Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox opening multiple windows


  • This topic is locked This topic is locked
12 replies to this topic

#1 bballfan

bballfan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 30 November 2008 - 03:25 PM

I've gone through the guide and hope to complete this message before Firefox crashes again.

After eliminating the exceptions on my firewall like step 4 indicates, I'm now receiving the following message when firefox opens a new window. "The page you are looking for is temporarily unavailable.
Please try again later."

I tried the Kaspersky Online Scanner, but it closed and I don't know if a log was created.

Below are my logs:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Mary Horne at 2008-11-30 15:08:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 87 GB (58%) free of 149 GB
Total RAM: 1022 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:40 PM, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\TWFyeSBIb3JuZQ\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\PRISMSVR.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\68Xb0m27.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Mary Horne\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Mary Horne.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\SYSTEM32\winsrc.dll
O2 - BHO: goodsearch - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O2 - BHO: (no name) - {4F9273FD-5C50-44DC-BB98-10ECA69927AC} - C:\WINDOWS\system32\vtUmJYon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {807682e4-0a28-cac9-8c14-0e6d8caa5d75} - {57d5aac8-d6e0-41c8-9cac-82a04e286708} - C:\WINDOWS\system32\azhieh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7d6264de-3985-4a53-80aa-58ac2b3866a6} - C:\WINDOWS\system32\zelewehe.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\35Ad6o84.dll
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\nnnkIcdc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: goodsearch - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [CPMe78104bd] Rundll32.exe "c:\windows\system32\gefejobu.dll",a
O4 - HKLM\..\Run: [kahohusufi] Rundll32.exe "C:\WINDOWS\system32\pimeyewe.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [kahohusufi] Rundll32.exe "C:\WINDOWS\system32\pimeyewe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kahohusufi] Rundll32.exe "C:\WINDOWS\system32\pimeyewe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} (Wyncs Control) - http://www.highschoolsports.net/Wyncs.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DAEB8818-608B-40D2-8AD6-193753623CEB} - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\Software\..\Telephony: DomainName = home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = home
O20 - AppInit_DLLs: c:\windows\system32\gefejobu.dll,C:\WINDOWS\system32\kukujema.dll azhieh.dll
O20 - Winlogon Notify: nnnkIcdc - C:\WINDOWS\SYSTEM32\nnnkIcdc.dll
O20 - Winlogon Notify: __c00B26E1 - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gefejobu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gefejobu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyeSBIb3JuZQ\command.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15183 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
&Research - C:\WINDOWS\SYSTEM32\winsrc.dll [2008-11-28 363008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-95BA-ED6DB186BE32}]
goodsearch - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL [2006-07-24 1797120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F9273FD-5C50-44DC-BB98-10ECA69927AC}]
C:\WINDOWS\system32\vtUmJYon.dll [2008-11-23 318464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57d5aac8-d6e0-41c8-9cac-82a04e286708}]
C:\WINDOWS\system32\azhieh.dll [2008-11-29 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d6264de-3985-4a53-80aa-58ac2b3866a6}]
C:\WINDOWS\system32\zelewehe.dll [2008-08-28 64052]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
solution Class - C:\WINDOWS\system32\35Ad6o84.dll [2008-11-29 31232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
C:\WINDOWS\system32\nnnkIcdc.dll [2008-11-23 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-16 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{37B85A29-692B-4205-9CAD-2626E4993404} - My Global Search Bar - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2006-08-06 225280]
{4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - goodsearch - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL [2006-07-24 1797120]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll [2007-03-20 562872]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My &Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2006-06-21 307200]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-12 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRISMSVR.EXE"=C:\WINDOWS\System32\PRISMSVR.EXE [2003-11-20 282713]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe [2003-12-11 70800]
""= []
"EPSON Stylus CX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [2005-02-01 98304]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-25 335872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2006-06-21 28672]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-03-14 257088]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"CPMe78104bd"=c:\windows\system32\gefejobu.dll [2008-11-23 90164]
"kahohusufi"=C:\WINDOWS\system32\pimeyewe.dll [2008-08-28 64052]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-22 68856]
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2004-04-19 131072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
SysTray.lnk - C:\WINDOWS\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\gefejobu.dll,C:\WINDOWS\system32\kukujema.dll azhieh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkIcdc]
C:\WINDOWS\system32\nnnkIcdc.dll [2008-11-23 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00B26E1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gefejobu.dll [2008-11-23 90164]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gefejobu.dll [2008-11-23 90164]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}"= []
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\nnnkIcdc.dll [2008-11-23 25600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
C:\WINDOWS\system32\vtUmJYon
"notification packages"=scecli
C:\WINDOWS\system32\kukujema.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe"="C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe:*:Disabled: "
"C:\Program Files\Kinko's\FPFK\FPKMain.exe"="C:\Program Files\Kinko's\FPFK\FPKMain.exe:*:Disabled: "
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Disabled:AppleMobileDeviceService"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Explorer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:IEXPLORE"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\SYSTEM32\lsass.exe"="C:\WINDOWS\SYSTEM32\lsass.exe:*:Disabled:lsass"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

======List of files/folders created in the last 1 months======

2008-11-30 15:08:15 ----D---- C:\rsit
2008-11-30 14:01:13 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-29 20:05:24 ----SH---- C:\WINDOWS\system32\faiofisy.ini
2008-11-29 20:05:19 ----A---- C:\WINDOWS\system32\ysifoiaf.dll
2008-11-29 20:02:22 ----A---- C:\WINDOWS\system32\azhieh.dll
2008-11-29 20:02:19 ----A---- C:\WINDOWS\system32\ldjjwsho.dll
2008-11-28 20:21:27 ----A---- C:\WINDOWS\system32\winsrc.dll
2008-11-28 20:20:53 ----A---- C:\WINDOWS\system32\explorer32.exe
2008-11-28 20:20:27 ----A---- C:\WINDOWS\system32\ieupdates.exe
2008-11-28 20:14:26 ----D---- C:\Program Files\Antivirus 2009
2008-11-28 20:05:54 ----A---- C:\WINDOWS\system32\hfoxap.dll
2008-11-28 20:05:52 ----A---- C:\WINDOWS\system32\fnqrjnmy.dll
2008-11-28 20:02:29 ----SH---- C:\WINDOWS\system32\uxbswprm.ini
2008-11-28 20:02:27 ----A---- C:\WINDOWS\system32\mrpwsbxu.dll
2008-11-28 17:03:27 ----D---- C:\Program Files\Common Files\qzmz
2008-11-28 17:03:25 ----A---- C:\WINDOWS\system32\tsuninst.exe
2008-11-28 17:03:24 ----D---- C:\WINDOWS\qzmz
2008-11-27 20:03:45 ----SH---- C:\WINDOWS\system32\dkernqno.ini
2008-11-27 20:03:37 ----N---- C:\WINDOWS\system32\onqnrekd.dll
2008-11-27 20:00:14 ----A---- C:\WINDOWS\system32\cnuztw.dll
2008-11-27 20:00:11 ----A---- C:\WINDOWS\system32\snbjdchv.dll
2008-11-27 09:22:52 ----A---- C:\WINDOWS\system32\cmd.execf
2008-11-27 09:22:28 ----D---- C:\32788R22FWJFW
2008-11-26 16:33:55 ----SH---- C:\WINDOWS\system32\sqoxcbgw.ini
2008-11-26 16:33:46 ----A---- C:\WINDOWS\system32\wgbcxoqs.dll
2008-11-26 16:31:05 ----A---- C:\WINDOWS\system32\ovlrol.dll
2008-11-26 16:31:03 ----A---- C:\WINDOWS\system32\uqyxvfln.dll
2008-11-25 15:52:51 ----A---- C:\WINDOWS\system32\hgqjzv.dll
2008-11-25 15:52:50 ----A---- C:\WINDOWS\system32\vqsdpqrh.dll
2008-11-25 15:49:55 ----SH---- C:\WINDOWS\system32\pqeedicy.ini
2008-11-25 15:49:54 ----A---- C:\WINDOWS\system32\ycideeqp.dll
2008-11-24 15:50:57 ----A---- C:\WINDOWS\system32\pmwgbhqb.dll
2008-11-24 15:50:57 ----A---- C:\WINDOWS\system32\cqupry.dll
2008-11-24 15:48:59 ----SH---- C:\WINDOWS\system32\olholsxw.ini
2008-11-24 09:51:01 ----SH---- C:\WINDOWS\system32\lmodfodk.ini
2008-11-24 09:50:59 ----A---- C:\WINDOWS\system32\jihwfnkv.dll
2008-11-24 09:50:59 ----A---- C:\WINDOWS\system32\jburjh.dll
2008-11-24 09:50:56 ----A---- C:\WINDOWS\system32\kdofdoml.dll
2008-11-23 21:26:16 ----A---- C:\WINDOWS\system32\atmtd.dll._
2008-11-23 21:26:16 ----A---- C:\WINDOWS\system32\atmtd.dll
2008-11-23 21:25:50 ----D---- C:\Program Files\Network Monitor
2008-11-23 21:25:50 ----A---- C:\WINDOWS\uninstall_nmon.vbs
2008-11-23 21:25:49 ----SHD---- C:\WINDOWS\TWFyeSBIb3JuZQ
2008-11-23 21:25:39 ----D---- C:\Program Files\InetGet2
2008-11-23 21:10:40 ----D---- C:\Program Files\Webtools
2008-11-23 21:05:44 ----D---- C:\Program Files\Mjcore
2008-11-23 21:04:29 ----A---- C:\WINDOWS\system32\iifeDUon.dll
2008-11-23 21:04:28 ----A---- C:\WINDOWS\system32\hgGxYSIA.dll
2008-11-23 09:58:35 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-23 09:54:28 ----A---- C:\WINDOWS\system32\byXrOIbX.dll
2008-11-23 09:54:25 ----A---- C:\WINDOWS\system32\wvUnLCRi.dll
2008-11-23 09:50:42 ----A---- C:\WINDOWS\system32\dcticc.dll
2008-11-23 09:50:41 ----A---- C:\WINDOWS\system32\gqsxmlrg.dll
2008-11-23 09:49:05 ----SH---- C:\WINDOWS\system32\woyxewef.ini
2008-11-23 09:49:00 ----A---- C:\WINDOWS\system32\fewexyow.dll
2008-11-23 09:48:26 ----A---- C:\WINDOWS\system32\ef91f35f-.txt
2008-11-23 09:44:23 ----ASH---- C:\WINDOWS\system32\noYJmUtv.ini2
2008-11-23 09:44:23 ----ASH---- C:\WINDOWS\system32\noYJmUtv.ini
2008-11-23 09:44:14 ----A---- C:\WINDOWS\system32\vtUmJYon.dll
2008-11-23 09:39:07 ----A---- C:\WINDOWS\system32\nnnkIcdc.dll
2008-11-23 09:39:07 ----A---- C:\WINDOWS\system32\hgGXNDtq.dll
2008-11-23 09:39:05 ----A---- C:\WINDOWS\system32\msansspc.dll
2008-11-23 08:19:07 ----SH---- C:\WINDOWS\system32\ikafesar.ini
2008-11-22 15:19:05 ----SH---- C:\WINDOWS\system32\ujeviwug.ini
2008-11-22 03:18:41 ----SH---- C:\WINDOWS\system32\alawezot.ini
2008-11-21 15:18:38 ----SH---- C:\WINDOWS\system32\utagasos.ini
2008-11-20 15:18:04 ----SH---- C:\WINDOWS\system32\apeveyow.ini
2008-11-19 17:01:52 ----SH---- C:\WINDOWS\system32\ilevobam.ini
2008-11-18 15:17:27 ----SH---- C:\WINDOWS\system32\agobawam.ini
2008-11-17 15:21:00 ----SH---- C:\WINDOWS\system32\onurijah.ini
2008-11-16 19:07:19 ----SH---- C:\WINDOWS\system32\anapibun.ini
2008-11-16 07:07:11 ----SH---- C:\WINDOWS\system32\ekobeyar.ini
2008-11-15 19:06:57 ----SH---- C:\WINDOWS\system32\epatalik.ini
2008-11-14 19:06:01 ----SH---- C:\WINDOWS\system32\akekivif.ini
2008-11-14 07:05:47 ----SH---- C:\WINDOWS\system32\ikeyumig.ini
2008-11-13 19:05:32 ----SH---- C:\WINDOWS\system32\enewetud.ini
2008-11-12 07:05:07 ----SH---- C:\WINDOWS\system32\ovokulaf.ini
2008-11-11 18:42:46 ----SH---- C:\WINDOWS\system32\ovodelit.ini
2008-11-11 06:43:45 ----SH---- C:\WINDOWS\system32\eyokakan.ini
2008-11-10 18:38:54 ----SH---- C:\WINDOWS\system32\urifabas.ini
2008-11-10 06:38:42 ----SH---- C:\WINDOWS\system32\akodegun.ini
2008-11-09 12:19:30 ----SH---- C:\WINDOWS\system32\evimehum.ini
2008-11-09 00:19:21 ----SH---- C:\WINDOWS\system32\enebeday.ini
2008-11-06 04:55:01 ----D---- C:\report
2008-11-05 18:11:48 ----D---- C:\Application Data

======List of files/folders modified in the last 1 months======

2008-11-30 15:08:17 ----D---- C:\WINDOWS\Prefetch
2008-11-30 15:08:00 ----D---- C:\Program Files\Mozilla Firefox
2008-11-30 13:29:38 ----D---- C:\WINDOWS\SYSTEM32
2008-11-30 13:29:30 ----A---- C:\WINDOWS\system32\68Xb0m27.exe
2008-11-30 13:25:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 13:14:29 ----D---- C:\WINDOWS
2008-11-30 13:01:13 ----D---- C:\WINDOWS\Temp
2008-11-30 12:36:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-30 12:29:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 01:37:43 ----RD---- C:\My Downloads
2008-11-29 16:36:33 ----D---- C:\Program Files\RegCure
2008-11-29 14:04:51 ----A---- C:\WINDOWS\system32\68Xb0m27.exe_
2008-11-29 11:59:39 ----A---- C:\WINDOWS\system32\35Ad6o84.dll
2008-11-28 21:12:42 ----ASH---- C:\WINDOWS\system32\ruwajibo.dll
2008-11-28 20:14:26 ----D---- C:\Program Files
2008-11-28 18:38:12 ----D---- C:\Program Files\PokerStars
2008-11-28 18:37:21 ----D---- C:\Program Files\PokerStars.NET
2008-11-28 17:03:27 ----D---- C:\Program Files\Common Files
2008-11-28 14:21:48 ----D---- C:\Program Files\AIMTunes
2008-11-24 09:27:36 ----D---- C:\Program Files\Trend Micro
2008-11-23 08:19:04 ----ASH---- C:\WINDOWS\system32\gefejobu.dll
2008-11-22 21:25:39 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-11-22 15:19:01 ----ASH---- C:\WINDOWS\system32\yezejugo.dll
2008-11-22 03:18:38 ----ASH---- C:\WINDOWS\system32\jutunaja.dll
2008-11-21 15:18:22 ----N---- C:\WINDOWS\system32\sosagatu.dll
2008-11-21 15:18:22 ----ASH---- C:\WINDOWS\system32\fovisuga.dll
2008-11-21 03:18:11 ----ASH---- C:\WINDOWS\system32\zobejivo.dll
2008-11-21 03:18:11 ----ASH---- C:\WINDOWS\system32\suzumuvo.dll
2008-11-20 15:18:00 ----ASH---- C:\WINDOWS\system32\yebalino.dll
2008-11-20 15:17:59 ----ASH---- C:\WINDOWS\system32\woyevepa.dll
2008-11-20 03:17:47 ----ASH---- C:\WINDOWS\system32\remumafi.dll
2008-11-20 03:17:47 ----ASH---- C:\WINDOWS\system32\hotowaze.dll
2008-11-19 15:17:42 ----ASH---- C:\WINDOWS\system32\maboveli.dll
2008-11-19 15:17:41 ----ASH---- C:\WINDOWS\system32\gayubowu.dll
2008-11-19 03:17:38 ----ASH---- C:\WINDOWS\system32\tofulupa.dll
2008-11-19 03:17:38 ----ASH---- C:\WINDOWS\system32\livemiva.dll
2008-11-18 15:17:23 ----ASH---- C:\WINDOWS\system32\mawaboga.dll
2008-11-18 15:17:23 ----ASH---- C:\WINDOWS\system32\guvumuso.dll
2008-11-17 15:20:50 ----N---- C:\WINDOWS\system32\hajiruno.dll
2008-11-17 15:20:49 ----ASH---- C:\WINDOWS\system32\viyiyini.dll
2008-11-16 19:07:12 ----ASH---- C:\WINDOWS\system32\vikuyomo.dll
2008-11-16 07:07:09 ----ASH---- C:\WINDOWS\system32\lunarobu.dll
2008-11-15 19:06:52 ----ASH---- C:\WINDOWS\system32\zurufalo.dll
2008-11-15 07:06:08 ----ASH---- C:\WINDOWS\system32\yobejofu.dll
2008-11-15 07:06:08 ----ASH---- C:\WINDOWS\system32\humopase.dll
2008-11-14 19:05:52 ----ASH---- C:\WINDOWS\system32\rutudara.dll
2008-11-14 19:05:52 ----ASH---- C:\WINDOWS\system32\fivikeka.dll
2008-11-14 07:05:40 ----ASH---- C:\WINDOWS\system32\kijayavo.dll
2008-11-14 07:05:40 ----ASH---- C:\WINDOWS\system32\gimuyeki.dll
2008-11-13 19:05:28 ----ASH---- C:\WINDOWS\system32\jofoliyo.dll
2008-11-13 19:05:28 ----ASH---- C:\WINDOWS\system32\dutewene.dll
2008-11-13 07:05:19 ----ASH---- C:\WINDOWS\system32\yoyorena.dll
2008-11-12 19:05:09 ----ASH---- C:\WINDOWS\system32\ranipone.dll
2008-11-12 07:05:05 ----ASH---- C:\WINDOWS\system32\panasoba.dll
2008-11-11 18:42:44 ----N---- C:\WINDOWS\system32\tiledovo.dll
2008-11-11 18:42:43 ----ASH---- C:\WINDOWS\system32\fujegifu.dll
2008-11-11 06:43:42 ----ASH---- C:\WINDOWS\system32\howibovu.dll
2008-11-11 06:43:41 ----N---- C:\WINDOWS\system32\nakakoye.dll
2008-11-10 18:38:47 ----N---- C:\WINDOWS\system32\sabafiru.dll
2008-11-10 18:38:47 ----ASH---- C:\WINDOWS\system32\ganotida.dll
2008-11-10 06:39:29 ----D---- C:\Documents and Settings\Mary Horne\Application Data\ShoppingReport
2008-11-10 06:38:38 ----ASH---- C:\WINDOWS\system32\zibuzuhu.dll
2008-11-10 06:38:37 ----N---- C:\WINDOWS\system32\nugedoka.dll
2008-11-09 19:54:17 ----D---- C:\WINDOWS\system32\Adobe
2008-11-09 12:19:24 ----ASH---- C:\WINDOWS\system32\yemopego.dll
2008-11-09 00:19:18 ----N---- C:\WINDOWS\system32\yadebene.dll
2008-11-09 00:19:18 ----ASH---- C:\WINDOWS\system32\pusezaso.dll
2008-11-08 11:02:14 ----D---- C:\WINDOWS\system32\DLLCACHE
2008-11-07 14:42:16 ----HD---- C:\WINDOWS\INF
2008-11-07 14:42:16 ----D---- C:\WINDOWS\Help
2008-11-06 02:45:11 ----D---- C:\Documents and Settings
2008-11-03 14:40:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 22:22:37 ----SHD---- C:\WINDOWS\Installer
2008-10-31 22:22:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-31 22:20:10 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-11-20 15781]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2004-03-19 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2004-03-19 55936]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-25 729600]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2007-03-26 28352]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050105.009\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050105.009\NavEx15.Sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\PRISMA02.sys [2003-11-11 336800]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-03-19 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-25 397312]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-22 255600]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-22 235120]
R2 cmdService;Command Service; C:\WINDOWS\TWFyeSBIb3JuZQ\command.exe [2005-08-02 293888]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2004-04-23 158848]
R2 Network Monitor;Network Monitor; C:\Program Files\Network Monitor\netmon.exe [2006-01-04 94208]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-03-14 500800]
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2004-12-22 218736]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-22 87664]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2003-12-04 193816]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-30 15:09:57

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
3ivx D4 4.5.1 Decoder (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8-->C:\Program Files\Common Files\YGP\Plugins\AIM\9_5_1_8a\YGPInstallerAim.exe /u -d"AIM" -p"AIM" -len-US-AIM
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
All In One-->"C:\Program Files\YdUts\unins000.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Backyard Basketball-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Basketball\Uninst.isu -c"C:\HEGames\Basketball\Uninst.dll
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
BearShare MediaBar-->C:\Program Files\BearShare applications\BearShare MediaBar\Uninstall.exe
BearShare MediaBar-->regsvr32 /u /s "C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll"
BearShare-->C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Comcast Rhapsody-->C:\PROGRA~1\COMCAS~1\Unwise32.exe /A C:\PROGRA~1\COMCAS~1\install.log
ComcastSUPPORT-->"C:\Program Files\support.com\bin\tgfix.exe" /rm /nq
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creme Savers Ten Pin Championship Bowling-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CremeSavers\Creme Savers Ten Pin Championship Bowling\Uninst.isu"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Printer Software Uninstall-->C:\Program Files\Dell_HostCD\Install\Uninstall.exe
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EPSON CX 4200 4800 Guide-->C:\Program Files\epson\guide\cx4200_4800_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ewido anti-malware-->C:\Program Files\ewido anti-malware\Uninstall.exe
exPressit S.E. 2.1-->"C:\Program Files\exPressit S.E. 2.1\UninstallerData\Uninstall exPressit S.E. 2.1.exe"
File, Print FedEx Kinko's-->MsiExec.exe /I{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}
Fonts-->"C:\PROGRA~1\Freeze.com\Fonts\UNINSTAL.EXE"
goodsearch-->C:\Program Files\goodsearch\uninstall.exe -uninstall -prompt
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardwood Hearts-->C:\Program Files\Hardwood Hearts\Hearts.exe -Uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP eServices Local Prints and Save-->MsiExec.exe /I{939E2189-9B65-41FC-A842-1BBC1588BFD1}
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
ItsDeductible Express-->MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes-->MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (1.5.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
My Global Search Bar-->rundll32 C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll,O
My Web Search (Zwinky)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
ParetoLogic Privacy Controls-->MsiExec.exe /I{742DFC87-1703-46D8-AC24-F87FDCD7C1AB}
PhotoFiltre-->"C:\Documents and Settings\Lindsay Horne\My Documents\PhotoFiltre\Uninst.exe"
PokerStars.net-->C:\Program Files\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerPaint 2.30-->"C:\Program Files\FLISoft\PowerPaint\unins000.exe"
Print Server Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\PTP\Uninst.isu"
Puzzle Pirates-->C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{21F6B15F-1198-4FA2-8F31-5A24C1FBE144}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
ShopperReports-->C:\Program Files\ShoppingReport\Uninst.exe
Snood for Windows version 3.52-W-->"C:\Program Files\Snood\unins000.exe"
Snood Slide 1.50-->"C:\Program Files\WOMGames\Snood Slide\unins000.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TargetSaver-->C:\WINDOWS\system32\tsuninst.exe /u
TrueMobile 1300 USB 2.0 WLAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\setup.exe" -l0x9 -L0x9
TurboTax Basic 2004-->C:\Program Files\TurboTax\Basic 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2004\Uninstall.log" -NoGui
TurboTax Basic 2005-->C:\Program Files\TurboTax\Basic 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2005\Uninstall.log" -NoGui
TurboTax Basic 2006-->C:\Program Files\TurboTax\Basic 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2006\Uninstall.log" -NoGui
TurboTax Basic 2007-->C:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Any help you can provide would be fantastic!

Thanks!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 30 November 2008 - 04:10 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\tasks\At?.job
    C:\WINDOWS\tasks\At??.job
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



==================




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 bballfan

bballfan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 30 November 2008 - 06:09 PM

Thank you for your help!!

I did what you asked with only one problem. I had another version of ComboFix on my computer. I got a message that it wasn't the most current, but I couldn't download a newer one. I ran the version I had successfully and the logs you requested are attached. I started right after I got your message, so it appears there was alot wrong.

IE is now my default browser, which I prefer and it is not jumping to other sites like it was. I appear to have some registry issues with JawsCreator and FedEx Kinko, too.

Thank you again. Please let me know what's next.

OTMoveIT log
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\~DF46DD.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\~DF4B15.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\~DF7754.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_162836

Files moved on Reboot...
File C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\~DF46DD.tmp not found!
File C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\~DF4B15.tmp not found!
C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\~DF7754.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_bc.dat not found!
C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mary Horne\Local Settings\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\XUL.mfl moved successfully.

ComboFix log
ComboFix 08-11-30.01 - Mary Horne 2008-11-30 17:17:21.1 - NTFSx86
Running from: c:\documents and settings\Mary Horne\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dan Horne\Application Data\Awola6
c:\documents and settings\Dan Horne\Application Data\Awola6\Awola6.exe
c:\documents and settings\Dan Horne\Application Data\gadcom
c:\documents and settings\Dan Horne\Application Data\gadcom\gadcom.exe
c:\documents and settings\Dan Horne\Application Data\ShoppingReport
c:\documents and settings\Dan Horne\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Dan Horne\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Dan Horne\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Dan Horne\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Dan Horne\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Dan Horne\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Dan Horne\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Dan Horne\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Dan Horne\Start Menu\Programs\Awola6
c:\documents and settings\Lauren Horne\Application Data\FunWebProducts
c:\documents and settings\Lauren Horne\Application Data\FunWebProducts\Data\Lauren Horne\avatar.dat
c:\documents and settings\Lauren Horne\Application Data\gadcom
c:\documents and settings\Lauren Horne\Application Data\gadcom\gadcom.exe
c:\documents and settings\Lauren Horne\Application Data\Install.dat
c:\documents and settings\Lauren Horne\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
c:\documents and settings\Lauren Horne\Application Data\ShoppingReport
c:\documents and settings\Lauren Horne\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Lauren Horne\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Lauren Horne\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Lauren Horne\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Lauren Horne\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Lauren Horne\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Lauren Horne\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Lauren Horne\Desktop\Antivirus 2009.lnk
c:\documents and settings\Lauren Horne\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Lauren Horne\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Lauren Horne\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Lauren Horne\Start Menu\Antivirus 2009
c:\documents and settings\Lauren Horne\Start Menu\Antivirus 2009\Antivirus 2009.lnk
c:\documents and settings\Lauren Horne\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
c:\documents and settings\Lindsay Horne\Application Data\ShoppingReport
c:\documents and settings\Lindsay Horne\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Lindsay Horne\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Lindsay Horne\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Lindsay Horne\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Lindsay Horne\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Lindsay Horne\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Lindsay Horne\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\Mary Horne\Application Data\ShoppingReport
c:\documents and settings\Mary Horne\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Mary Horne\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Mary Horne\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Mary Horne\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Mary Horne\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Mary Horne\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Mary Horne\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\NetworkService\Application Data\ShoppingReport
c:\documents and settings\NetworkService\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\NetworkService\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\NetworkService\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\NetworkService\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\NetworkService\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\NetworkService\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\NetworkService\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\CPV.stt
C:\mimic.log
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\program files\Common Files\qzmz
c:\program files\Common Files\qzmz\qzmza.exe
c:\program files\Common Files\qzmz\qzmza.lck
c:\program files\Common Files\qzmz\qzmzd\class-barrel
c:\program files\Common Files\qzmz\qzmzd\qzmzc.dll
c:\program files\Common Files\qzmz\qzmzd\vocabulary
c:\program files\Common Files\qzmz\qzmzh
c:\program files\Common Files\qzmz\qzmzl.exe
c:\program files\Common Files\qzmz\qzmzl.lck
c:\program files\Common Files\qzmz\qzmzm.exe
c:\program files\Common Files\qzmz\qzmzm.lck
c:\program files\Common Files\qzmz\qzmzp.exe
c:\program files\Common\helper.dll
c:\program files\Common\helper.sig
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\00EB6D97.swf
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\FunWebProducts\ScreenSaver\Images\00EB31A7.urr
c:\program files\FunWebProducts\ScreenSaver\Images\00EB6C30.urr
c:\program files\FunWebProducts\ScreenSaver\Images\00EB7085.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0100809C.urr
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CheckersAIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\ChessAIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\EnableDisableAIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\NoSettingAIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\ReversiAIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\inetget2
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\000155EB
c:\program files\myglobalsearch\bar\Cache\000202D4
c:\program files\myglobalsearch\bar\Cache\000219C7
c:\program files\myglobalsearch\bar\Cache\0002483A
c:\program files\myglobalsearch\bar\Cache\000249D0
c:\program files\myglobalsearch\bar\Cache\0002C123
c:\program files\myglobalsearch\bar\Cache\0003495E
c:\program files\myglobalsearch\bar\Cache\0003F780
c:\program files\myglobalsearch\bar\Cache\0004FCDB
c:\program files\myglobalsearch\bar\Cache\0028340D
c:\program files\myglobalsearch\bar\Cache\002D2436.bin
c:\program files\myglobalsearch\bar\Cache\002D24C3.bin
c:\program files\myglobalsearch\bar\Cache\002D2511.bin
c:\program files\myglobalsearch\bar\Cache\03C51F0B
c:\program files\myglobalsearch\bar\Cache\04F3B93B
c:\program files\myglobalsearch\bar\Cache\05C9E05A
c:\program files\myglobalsearch\bar\Cache\069805E9
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\program files\myglobalsearch\bar\Settings\settings.dat
c:\program files\myglobalsearch\bar\Settings\settings.htm
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\close.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\login.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\00061B99
c:\program files\MyWebSearch\bar\Cache\003CBD22
c:\program files\MyWebSearch\bar\Cache\0084BF75.bin
c:\program files\MyWebSearch\bar\Cache\0084C0AE.bin
c:\program files\MyWebSearch\bar\Cache\0084C13A.bin
c:\program files\MyWebSearch\bar\Cache\0084C1D7.bin
c:\program files\MyWebSearch\bar\Cache\0084C234.bin
c:\program files\MyWebSearch\bar\Cache\008B2130.bin
c:\program files\MyWebSearch\bar\Cache\008B22D5.bin
c:\program files\MyWebSearch\bar\Cache\008B246C.bin
c:\program files\MyWebSearch\bar\Cache\008B2575.bin
c:\program files\MyWebSearch\bar\Cache\008B25E3.bin
c:\program files\MyWebSearch\bar\Cache\00961DA0.bin
c:\program files\MyWebSearch\bar\Cache\00961E6B
c:\program files\MyWebSearch\bar\Cache\03C51EFB
c:\program files\MyWebSearch\bar\Cache\043AB97D
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS\board.gif
c:\program files\MyWebSearch\bar\Game\CHECKERS\btn-flat.gif
c:\program files\MyWebSearch\bar\Game\CHECKERS\btn-push.gif
c:\program files\MyWebSearch\bar\Game\CHECKERS\checkers.js
c:\program files\MyWebSearch\bar\Game\CHECKERS\common-r.gif
c:\program files\MyWebSearch\bar\Game\CHECKERS\common-w.gif
c:\program files\MyWebSearch\bar\Game\CHECKERS\index.htm
c:\program files\MyWebSearch\bar\Game\CHECKERS\king-r.gif
c:\program files\MyWebSearch\bar\Game\CHECKERS\king-w.gif
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS\bishop-b.gif
c:\program files\MyWebSearch\bar\Game\CHESS\bishop-w.gif
c:\program files\MyWebSearch\bar\Game\CHESS\board.gif
c:\program files\MyWebSearch\bar\Game\CHESS\btn-flat.gif
c:\program files\MyWebSearch\bar\Game\CHESS\btn-push.gif
c:\program files\MyWebSearch\bar\Game\CHESS\chess.js
c:\program files\MyWebSearch\bar\Game\CHESS\index.htm
c:\program files\MyWebSearch\bar\Game\CHESS\king-b.gif
c:\program files\MyWebSearch\bar\Game\CHESS\king-w.gif
c:\program files\MyWebSearch\bar\Game\CHESS\knight-b.gif
c:\program files\MyWebSearch\bar\Game\CHESS\knight-w.gif
c:\program files\MyWebSearch\bar\Game\CHESS\pawn-b.gif
c:\program files\MyWebSearch\bar\Game\CHESS\pawn-w.gif
c:\program files\MyWebSearch\bar\Game\CHESS\queen-b.gif
c:\program files\MyWebSearch\bar\Game\CHESS\queen-w.gif
c:\program files\MyWebSearch\bar\Game\CHESS\rook-b.gif
c:\program files\MyWebSearch\bar\Game\CHESS\rook-w.gif
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\network monitor
c:\program files\network monitor\netmon.exe
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\program files\XP Antivirus
c:\program files\XP Antivirus\xpa.exe.tmp
c:\windows\IE4 Error Log.txt
c:\windows\qzmz
c:\windows\qzmz\qzmz.dat
c:\windows\qzmz\wu
c:\windows\system32\__c005EEA1.exe
c:\windows\system32\__c00DFB1.exe
c:\windows\system32\35Ad6o84.dll
c:\windows\system32\68Xb0m27.exe.a_a
c:\windows\system32\ac1BuMxo.dll
c:\windows\system32\agobawam.ini
c:\windows\system32\akekivif.ini
c:\windows\system32\akodegun.ini
c:\windows\system32\alawezot.ini
c:\windows\system32\anapibun.ini
c:\windows\system32\apeveyow.ini
c:\windows\system32\atmtd.dll
c:\windows\system32\atmtd.dll._
c:\windows\system32\azhieh.dll
c:\windows\system32\byXrOIbX.dll
c:\windows\system32\cnuztw.dll
c:\windows\system32\cqupry.dll
c:\windows\system32\dcticc.dll
c:\windows\system32\dkernqno.ini
c:\windows\system32\dutewene.dll
c:\windows\system32\ekobeyar.ini
c:\windows\system32\enebeday.ini
c:\windows\system32\enewetud.ini
c:\windows\system32\epatalik.ini
c:\windows\system32\evimehum.ini
c:\windows\system32\explorer32.exe
c:\windows\system32\eyokakan.ini
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\faiofisy.ini
c:\windows\system32\fewexyow.dll
c:\windows\system32\fivikeka.dll
c:\windows\system32\fnqrjnmy.dll
c:\windows\system32\fovisuga.dll
c:\windows\system32\fujegifu.dll
c:\windows\system32\ganotida.dll
c:\windows\system32\gayubowu.dll
c:\windows\system32\gefejobu.dll
c:\windows\system32\gimuyeki.dll
c:\windows\system32\gqsxmlrg.dll
c:\windows\system32\guvumuso.dll
c:\windows\system32\hajiruno.dll
c:\windows\system32\hfoxap.dll
c:\windows\system32\hgGXNDtq.dll
c:\windows\system32\hgGxYSIA.dll
c:\windows\system32\hgqjzv.dll
c:\windows\system32\hotowaze.dll
c:\windows\system32\howibovu.dll
c:\windows\system32\humopase.dll
c:\windows\system32\ieupdates.exe
c:\windows\system32\iifeDUon.dll
c:\windows\system32\ikafesar.ini
c:\windows\system32\ikeyumig.ini
c:\windows\system32\ilevobam.ini
c:\windows\system32\jburjh.dll
c:\windows\system32\jihwfnkv.dll
c:\windows\system32\jofoliyo.dll
c:\windows\system32\jutunaja.dll
c:\windows\system32\kdofdoml.dll
c:\windows\system32\kijayavo.dll
c:\windows\system32\kukujema.dll
c:\windows\system32\ldjjwsho.dll
c:\windows\system32\livemiva.dll
c:\windows\system32\lmodfodk.ini
c:\windows\system32\lunarobu.dll
c:\windows\system32\maboveli.dll
c:\windows\system32\mawaboga.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\MGw8K8S4.exe.a_a
c:\windows\system32\mrpwsbxu.dll
c:\windows\system32\msansspc.dll
c:\windows\system32\msiebbar.dll
c:\windows\system32\nakakoye.dll
c:\windows\system32\nnnkIcdc.dll
c:\windows\system32\noYJmUtv.ini
c:\windows\system32\noYJmUtv.ini2
c:\windows\system32\nugedoka.dll
c:\windows\system32\olholsxw.ini
c:\windows\system32\onqnrekd.dll
c:\windows\system32\onurijah.ini
c:\windows\system32\ovlrol.dll
c:\windows\system32\ovodelit.ini
c:\windows\system32\ovokulaf.ini
c:\windows\system32\panasoba.dll
c:\windows\system32\pimeyewe.dll
c:\windows\system32\pmwgbhqb.dll
c:\windows\system32\pqeedicy.ini
c:\windows\system32\pusezaso.dll
c:\windows\system32\ranipone.dll
c:\windows\system32\remumafi.dll
c:\windows\system32\rutudara.dll
c:\windows\system32\ruwajibo.dll
c:\windows\system32\sabafiru.dll
c:\windows\system32\scui.cpl
c:\windows\system32\snbjdchv.dll
c:\windows\system32\sosagatu.dll
c:\windows\system32\sqoxcbgw.ini
c:\windows\system32\suzumuvo.dll
c:\windows\system32\tiledovo.dll
c:\windows\system32\tofulupa.dll
c:\windows\system32\tsuninst.exe
c:\windows\system32\ujeviwug.ini
c:\windows\system32\uqyxvfln.dll
c:\windows\system32\urifabas.ini
c:\windows\system32\utagasos.ini
c:\windows\system32\uxbswprm.ini
c:\windows\system32\vikuyomo.dll
c:\windows\system32\viyiyini.dll
c:\windows\system32\vqsdpqrh.dll
c:\windows\system32\vtUmJYon.dll
c:\windows\system32\wgbcxoqs.dll
c:\windows\system32\winsrc.dll
c:\windows\system32\woyevepa.dll
c:\windows\system32\woyxewef.ini
c:\windows\system32\wvUnLCRi.dll
c:\windows\system32\yadebene.dll
c:\windows\system32\ycideeqp.dll
c:\windows\system32\yebalino.dll
c:\windows\system32\yemopego.dll
c:\windows\system32\yezejugo.dll
c:\windows\system32\yobejofu.dll
c:\windows\system32\yoyorena.dll
c:\windows\system32\ysifoiaf.dll
c:\windows\system32\zelewehe.dll
c:\windows\system32\zibuzuhu.dll
c:\windows\system32\zobejivo.dll
c:\windows\system32\zurufalo.dll
c:\windows\TWFyeSBIb3JuZQ\
c:\windows\TWFyeSBIb3JuZQ\\asappsrv.dll
c:\windows\TWFyeSBIb3JuZQ\\command.exe
c:\windows\TWFyeSBIb3JuZQ\\nqIVym1KvaLRtk.vbs
c:\windows\TWFyeSBIb3JuZQ\command.exe
c:\windows\uninstall_nmon.vbs
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-30 16:28 . 2008-11-30 16:28 <DIR> d-------- C:\_OTMoveIt
2008-11-30 15:08 . 2008-11-30 15:09 <DIR> d-------- C:\rsit
2008-11-30 14:01 . 2008-11-30 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-23 21:20 . 2008-11-23 22:54 <DIR> d-------- c:\windows\SYSTEM32\CONFIG\systemprofile\Application Data\SpeedRunner
2008-11-23 21:20 . 2008-11-23 21:20 <DIR> d-------- c:\windows\SYSTEM32\CONFIG\systemprofile\Application Data\GOODSEARCH
2008-11-23 21:15 . 2008-11-23 21:15 <DIR> d-------- c:\windows\SYSTEM32\CONFIG\systemprofile\Application Data\Twain
2008-11-23 21:10 . 2008-11-23 21:10 <DIR> d-------- c:\program files\Webtools
2008-11-23 18:05 . 2008-11-23 18:05 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Talkback
2008-11-23 09:55 . 2008-11-23 22:54 <DIR> d-------- c:\windows\SYSTEM32\CONFIG\systemprofile\Application Data\gadcom
2008-11-06 04:55 . 2008-11-06 04:55 <DIR> d-------- C:\report
2008-11-06 04:54 . 2008-11-06 04:54 <DIR> d-------- c:\documents and settings\NetworkService\NetworkService
2008-11-06 02:45 . 2008-11-06 02:45 <DIR> d-------- c:\documents and settings\Documents and Settings
2008-11-05 18:11 . 2008-11-05 18:11 <DIR> d-------- C:\Application Data
2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- c:\program files\ParetoLogic
2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- c:\documents and settings\Dan Horne\Application Data\ParetoLogic
2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2008-10-28 19:50 . 2008-10-28 19:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-10-28 18:43 . 2008-11-29 16:36 <DIR> d-------- c:\program files\RegCure
2008-10-26 14:47 . 2008-11-09 19:54 <DIR> d-------- c:\windows\SYSTEM32\Adobe
2008-10-25 17:18 . 2008-11-28 08:48 31,232 --a------ c:\windows\SYSTEM32\35Ad6o84.dl_
2008-10-14 17:46 . 2008-10-14 17:46 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\AdobeUM
2008-10-12 13:01 . 2008-10-12 13:01 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\GOODSEARCH
2008-10-12 04:29 . 2008-10-24 17:21 69,632 --a------ c:\windows\SYSTEM32\ac1BuMxo.dl_
2008-10-11 21:58 . 2008-11-29 14:04 41,474 --a------ c:\windows\SYSTEM32\68Xb0m27.exe_
2008-10-11 21:58 . 2008-11-30 13:29 41,474 --a------ c:\windows\SYSTEM32\68Xb0m27.exe
2008-10-11 21:44 . 2008-10-11 21:44 30,272 --a------ c:\windows\SYSTEM32\MGw8K8S4.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 22:18 --------- d-----w c:\program files\Common
2008-11-30 21:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-28 23:38 --------- d-----w c:\program files\PokerStars
2008-11-28 23:37 --------- d-----w c:\program files\PokerStars.NET
2008-11-28 19:21 --------- d-----w c:\program files\AIMTunes
2008-11-24 14:27 --------- d-----w c:\program files\Trend Micro
2008-11-01 03:20 --------- d-----w c:\documents and settings\Dan Horne\Application Data\Aim
2008-10-29 01:13 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-06-09 11:21 0 --sha-w c:\documents and settings\Dan Horne\Application Data\004812993e54f5527c9d2667daedaa6df20add48732690df6a.dat
2008-04-26 02:53 485,888 ----a-w c:\documents and settings\Dan Horne\installer.exe
2004-06-23 17:55 20,480 -c--a-w c:\program files\ProcManager.exe
.

------- Sigcheck -------

2004-03-19 17:43 12800 0f7d9c87b0ce1fa520473119752c6f79 c:\windows\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\SYSTEM32\svchost.exe

2004-03-19 17:45 75264 8529c295df59b564d37a73b5629162b1 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\SYSTEM32\ws2_32.dll

2004-03-19 17:44 516608 2246d8d8f4714a2cedb21ab9b1849abb c:\windows\$NtServicePackUninstall$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\SYSTEM32\winlogon.exe

2003-10-04 02:54 168192 d999ce17681d7d074d534fc5bc662e0a c:\windows\$NtServicePackUninstall$\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SYSTEM32\DLLCACHE\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SYSTEM32\DRIVERS\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

2004-03-19 17:42 101376 e3df4a0252d287c44606ee55355e1623 c:\windows\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\SYSTEM32\services.exe

2004-03-19 17:38 11776 b2b6ba905d0e3f8a32a0eb3b4051807b c:\windows\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\SYSTEM32\lsass.exe

2004-03-19 17:34 13312 414de7cf9d3f19c3ea902f1bb38ec116 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\SYSTEM32\ctfmon.exe

2004-03-19 17:44 22016 e931e0a2b8bf0019db902e98d03662cb c:\windows\$NtServicePackUninstall$\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\SYSTEM32\userinit.exe

2004-03-19 17:43 200192 fe84e045a09a4abc4deef7270448b64e c:\windows\$NtServicePackUninstall$\termsrv.dll
2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\SYSTEM32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRISMSVR.EXE"="c:\windows\System32\PRISMSVR.EXE" [2003-11-20 282713]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 70800]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-14 257088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 218496]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
SysTray.lnk - c:\windows\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe [2005-06-19 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-04-19 14:45 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.SysTray.exe"=
"c:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2004-10-09 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-08-04 02:56]

2008-11-29 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 17:22]

2008-11-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2004-08-04 02:56]

2008-11-30 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2007-09-18 23:55]

2008-11-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-30 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]
.
- - - - ORPHANS REMOVED - - - -

BHO-{57d5aac8-d6e0-41c8-9cac-82a04e286708} - c:\windows\system32\azhieh.dll
BHO-{7d6264de-3985-4a53-80aa-58ac2b3866a6} - c:\windows\system32\zelewehe.dll
BHO-{9B6E4B5C-0149-4D0D-AD1B-F2E2C793F081} - c:\windows\system32\vtUmJYon.dll
Notify-__c00B26E1 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Mary Horne\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 17:51:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-11-30 18:00:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-30 23:00:14

Pre-Run: 94,387,609,600 bytes free
Post-Run: 97,594,286,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

612 --- E O F --- 2008-10-24 07:02:18

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 30 November 2008 - 06:21 PM

We need to remove that older version of combofix so we can get the current updated version.

Follow this process to uninstall Combofix.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

If you still have problems removing it, Combofix can just be deleted like any regular file.


Once the old version is gone, download the current version and run it once again.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 bballfan

bballfan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 30 November 2008 - 07:11 PM

Updated log!
ComboFix 08-11-30.01 - Mary Horne 2008-11-30 18:57:56.2 - NTFSx86
Running from: c:\documents and settings\Mary Horne\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-30 16:28 . 2008-11-30 16:28 <DIR> d-------- C:\_OTMoveIt
2008-11-30 15:08 . 2008-11-30 15:09 <DIR> d-------- C:\rsit
2008-11-30 14:01 . 2008-11-30 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-23 21:10 . 2008-11-23 21:10 <DIR> d-------- c:\program files\Webtools
2008-11-23 18:05 . 2008-11-23 18:05 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Talkback
2008-11-06 04:55 . 2008-11-06 04:55 <DIR> d-------- C:\report
2008-11-06 04:54 . 2008-11-06 04:54 <DIR> d-------- c:\documents and settings\NetworkService\NetworkService
2008-11-06 02:45 . 2008-11-06 02:45 <DIR> d-------- c:\documents and settings\Documents and Settings
2008-11-05 18:11 . 2008-11-05 18:11 <DIR> d-------- C:\Application Data

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 22:18 --------- d-----w c:\program files\Common
2008-11-30 21:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-29 21:36 --------- d-----w c:\program files\RegCure
2008-11-28 23:38 --------- d-----w c:\program files\PokerStars
2008-11-28 23:37 --------- d-----w c:\program files\PokerStars.NET
2008-11-28 19:21 --------- d-----w c:\program files\AIMTunes
2008-11-24 14:27 --------- d-----w c:\program files\Trend Micro
2008-11-01 03:20 --------- d-----w c:\documents and settings\Dan Horne\Application Data\Aim
2008-10-29 01:13 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-29 00:51 --------- d-----w c:\program files\ParetoLogic
2008-10-29 00:51 --------- d-----w c:\program files\Common Files\ParetoLogic
2008-10-29 00:51 --------- d-----w c:\documents and settings\Dan Horne\Application Data\ParetoLogic
2008-10-29 00:51 --------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2008-10-29 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-10-14 22:46 --------- d-----w c:\documents and settings\NetworkService\Application Data\AdobeUM
2008-10-12 18:01 --------- d-----w c:\documents and settings\NetworkService\Application Data\GOODSEARCH
2008-06-09 11:21 0 --sha-w c:\documents and settings\Dan Horne\Application Data\004812993e54f5527c9d2667daedaa6df20add48732690df6a.dat
2008-04-26 02:53 485,888 ----a-w c:\documents and settings\Dan Horne\installer.exe
2004-06-23 17:55 20,480 -c--a-w c:\program files\ProcManager.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRISMSVR.EXE"="c:\windows\System32\PRISMSVR.EXE" [2003-11-20 282713]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 70800]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-14 257088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 218496]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
SysTray.lnk - c:\windows\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe [2005-06-19 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-04-19 14:45 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.SysTray.exe"=
"c:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2004-10-09 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-08-04 02:56]

2008-11-29 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 17:22]

2008-11-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2004-08-04 02:56]

2008-11-30 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2007-09-18 23:55]

2008-12-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 16:21]

2008-11-30 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Mary Horne\Application Data\Mozilla\Firefox\Profiles\7rjcqr66.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 19:03:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-11-30 19:09:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 00:09:25
ComboFix2.txt 2008-11-30 23:00:19

Pre-Run: 100,592,263,168 bytes free
Post-Run: 100,539,834,368 bytes free

152 --- E O F --- 2008-10-24 07:02:18

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 30 November 2008 - 07:16 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Tell me about any issues that you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 bballfan

bballfan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 30 November 2008 - 11:12 PM

I'm not seeing any other issues right now. Below is the log. I'll reboot and see if I still have registry issues.
I can't thank you enough. Already things are so much better!

Malwarebytes' Anti-Malware 1.30
Database version: 1439
Windows 5.1.2600 Service Pack 2

11/30/2008 11:08:46 PM
mbam-log-2008-11-30 (23-08-46).txt

Scan type: Quick Scan
Objects scanned: 69372
Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 125
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\jibugana.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pedanawe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yiyasafo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\Components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\Save\Save.exe.acm.dll.mdmp (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\LiveAntispy.exe (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\LiveAntispy.lic (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\Uninstall.exe (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 01 December 2008 - 09:18 AM

Looking better! :thumbsup:

You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

=================


Please run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.



And finally please post a new log from RSIT and we'll clean up any leftovers.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 bballfan

bballfan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 07 December 2008 - 12:15 PM

Thank you and sorry for the delay in getting back to you.
I did what you requested, but when I ran the scanner and tried to update the software versions, I couldn't get them to work. I also tried to remove the current version and that worked for some, but not all.

Items still remaining:
AOL 6.1.32.1
iTunes 8.0
Firefox 2.0.0.18
Adobe 9.0.151.0

RSIT Log files

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mary at 2008-12-07 12:11:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 92 GB (62%) free of 149 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:38 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PRISMSVR.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mary Horne\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mary Horne.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: goodsearch - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: goodsearch - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} (Wyncs Control) - http://www.highschoolsports.net/Wyncs.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DAEB8818-608B-40D2-8AD6-193753623CEB} - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\Software\..\Telephony: DomainName = home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = home
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12423 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-95BA-ED6DB186BE32}]
goodsearch - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL [2006-07-24 1797120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-16 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - goodsearch - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL [2006-07-24 1797120]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll [2007-03-20 562872]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-12 2403392]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRISMSVR.EXE"=C:\WINDOWS\System32\PRISMSVR.EXE [2003-11-20 282713]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe [2003-12-11 70800]
"EPSON Stylus CX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [2005-02-01 98304]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-25 335872]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-03-14 257088]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-22 68856]
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2004-04-19 131072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe"="C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe:*:Disabled: "
"C:\Program Files\Kinko's\FPFK\FPKMain.exe"="C:\Program Files\Kinko's\FPFK\FPKMain.exe:*:Disabled: "
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Disabled:AppleMobileDeviceService"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

======List of files/folders created in the last 1 months======

2008-12-07 11:59:16 ----SHD---- C:\Config.Msi
2008-12-07 11:56:00 ----D---- C:\Program Files\AIM Toolbar
2008-12-07 11:44:55 ----D---- C:\Program Files\Apple Software Update
2008-12-07 11:41:34 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-07 11:41:28 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2008-12-07 11:41:23 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-07 11:40:38 ----D---- C:\Program Files\AIM6
2008-12-07 11:27:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-07 11:27:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-07 11:27:54 ----A---- C:\WINDOWS\system32\java.exe
2008-12-07 10:55:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-01 07:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-01 07:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-30 22:35:26 ----D---- C:\Documents and Settings\Mary Horne\Application Data\Malwarebytes
2008-11-30 22:35:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 22:35:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-30 19:28:55 ----SHD---- C:\RECYCLER
2008-11-30 19:09:30 ----A---- C:\ComboFix.txt
2008-11-30 18:57:24 ----A---- C:\WINDOWS\zip.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\VFIND.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\SWSC.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\SWREG.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\sed.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\grep.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\fdsv.exe
2008-11-30 18:57:11 ----D---- C:\Qoobox
2008-11-30 17:09:44 ----A---- C:\Boot.bak
2008-11-30 17:09:32 ----RASHD---- C:\cmdcons
2008-11-30 16:58:54 ----D---- C:\WINDOWS\ERDNT
2008-11-30 16:28:36 ----D---- C:\_OTMoveIt
2008-11-30 15:08:15 ----D---- C:\rsit
2008-11-30 14:01:13 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-23 09:48:26 ----A---- C:\WINDOWS\system32\ef91f35f-.txt

======List of files/folders modified in the last 1 months======

2008-12-07 11:59:26 ----SHD---- C:\WINDOWS\Installer
2008-12-07 11:58:44 ----D---- C:\WINDOWS
2008-12-07 11:57:41 ----AC---- C:\WINDOWS\hegames.ini
2008-12-07 11:56:00 ----D---- C:\Program Files
2008-12-07 11:46:26 ----D---- C:\Program Files\QuickTime
2008-12-07 11:45:25 ----D---- C:\WINDOWS\SYSTEM32
2008-12-07 11:44:41 ----SD---- C:\WINDOWS\Tasks
2008-12-07 11:43:12 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 11:41:34 ----D---- C:\Program Files\Common Files
2008-12-07 11:41:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-07 11:41:12 ----D---- C:\WINDOWS\Prefetch
2008-12-07 11:40:46 ----D---- C:\Program Files\Common Files\AOL
2008-12-07 11:39:59 ----D---- C:\WINDOWS\Temp
2008-12-07 11:39:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-07 11:39:27 ----D---- C:\Program Files\AOL
2008-12-07 11:38:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 11:38:06 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-07 11:27:35 ----D---- C:\Program Files\Java
2008-12-07 10:53:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 13:19:14 ----RD---- C:\My Downloads
2008-12-06 11:09:04 ----D---- C:\Program Files\PokerStars
2008-12-03 16:50:21 ----D---- C:\Documents and Settings\Mary Horne\Application Data\Adobe
2008-12-01 16:36:23 ----D---- C:\Program Files\AIMTunes
2008-12-01 07:14:56 ----HD---- C:\WINDOWS\INF
2008-12-01 07:14:54 ----D---- C:\WINDOWS\system32\DLLCACHE
2008-12-01 07:14:53 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-01 07:14:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-01 07:14:47 ----A---- C:\WINDOWS\imsins.BAK
2008-11-30 19:04:27 ----A---- C:\WINDOWS\system.ini
2008-11-30 19:01:37 ----D---- C:\WINDOWS\system32\CONFIG
2008-11-30 18:59:57 ----D---- C:\WINDOWS\AppPatch
2008-11-30 18:57:08 ----SHD---- C:\System Volume Information
2008-11-30 18:57:08 ----D---- C:\WINDOWS\system32\Restore
2008-11-30 17:18:39 ----D---- C:\Program Files\Common
2008-11-30 17:09:45 ----RASH---- C:\BOOT.INI
2008-11-30 13:29:30 ----A---- C:\WINDOWS\system32\68Xb0m27.exe
2008-11-29 16:36:33 ----D---- C:\Program Files\RegCure
2008-11-29 14:04:51 ----A---- C:\WINDOWS\system32\68Xb0m27.exe_
2008-11-28 18:37:21 ----D---- C:\Program Files\PokerStars.NET
2008-11-24 09:27:36 ----D---- C:\Program Files\Trend Micro
2008-11-09 19:54:17 ----D---- C:\WINDOWS\system32\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-11-20 15781]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2004-03-19 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2004-03-19 55936]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-25 729600]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2007-03-26 28352]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050105.009\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050105.009\NavEx15.Sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\PRISMA02.sys [2003-11-11 336800]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-03-19 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-25 397312]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-22 255600]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-22 235120]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2004-04-23 158848]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-03-14 500800]
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2004-12-22 218736]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-22 87664]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2003-12-04 193816]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]

-----------------EOF-----------------

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 07 December 2008 - 03:43 PM

Those programs will need to be downloaded to your computer and then you can install them. Don't try to do automatically through the Securia site.

I do a few other programs that you should uninstall.
Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:

BearShare MediaBar
goodsearch
J2SE Runtime Environment 5.0 Update 6
My Global Search Bar
My Web Search (Zwinky)
ShopperReports
TargetSaver
Viewpoint Manager
Viewpoint Media Player



Don't be concerned if you get errors while trying to uninstall some of these. They may have been removed already by our earlier steps.



Run Hijackthis, located here: C:\Program Files\Trend Micro\HijackThis\Mary Horne.exe

Click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: goodsearch - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: goodsearch - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll



Again, don't be concerned if some of these aren't present in your log, but check the ones that are.
Reboot your computer and post a new log from RSIT.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 bballfan

bballfan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 09 December 2008 - 11:31 PM

I have not tried to add the programs yet. I removed the programs that were on the list and ran hijack this like you asked, as well as the fix it command.

I'm getting advertisement pop-ups even though the pop up blocker is on. I was getting the registry errors again for Jaws pdf creator, but I didn't this last time when I restarted the computer.

Is bearshare a program that I shouldn't have on my computer? My kids use it, but I don't know anything about it.
Thanks.

Here is my new log.
Logfile of random's system information tool 1.04 (written by random/random)
Run by Mary Horne at 2008-12-09 23:23:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 92 GB (61%) free of 149 GB
Total RAM: 1022 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:15 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\PRISMSVR.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Mary Horne\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mary Horne.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} (Wyncs Control) - http://www.highschoolsports.net/Wyncs.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DAEB8818-608B-40D2-8AD6-193753623CEB} - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\Software\..\Telephony: DomainName = home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = home
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 11375 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-16 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-12 2403392]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRISMSVR.EXE"=C:\WINDOWS\System32\PRISMSVR.EXE [2003-11-20 282713]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe [2003-12-11 70800]
"EPSON Stylus CX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [2005-02-01 98304]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-25 335872]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-03-14 257088]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-22 68856]
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2004-04-19 131072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe"="C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe:*:Disabled: "
"C:\Program Files\Kinko's\FPFK\FPKMain.exe"="C:\Program Files\Kinko's\FPFK\FPKMain.exe:*:Disabled: "
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Disabled:AppleMobileDeviceService"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

======List of files/folders created in the last 1 months======

2008-12-07 11:59:16 ----SHD---- C:\Config.Msi
2008-12-07 11:56:00 ----D---- C:\Program Files\AIM Toolbar
2008-12-07 11:44:55 ----D---- C:\Program Files\Apple Software Update
2008-12-07 11:41:34 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-07 11:41:28 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2008-12-07 11:41:23 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-07 11:40:38 ----D---- C:\Program Files\AIM6
2008-12-07 11:27:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-07 11:27:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-07 11:27:54 ----A---- C:\WINDOWS\system32\java.exe
2008-12-07 10:55:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-01 07:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-01 07:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-30 22:35:26 ----D---- C:\Documents and Settings\Mary Horne\Application Data\Malwarebytes
2008-11-30 22:35:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 22:35:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-30 19:28:55 ----SHD---- C:\RECYCLER
2008-11-30 19:09:30 ----A---- C:\ComboFix.txt
2008-11-30 18:57:24 ----A---- C:\WINDOWS\zip.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\VFIND.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\SWSC.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\SWREG.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\sed.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\grep.exe
2008-11-30 18:57:24 ----A---- C:\WINDOWS\fdsv.exe
2008-11-30 18:57:11 ----D---- C:\Qoobox
2008-11-30 17:09:44 ----A---- C:\Boot.bak
2008-11-30 17:09:32 ----RASHD---- C:\cmdcons
2008-11-30 16:58:54 ----D---- C:\WINDOWS\ERDNT
2008-11-30 16:28:36 ----D---- C:\_OTMoveIt
2008-11-30 15:08:15 ----D---- C:\rsit
2008-11-30 14:01:13 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-23 09:48:26 ----A---- C:\WINDOWS\system32\ef91f35f-.txt

======List of files/folders modified in the last 1 months======

2008-12-09 23:22:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-09 23:22:32 ----D---- C:\WINDOWS
2008-12-09 23:22:30 ----D---- C:\Program Files
2008-12-09 23:21:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 23:18:11 ----D---- C:\WINDOWS\Prefetch
2008-12-09 23:15:33 ----D---- C:\Program Files\Viewpoint
2008-12-09 14:44:39 ----D---- C:\WINDOWS\Temp
2008-12-08 22:39:44 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 20:09:36 ----D---- C:\Program Files\PokerStars
2008-12-08 15:26:01 ----D---- C:\Program Files\AIMTunes
2008-12-07 11:59:26 ----SHD---- C:\WINDOWS\Installer
2008-12-07 11:57:41 ----AC---- C:\WINDOWS\hegames.ini
2008-12-07 11:46:26 ----D---- C:\Program Files\QuickTime
2008-12-07 11:45:34 ----D---- C:\Program Files\Common Files\Apple
2008-12-07 11:45:25 ----D---- C:\WINDOWS\SYSTEM32
2008-12-07 11:44:41 ----SD---- C:\WINDOWS\Tasks
2008-12-07 11:41:34 ----D---- C:\Program Files\Common Files
2008-12-07 11:41:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-07 11:40:46 ----D---- C:\Program Files\Common Files\AOL
2008-12-07 11:39:27 ----D---- C:\Program Files\AOL
2008-12-07 11:38:06 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-07 11:27:35 ----D---- C:\Program Files\Java
2008-12-07 10:53:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 13:19:14 ----RD---- C:\My Downloads
2008-12-03 16:50:21 ----D---- C:\Documents and Settings\Mary Horne\Application Data\Adobe
2008-12-01 07:14:56 ----HD---- C:\WINDOWS\INF
2008-12-01 07:14:54 ----D---- C:\WINDOWS\system32\DLLCACHE
2008-12-01 07:14:53 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-01 07:14:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-01 07:14:47 ----A---- C:\WINDOWS\imsins.BAK
2008-11-30 19:04:27 ----A---- C:\WINDOWS\system.ini
2008-11-30 19:01:37 ----D---- C:\WINDOWS\system32\CONFIG
2008-11-30 18:59:57 ----D---- C:\WINDOWS\AppPatch
2008-11-30 18:57:08 ----SHD---- C:\System Volume Information
2008-11-30 18:57:08 ----D---- C:\WINDOWS\system32\Restore
2008-11-30 17:18:39 ----D---- C:\Program Files\Common
2008-11-30 17:09:45 ----RASH---- C:\BOOT.INI
2008-11-30 13:29:30 ----A---- C:\WINDOWS\system32\68Xb0m27.exe
2008-11-29 16:36:33 ----D---- C:\Program Files\RegCure
2008-11-29 14:04:51 ----A---- C:\WINDOWS\system32\68Xb0m27.exe_
2008-11-28 18:37:21 ----D---- C:\Program Files\PokerStars.NET
2008-11-24 09:27:36 ----D---- C:\Program Files\Trend Micro

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-11-20 15781]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2004-03-19 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2004-03-19 55936]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-25 729600]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2007-03-26 28352]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050105.009\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050105.009\NavEx15.Sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\PRISMA02.sys [2003-11-11 336800]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-03-19 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-25 397312]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-22 255600]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-22 235120]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2004-04-23 158848]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-03-14 500800]
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2004-12-22 218736]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-22 87664]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2003-12-04 193816]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]

-----------------EOF-----------------

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 10 December 2008 - 10:32 AM

Bearshare is a file sharing program and is often associated with malware. It is recommended that you uninstall it.
Here's some more info.

http://www.emsisoft.com/en/malware/?Adware.Win32.BearShare



I need you to update Malwarebytes and then run a new scan
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform quick scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Also run Combofix again and post the log from it in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 27 December 2008 - 11:51 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users