 2008 32,256 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3854.tmp"
Thu 17 Apr 2008 41,472 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\~WRL3951.tmp"
Sat 17 May 2008 29,696 ...H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Other, Random, Unpublished, Etc\~WRL1302.tmp"
Mon 28 Jul 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL0003.tmp"
Mon 4 Aug 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL0004.tmp"
Thu 4 Sep 2008 33,280 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL0466.tmp"
Wed 13 Aug 2008 24,576 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL0676.tmp"
Wed 13 Aug 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL0686.tmp"
Wed 13 Aug 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL0707.tmp"
Wed 13 Aug 2008 26,112 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL0708.tmp"
Wed 13 Aug 2008 25,600 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL0961.tmp"
Wed 13 Aug 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL1164.tmp"
Mon 28 Jul 2008 24,576 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL1666.tmp"
Mon 4 Aug 2008 25,600 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL1758.tmp"
Thu 4 Sep 2008 43,008 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL1999.tmp"
Thu 4 Sep 2008 40,448 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2110.tmp"
Mon 4 Aug 2008 25,088 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2281.tmp"
Tue 29 Jul 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2285.tmp"
Thu 4 Sep 2008 39,936 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2402.tmp"
Wed 13 Aug 2008 26,112 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2438.tmp"
Wed 13 Aug 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2463.tmp"
Mon 28 Jul 2008 25,600 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2670.tmp"
Mon 28 Jul 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2738.tmp"
Mon 28 Jul 2008 24,576 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2786.tmp"
Wed 13 Aug 2008 24,576 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL2821.tmp"
Mon 28 Jul 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL3188.tmp"
Wed 13 Aug 2008 25,088 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL3189.tmp"
Mon 4 Aug 2008 24,576 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL3293.tmp"
Wed 13 Aug 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL3692.tmp"
Wed 13 Aug 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL3841.tmp"
Mon 28 Jul 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL3849.tmp"
Wed 13 Aug 2008 25,088 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL4008.tmp"
Wed 13 Aug 2008 25,088 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Drexel\Completed Classes\Economics II\~WRL4011.tmp"
Mon 22 Oct 2007 23,040 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\jobs\Network For good\Katya's blog workups\~WRL3377.tmp"
Mon 5 May 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\Rewrites\~WRL0003.tmp"
Mon 5 May 2008 24,064 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\Rewrites\~WRL0005.tmp"
Mon 5 May 2008 25,600 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\Rewrites\~WRL2257.tmp"
Mon 5 May 2008 25,088 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\Rewrites\~WRL3341.tmp"
Mon 5 May 2008 25,600 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\Rewrites\~WRL3441.tmp"
Mon 5 May 2008 24,576 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\Rewrites\~WRL3501.tmp"
Mon 5 May 2008 25,088 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\Rewrites\~WRL3651.tmp"
Mon 5 May 2008 26,624 A..H. --- "C:\Documents and Settings\Jake Emen\My Documents\Writing\Need an Article\Rewrites\~WRL3726.tmp"

Finished!

2) Combofix
ComboFix 08-11-28.03 - Jake Emen 2008-11-29 13:19:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1418 [GMT -5:00]
Running from: c:\documents and settings\Jake Emen\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
D:\Autorun.inf

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 12:49 . 2008-11-29 12:49 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-11-29 12:43 . 2008-11-29 12:44 <DIR> d-------- c:\windows\ERUNT
2008-11-29 12:27 . 2008-11-29 13:10 <DIR> d-------- C:\SDFix
2008-11-28 19:52 . 2008-11-28 19:52 <DIR> d-------- C:\rsit
2008-11-28 19:52 . 2008-11-28 19:52 <DIR> d-------- c:\program files\trend micro
2008-11-28 14:07 . 2008-11-28 14:07 <DIR> d-------- c:\windows\system32\N360_BACKUP
2008-11-28 13:57 . 2008-11-28 13:57 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-28 13:57 . 2008-11-28 13:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 13:41 . 2008-11-28 13:41 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-28 13:41 . 2008-11-28 17:03 <DIR> d-------- c:\program files\Norton 360
2008-11-28 13:38 . 2008-11-28 14:00 <DIR> d-------- c:\program files\Symantec
2008-11-28 13:38 . 2008-11-28 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-28 13:38 . 2008-11-28 14:00 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-28 13:38 . 2008-11-28 14:00 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-28 13:38 . 2008-11-28 14:00 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-28 13:38 . 2008-11-28 14:00 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-26 01:32 . 2008-11-26 01:32 80,384 --a------ c:\documents and settings\Jake Emen\nah_nfkt.exe
2008-11-12 08:09 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 08:09 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 18:22 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-28 21:50 --------- d-----w c:\program files\Viewpoint
2008-11-28 21:50 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-28 19:03 --------- d-----w c:\documents and settings\Jake Emen\Application Data\Symantec
2008-11-25 23:07 --------- d-----w c:\documents and settings\Jake Emen\Application Data\WeatherBug
2008-11-22 05:55 --------- d-----w c:\documents and settings\Jake Emen\Application Data\StumbleUpon
2008-10-29 21:35 --------- d-----w c:\program files\mypoints
2008-10-29 21:35 --------- d-----w c:\documents and settings\Jake Emen\Application Data\mypoints
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:27 --------- d-----w c:\documents and settings\Jake Emen\Application Data\Malwarebytes
2008-10-22 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-22 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-22 13:59 --------- d-----w c:\program files\AVG
2008-10-22 13:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-22 13:54 --------- d-----w c:\program files\RGB
2008-10-22 13:25 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-22 13:24 --------- d-----w c:\program files\Lavasoft
2008-10-22 13:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-22 13:23 --------- d-----w c:\program files\CCleaner
2008-10-19 22:11 --------- d-----w c:\documents and settings\Jake Emen\Application Data\FileZilla
2008-10-19 17:12 --------- d-----w c:\program files\FileZilla FTP Client
2008-10-17 00:36 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-17 00:36 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-01 20:46 --------- d-----w c:\program files\StumbleUpon
2008-01-07 22:43 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-03-16 15:32 56,912 ----a-w c:\documents and settings\Jake Emen\g2mdlhlpx.exe
2005-03-10 19:45 265,984 ----a-w c:\windows\inf\WG511v2\WG511v2XP.sys
2005-03-10 19:45 265,856 ----a-w c:\windows\inf\WG511v2\WG511v2.sys
2004-08-05 21:06 212,992 ----a-w c:\windows\inf\WG511v2\CopyWHQLDriver.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 1343488]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"HPsetm"="c:\documents and settings\Jake Emen\Application Data\Google\ijdkq13324484.exe" [2008-11-26 102912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]
NETGEAR Smart Wizard.lnk - c:\windows\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2006-08-09 2238]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2006-08-24 884838]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk
backup=c:\windows\pss\Album Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 17:42 79448 c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2005-04-18 13:38 71256 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-08 19:13 133104 c:\documents and settings\Jake Emen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-03-08 13:38 48280 c:\program files\Common Files\AOL\1155258632\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 13:39 94208 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-19 08:49 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155258632\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\explorer.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2006-08-24 17149]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2006-08-24 362944]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S3 iComp;HP Analog TV Tuner;c:\windows\system32\DRIVERS\p2usbwdm.sys [2006-01-17 1536000]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Jake Emen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 19:13]

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{377ED4BC-F892-44BE-B2CF-C0AF81FC3F4C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-nah_Shell - c:\documents and settings\Jake Emen\nah_nfkt.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jake Emen\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - c:\documents and settings\Jake Emen\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 13:23:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????P??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\MrvGINA.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\NETGEAR\WG511v2\wlancfg5.exe
.
**************************************************************************
.
Completion time: 2008-11-29 13:28:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 18:27:56

Pre-Run: 12,774,125,568 bytes free
Post-Run: 12,665,212,928 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

252 --- E O F --- 2008-11-28 16:04:50

3) Hijack This

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jake Emen at 2008-11-29 13:30:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (15%) free of 81 GB
Total RAM: 2046 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:40 PM, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jake Emen\Desktop\RSIT.exe
C:\Program Files\trend micro\Jake Emen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: SeoQuake - {9C590067-8A6A-4db6-B052-069283790B04} - C:\Program Files\SeoQuake\SeoQuake.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HPsetm] "C:\Documents and Settings\Jake Emen\Application Data\Google\ijdkq13324484.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://drexel.blackboard.com
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.6.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tba...pointsSetup.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.5.0.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12277 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{377ED4BC-F892-44BE-B2CF-C0AF81FC3F4C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-11-28 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2005-04-20 472744]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2008-07-29 1041744]
{A057A204-BACC-4D26-CEC4-75A487FD6484} - MYPOINTS - C:\PROGRA~1\mypoints\mypoints.dll [2008-10-29 1909248]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-09-19 193136]
{9C590067-8A6A-4db6-B052-069283790B04} - SeoQuake - C:\Program Files\SeoQuake\SeoQuake.dll [2008-03-21 245760]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-22 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Reminder"=C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-03-27 126104]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-15 37376]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-02 185896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Weather"=C:\PROGRA~1\AWS\WEATHE~1\Weather.exe [2006-04-07 1343488]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-05-28 95800]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"HPsetm"=C:\Documents and Settings\Jake Emen\Application Data\Google\ijdkq13324484.exe [2008-11-26 102912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-10-18 79448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2005-04-18 71256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1155258632\ee\AOLSoftware.exe [2006-03-08 48280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-19 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
C:\PROGRA~1\ULEADS~1\ULEADP~1\ABMTSR.EXE [1999-07-28 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
NETGEAR Smart Wizard.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1155258632\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1155258632\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-11-29 13:28:04 ----A---- C:\ComboFix.txt
2008-11-29 13:18:55 ----A---- C:\Boot.bak
2008-11-29 13:18:49 ----RASHD---- C:\cmdcons
2008-11-29 13:16:24 ----A---- C:\WINDOWS\zip.exe
2008-11-29 13:16:24 ----A---- C:\WINDOWS\VFIND.exe
2008-11-29 13:16:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-29 13:16:24 ----A---- C:\WINDOWS\SWSC.exe
2008-11-29 13:16:24 ----A---- C:\WINDOWS\SWREG.exe
2008-11-29 13:16:24 ----A---- C:\WINDOWS\sed.exe
2008-11-29 13:16:24 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-29 13:16:24 ----A---- C:\WINDOWS\grep.exe
2008-11-29 13:16:24 ----A---- C:\WINDOWS\fdsv.exe
2008-11-29 13:16:20 ----D---- C:\WINDOWS\ERDNT
2008-11-29 13:16:20 ----D---- C:\Qoobox
2008-11-29 13:16:19 ----D---- C:\ComboFix
2008-11-29 12:43:52 ----D---- C:\WINDOWS\ERUNT
2008-11-29 12:27:58 ----D---- C:\SDFix
2008-11-28 19:52:12 ----D---- C:\Program Files\trend micro
2008-11-28 19:52:07 ----D---- C:\rsit
2008-11-28 18:38:39 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-28 16:48:12 ----D---- C:\WINDOWS\pss
2008-11-28 14:07:31 ----D---- C:\WINDOWS\system32\N360_BACKUP
2008-11-28 13:57:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-28 13:57:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 13:41:25 ----D---- C:\Program Files\Windows Sidebar
2008-11-28 13:41:09 ----D---- C:\Program Files\Norton 360
2008-11-28 13:38:50 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-28 13:38:41 ----D---- C:\Program Files\Symantec
2008-11-28 13:38:41 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-12 11:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 11:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 11:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-11-29 13:30:40 ----D---- C:\WINDOWS\Temp
2008-11-29 13:30:17 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 13:28:11 ----D---- C:\WINDOWS\system32
2008-11-29 13:28:10 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 13:28:08 ----D---- C:\WINDOWS
2008-11-29 13:23:45 ----A---- C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt
2008-11-29 13:23:21 ----A---- C:\WINDOWS\system.ini
2008-11-29 13:22:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-29 13:22:37 ----D---- C:\WINDOWS\Registration
2008-11-29 13:22:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-29 13:20:49 ----D---- C:\WINDOWS\system32\config
2008-11-29 13:20:28 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-29 13:19:51 ----D---- C:\WINDOWS\AppPatch
2008-11-29 13:19:51 ----D---- C:\Program Files\Common Files
2008-11-29 13:18:55 ----RASH---- C:\boot.ini
2008-11-29 13:16:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-29 13:16:26 ----D---- C:\WINDOWS\Prefetch
2008-11-28 19:52:12 ----D---- C:\Program Files
2008-11-28 19:17:39 ----A---- C:\WINDOWS\win.ini
2008-11-28 17:53:52 ----SHD---- C:\WINDOWS\Installer
2008-11-28 17:53:14 ----HD---- C:\Config.Msi
2008-11-28 16:59:23 ----D---- C:\WINDOWS\WinSxS
2008-11-28 16:50:54 ----D---- C:\Program Files\Viewpoint
2008-11-28 16:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-28 16:35:59 ----ASH---- C:\hpqp.ini
2008-11-28 16:35:55 ----A---- C:\XP_TV.ini
2008-11-28 14:03:44 ----D---- C:\Documents and Settings\Jake Emen\Application Data\Symantec
2008-11-28 13:58:50 ----HD---- C:\WINDOWS\inf
2008-11-28 13:40:12 ----A---- C:\WINDOWS\ULEAD32.INI
2008-11-28 12:49:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 12:48:49 ----SD---- C:\WINDOWS\Tasks
2008-11-28 12:27:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 08:20:53 ----D---- C:\WINDOWS\Debug
2008-11-26 01:35:33 ----D---- C:\Documents and Settings\Jake Emen\Application Data\Google
2008-11-26 01:32:29 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-25 18:07:58 ----D---- C:\Documents and Settings\Jake Emen\Application Data\WeatherBug
2008-11-22 00:55:48 ----D---- C:\Documents and Settings\Jake Emen\Application Data\StumbleUpon
2008-11-17 21:29:32 ----A---- C:\WINDOWS\Iedit.INI
2008-11-14 02:36:29 ----D---- C:\WINDOWS\Help
2008-11-12 11:24:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-24 17801]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-08-15 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1396224]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-16 1341466]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081127.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-28 424320]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-16 56648]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 iComp;HP Analog TV Tuner; C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys [2006-01-17 1536000]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081129.002\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081129.002\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys [2005-03-10 265984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2005-04-18 46680]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-08-16 258103]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-03-16 1245064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-19 156656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Thank you and please let me know what further steps I can do. Also, the Hijack This log was not taken while the spyware.ispynow popup was actually visible, not sure if this makes a difference but wanted to let you know.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 29 November 2008 - 06:28 PM

Hello, your winlogon.exe is infected.. I need you to do me a favour..

Can you please locate all winlogon.exe via search function?.. Then list me the exact location of every winlogon.exe that you find, and the exact size for each of them..



NEXT


Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm



Post me these logs in your next reply..

1. The list of winlogon.exe, their locations and sizes
2. SmitfraudFix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 jme248

jme248
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 30 November 2008 - 12:16 PM

Hi, thanks again for the continued help.

There are three winlogon's, clearly the third is infected but don't know if I should have the two others. Should I delete the third?

Winlogon - C:\WINDOWS\system32 - 496 KB
Winlogon - C:\WINDOWS\ServicePackFiles\i386 - 496 KB
Winlogon.exe.vir - C:\Qoobox\Quarantine\C\WINDOWS\system32 - 496 KB

And here is the log from SmitFraudFix

SmitFraudFix v2.379

Scan done at 12:14:15.20, Sun 11/30/2008
Run from C:\Documents and Settings\Jake Emen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Documents and Settings\Jake Emen\Application Data\Google\ijdkq13324484.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Jake Emen\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Jake Emen


C:\DOCUME~1\JAKEEM~1\LOCALS~1\Temp


C:\Documents and Settings\Jake Emen\Application Data


Start Menu


C:\DOCUME~1\JAKEEM~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

Description: NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111 - Packet Scheduler Miniport
DNS Server Search Order: 68.87.73.242
DNS Server Search Order: 68.87.71.226
DNS Server Search Order: 68.87.64.196

HKLM\SYSTEM\CCS\Services\Tcpip\..\{201FB3F3-D86F-4E97-AB2F-9167C3C519CE}: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{201FB3F3-D86F-4E97-AB2F-9167C3C519CE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{201FB3F3-D86F-4E97-AB2F-9167C3C519CE}: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196


Scanning for wininet.dll infection


End

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 30 November 2008 - 01:27 PM

Just let it there first.. We'll get them later..

Copy and paste winlogon.exe from C:\WINDOWS\ServicePackFiles\i386 folder to C:\WINDOWS\system32 folder.. Then run ComboFix again and post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 jme248

jme248
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 30 November 2008 - 07:56 PM

Hi,

I tried doing that and it said I could not copy winlogon because it was being used by another person or program. I tried to end the process and then copy it, but it wouldn't let me end the process because it was critical.

(Also, did you want it copy and pasted while remaining in i386 or cut and pasted and removed from i386?)

Thank you again.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 30 November 2008 - 09:34 PM

Please show hidden files and folders

Tell me, can you find this folder?

C:\WINDOWS\$NtServicePackUninstall$

And can you find winlogon.exe under that folder?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 jme248

jme248
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 30 November 2008 - 10:53 PM

Yes it's located there.

Created 9/3/2008 17:32
490 KB
File Version 5.1.2600.2180

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 30 November 2008 - 11:22 PM

great.. now, copy that winlogon.exe from C:\WINDOWS\$NtServicePackUninstall$ folder and paste it on C:\WINDOWS\system32 folder...


Just copy and paste (not cut and paste.. leave the file at its original location)

Run ComboFix again and post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 jme248

jme248
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 30 November 2008 - 11:57 PM

Whoops, same error message as before! :thumbsup:

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 01 December 2008 - 01:12 AM

Ok.. just run ComboFix and post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 jme248

jme248
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 01 December 2008 - 08:24 AM

Ok, here we go:

ComboFix 08-11-28.03 - Jake Emen 2008-12-01 8:18:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1325 [GMT -5:00]
Running from: c:\documents and settings\Jake Emen\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-30 12:14 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-30 12:14 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-30 12:14 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-30 12:14 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-30 12:14 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-30 12:14 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-30 12:14 . 2008-11-30 12:14 3,802 --a------ c:\windows\system32\tmp.reg
2008-11-29 12:49 . 2008-11-29 12:49 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-11-29 12:43 . 2008-11-29 12:44 <DIR> d-------- c:\windows\ERUNT
2008-11-29 12:27 . 2008-11-29 13:10 <DIR> d-------- C:\SDFix
2008-11-28 19:52 . 2008-11-28 19:52 <DIR> d-------- C:\rsit
2008-11-28 19:52 . 2008-11-29 13:30 <DIR> d-------- c:\program files\trend micro
2008-11-28 14:07 . 2008-11-28 14:07 <DIR> d-------- c:\windows\system32\N360_BACKUP
2008-11-28 13:57 . 2008-11-28 13:57 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-28 13:57 . 2008-11-28 13:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 13:41 . 2008-11-28 13:41 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-28 13:41 . 2008-11-28 17:03 <DIR> d-------- c:\program files\Norton 360
2008-11-28 13:38 . 2008-11-28 14:00 <DIR> d-------- c:\program files\Symantec
2008-11-28 13:38 . 2008-11-30 01:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-28 13:38 . 2008-11-28 14:00 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-28 13:38 . 2008-11-28 14:00 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-28 13:38 . 2008-11-28 14:00 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-28 13:38 . 2008-11-28 14:00 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-26 01:32 . 2008-11-26 01:32 80,384 --a------ c:\documents and settings\Jake Emen\nah_nfkt.exe
2008-11-12 08:09 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 08:09 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 13:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-30 23:56 --------- d-----w c:\documents and settings\Jake Emen\Application Data\WeatherBug
2008-11-28 21:50 --------- d-----w c:\program files\Viewpoint
2008-11-28 21:50 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-28 19:03 --------- d-----w c:\documents and settings\Jake Emen\Application Data\Symantec
2008-11-26 06:32 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-22 05:55 --------- d-----w c:\documents and settings\Jake Emen\Application Data\StumbleUpon
2008-10-29 21:35 --------- d-----w c:\program files\mypoints
2008-10-29 21:35 --------- d-----w c:\documents and settings\Jake Emen\Application Data\mypoints
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 15:27 --------- d-----w c:\documents and settings\Jake Emen\Application Data\Malwarebytes
2008-10-22 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-22 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-22 13:59 --------- d-----w c:\program files\AVG
2008-10-22 13:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-22 13:54 --------- d-----w c:\program files\RGB
2008-10-22 13:25 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-22 13:24 --------- d-----w c:\program files\Lavasoft
2008-10-22 13:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-22 13:23 --------- d-----w c:\program files\CCleaner
2008-10-19 22:11 --------- d-----w c:\documents and settings\Jake Emen\Application Data\FileZilla
2008-10-19 17:12 --------- d-----w c:\program files\FileZilla FTP Client
2008-10-17 00:36 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-17 00:36 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 20:46 --------- d-----w c:\program files\StumbleUpon
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-01-07 22:43 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-03-16 15:32 56,912 ----a-w c:\documents and settings\Jake Emen\g2mdlhlpx.exe
2005-03-10 19:45 265,984 ----a-w c:\windows\inf\WG511v2\WG511v2XP.sys
2005-03-10 19:45 265,856 ----a-w c:\windows\inf\WG511v2\WG511v2.sys
2004-08-05 21:06 212,992 ----a-w c:\windows\inf\WG511v2\CopyWHQLDriver.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-29_13.26.41.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:12:39 507,904 ----a-w c:\windows\ServicePackFiles\i386\Copy of winlogon.exe
+ 2006-01-09 14:36:06 40,960 ----a-w c:\windows\system32\swsc.exe
+ 2008-11-30 23:41:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 1343488]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"HPsetm"="c:\documents and settings\Jake Emen\Application Data\Google\ijdkq13324484.exe" [2008-11-26 102912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]
NETGEAR Smart Wizard.lnk - c:\windows\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2006-08-09 2238]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2006-08-24 884838]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk
backup=c:\windows\pss\Album Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 17:42 79448 c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2005-04-18 13:38 71256 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-08 19:13 133104 c:\documents and settings\Jake Emen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-03-08 13:38 48280 c:\program files\Common Files\AOL\1155258632\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 13:39 94208 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-19 08:49 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155258632\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2006-08-24 17149]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2006-08-24 362944]
S3 iComp;HP Analog TV Tuner;c:\windows\system32\DRIVERS\p2usbwdm.sys [2006-01-17 1536000]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Jake Emen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 19:13]

2008-11-30 c:\windows\Tasks\User_Feed_Synchronization-{377ED4BC-F892-44BE-B2CF-C0AF81FC3F4C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jake Emen\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - c:\documents and settings\Jake Emen\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 08:20:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????P??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\MrvGINA.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\wbem\fastprox.dll
.
Completion time: 2008-12-01 8:22:33
ComboFix-quarantined-files.txt 2008-12-01 13:21:55
ComboFix2.txt 2008-11-29 18:28:04

Pre-Run: 12,571,930,624 bytes free
Post-Run: 12,619,526,144 bytes free

240 --- E O F --- 2008-11-28 16:04:50

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 01 December 2008 - 05:46 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    c:\documents and settings\Jake Emen\nah_nfkt.exe
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


lease download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE



NEXT


Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.



Post me these logs in your next reply..

1. OTMoveIt3
2. Kaspersky Online
3. Tell me about your computer now :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 jme248

jme248
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 01 December 2008 - 09:23 PM

Ok, here we go....

1) OTMoveIt3 log


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\documents and settings\Jake Emen\nah_nfkt.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JAKEEM~1\LOCALS~1\Temp\etilqs_ycxJt4Y2Ep46eDpnvHip scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETD1B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_183629

Files moved on Reboot...
File C:\DOCUME~1\JAKEEM~1\LOCALS~1\Temp\etilqs_ycxJt4Y2Ep46eDpnvHip not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\JETD1B7.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6d4.dat not found!
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqb8ttr2.default\XUL.mfl moved successfully.


2) I'm including the javara log because at first there was an error, it than said complete afterward, but here's the log:


JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Dec 01 18:48:32 2008

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

There was an error removing C:\Program Files\Java\jre1.6.0_01. The error returned was 23.

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Dec 01 18:50:54 2008

There was an error removing C:\Program Files\Java\jre1.6.0_01. The error returned was 23.

------------------------------------

Finished reporting.



3) The Kapersky scan log:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 1, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 18:39:03
Records in database: 1429900
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 113631
Threat name: 2
Infected objects: 2
Suspicious objects: 1
Duration of the scan: 02:05:44


File name / Threat name / Threats count
C:\Documents and Settings\Jake Emen\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Jake Emen\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Jake Emen\Local Settings\Application Data\Identities\{F71B5959-30EB-4602-8572-F92EE25554BB}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.


And there you go! So far I'm still seeing the popups. Hopefully these logs will show you what to tell me to do to finally get rid of this thing! Many thanks, again.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users