Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple infections


  • This topic is locked This topic is locked
85 replies to this topic

#1 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:39 AM

Posted 01 February 2009 - 02:18 AM

I had originally posted this problem in the Am I Infected forum, I ran scans with both SUPERAntiSpyware and Malwarebytes but could not delete any of the infections that were in the logs. For more information please read my topic in the Am I Infected forum.



DDS (Ver_09-01-19.01) - NTFSx86
Run by Tami at 23:00:33.31 on Sat 01/31/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.261 [GMT -8:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.prospector.metrolist.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mURLSearchHooks: {33a44762-fecf-1651-1758-359f5e8adcca} - c:\windows\wintv32.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {33a44762-fecf-1651-1758-359f5e8adcca} - c:\windows\wintv32.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: []
mRun: [Corel Photo Downloader] "c:\program files\corel\corel photo album 6\MediaDetect.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRunServices: [Microsoft Restore] scrgrd.exe
dRun: [Microsoft Update] wuamgrd.exe
dRun: [Microsoft Restore] scrgrd.exe
dRun: [Windows Media Player] vtndgq.exe
dRunServices: [Windows Media Player] vtndgq.exe
mPolicies-explorer: =
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: clickspring.net
Trusted Zone: frame.crazywinnings.com
Trusted Zone: metrolist.net
Trusted Zone: my-internet.info
Trusted Zone: rapmls.com
Trusted Zone: scoobidoo.com
Trusted Zone: static.topconverting.com
Trusted Zone: clickspring.net
Trusted Zone: frame.crazywinnings.com
Trusted Zone: my-internet.info
Trusted Zone: scoobidoo.com
Trusted Zone: static.topconverting.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093651638484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170893122437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tami\applic~1\mozilla\firefox\profiles\chxwv5eg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-10-2 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-18 596336]
R4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-18 596336]
R4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-10-2 3667304]
R4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2008-11-11 1066360]
S3 AX88172;NETGEAR FA120 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\FA120.sys [2004-1-30 14048]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2007-6-19 32000]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-01-31 01:37 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-30 22:17 --d----- c:\windows\system32\scripting
2009-01-30 22:17 --d----- c:\windows\l2schemas
2009-01-30 22:17 --d----- c:\windows\system32\en
2009-01-30 22:00 --d----- c:\windows\network diagnostic
2009-01-30 09:59 --d----- c:\program files\Crawler
2009-01-30 09:58 --d----- c:\program files\SIW
2009-01-30 09:55 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-30 09:55 --d----- c:\program files\SUPERAntiSpyware
2009-01-30 09:55 --d----- c:\docume~1\tami\applic~1\SUPERAntiSpyware.com
2009-01-30 09:54 --d----- c:\program files\common files\Wise Installation Wizard
2009-01-30 09:53 --d----- c:\docume~1\tami\applic~1\Malwarebytes
2009-01-30 09:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-30 09:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-30 09:53 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-30 09:53 --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-01-30 22:26 79,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-13 16:14 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 09:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-04 16:44 935,776 a------- c:\windows\system32\Incinerator.dll
2008-11-18 11:51 8,192 a------- c:\windows\system32\smrgdf.exe
2008-11-11 17:32 164 a------- C:\install.dat
2008-09-11 13:51 60,968 a------- c:\documents and settings\tami\GoToAssistDownloadHelper.exe
2005-06-13 19:54 138 a------- c:\docume~1\tami\applic~1\tvmdmns.dll
2005-06-13 13:23 30 a------- c:\docume~1\tami\applic~1\tvmcwrd.dll
2003-03-21 16:04 207,759 a------- c:\program files\INSTALL.LOG
2005-02-09 21:37 3,567 a--sh--- c:\windows\idwjf.dat
2005-02-06 14:04 0 a--sh--- c:\windows\jrnan.dll
2005-01-29 09:05 3,567 a--sh--- c:\windows\rcuds.dat
2005-02-24 08:13 3,567 a--sh--- c:\windows\wjvqb.dat
2007-04-04 17:12 88 ---shr-- c:\windows\system32\B24A550B5E.sys
2005-02-15 21:04 7,471 a--sh--- c:\windows\system32\cvove.dat
2005-02-25 11:31 0 a--sh--- c:\windows\system32\fzcbb.dll
2005-01-29 13:51 7,471 a--sh--- c:\windows\system32\jlgoz.dat
2005-02-22 00:38 3,567 a--sh--- c:\windows\system32\jwbuf.dat
2005-02-25 15:21 0 a--sh--- c:\windows\system32\kyjxf.dll
2005-01-31 04:03 3,567 a--sh--- c:\windows\system32\pluhu.dat

============= FINISH: 23:01:30.42 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/27/2003 10:45:22 PM
System Uptime: 1/31/2009 10:24:33 PM (1 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel® Pentium® 4 CPU 2.53GHz | Microprocessor | 2524/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 34.806 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0001
Manufacturer: Microsoft
Name: Packet Scheduler Miniport #2
PNP Device ID: ROOT\MS_PSCHEDMP\0001
Service: PSched

==== System Restore Points ===================

RP47: 11/3/2008 11:51:10 AM - System Checkpoint
RP48: 11/4/2008 2:36:11 PM - System Checkpoint
RP49: 11/5/2008 2:51:06 PM - System Checkpoint
RP50: 11/6/2008 3:16:31 PM - System Checkpoint
RP51: 11/7/2008 3:50:37 PM - System Checkpoint
RP52: 11/8/2008 5:14:36 PM - System Checkpoint
RP53: 11/9/2008 5:50:36 PM - System Checkpoint
RP54: 11/10/2008 6:02:38 PM - System Checkpoint
RP55: 11/11/2008 5:02:12 PM - Removed AVG 7.5
RP56: 11/12/2008 10:03:21 AM - Software Distribution Service 3.0
RP57: 11/14/2008 2:57:16 PM - System Checkpoint
RP58: 11/15/2008 3:34:12 PM - System Checkpoint
RP59: 11/16/2008 4:34:11 PM - System Checkpoint
RP60: 11/17/2008 5:34:12 PM - System Checkpoint
RP61: 11/18/2008 6:34:11 PM - System Checkpoint
RP62: 11/21/2008 6:42:36 PM - System Checkpoint
RP63: 11/22/2008 6:49:47 PM - System Checkpoint
RP64: 11/23/2008 7:49:48 PM - System Checkpoint
RP65: 11/24/2008 9:16:23 PM - System Checkpoint
RP66: 11/25/2008 10:25:49 PM - System Checkpoint
RP67: 11/26/2008 11:15:24 PM - System Checkpoint
RP68: 11/28/2008 12:15:25 AM - System Checkpoint
RP69: 11/29/2008 1:02:52 AM - System Checkpoint
RP70: 11/30/2008 1:47:27 AM - System Checkpoint
RP71: 12/1/2008 2:11:57 AM - System Checkpoint
RP72: 12/2/2008 2:59:27 AM - System Checkpoint
RP73: 12/3/2008 3:59:28 AM - System Checkpoint
RP74: 12/3/2008 6:01:16 PM - Software Distribution Service 3.0
RP75: 12/4/2008 6:29:34 PM - System Checkpoint
RP76: 12/5/2008 7:04:47 PM - System Checkpoint
RP77: 12/6/2008 7:31:40 PM - System Checkpoint
RP78: 12/7/2008 8:19:42 PM - System Checkpoint
RP79: 12/8/2008 9:19:42 PM - System Checkpoint
RP80: 12/9/2008 10:32:15 PM - System Checkpoint
RP81: 12/11/2008 9:56:37 AM - System Checkpoint
RP82: 12/12/2008 3:02:00 AM - Software Distribution Service 3.0
RP83: 12/13/2008 3:31:44 AM - System Checkpoint
RP84: 12/14/2008 4:31:43 AM - System Checkpoint
RP85: 12/15/2008 5:31:43 AM - System Checkpoint
RP86: 12/16/2008 6:31:43 AM - System Checkpoint
RP87: 12/17/2008 7:31:51 AM - System Checkpoint
RP88: 12/18/2008 3:00:33 AM - Software Distribution Service 3.0
RP89: 12/19/2008 3:51:40 AM - System Checkpoint
RP90: 12/20/2008 5:04:11 AM - System Checkpoint
RP91: 12/31/2008 2:16:35 PM - System Checkpoint
RP92: 1/1/2009 2:27:13 PM - System Checkpoint
RP93: 1/2/2009 3:27:14 PM - System Checkpoint
RP94: 1/3/2009 3:39:43 PM - System Checkpoint
RP95: 1/4/2009 4:27:13 PM - System Checkpoint
RP96: 1/5/2009 4:40:39 PM - System Checkpoint
RP97: 1/6/2009 5:52:27 PM - System Checkpoint
RP98: 1/7/2009 6:25:58 PM - System Checkpoint
RP99: 1/8/2009 7:24:49 PM - System Checkpoint
RP100: 1/9/2009 8:37:44 PM - System Checkpoint
RP101: 1/10/2009 9:24:45 PM - System Checkpoint
RP102: 1/11/2009 9:43:10 PM - System Checkpoint
RP103: 1/12/2009 10:15:19 PM - System Checkpoint
RP104: 1/13/2009 10:23:20 PM - System Checkpoint
RP105: 1/14/2009 3:00:49 AM - Software Distribution Service 3.0
RP106: 1/15/2009 3:21:37 AM - System Checkpoint
RP107: 1/16/2009 3:33:53 AM - System Checkpoint
RP108: 1/17/2009 3:46:27 AM - System Checkpoint
RP109: 1/18/2009 4:08:14 AM - System Checkpoint
RP110: 1/19/2009 5:08:13 AM - System Checkpoint
RP111: 1/20/2009 6:21:13 AM - System Checkpoint
RP112: 1/21/2009 6:33:44 AM - System Checkpoint
RP113: 1/22/2009 7:21:44 AM - System Checkpoint
RP114: 1/23/2009 8:07:45 AM - System Checkpoint
RP115: 1/25/2009 9:41:35 AM - System Checkpoint
RP116: 1/26/2009 9:42:44 AM - System Checkpoint
RP117: 1/27/2009 2:10:50 PM - System Checkpoint
RP118: 1/27/2009 2:28:44 PM - Software Distribution Service 3.0
RP119: 1/28/2009 2:34:46 PM - System Checkpoint
RP120: 1/29/2009 4:10:16 PM - System Checkpoint
RP121: 1/30/2009 9:55:12 AM - Installed SUPERAntiSpyware Free Edition
RP122: 1/30/2009 9:27:37 PM - Software Distribution Service 3.0
RP123: 1/31/2009 9:40:05 PM - System Checkpoint

==== Installed Programs ======================

Access Drivers
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.3
Amazon MP3 Downloader 1.0.3
Ask Toolbar
ATI Display Driver
Bonus Pack for Marketing Library
Classic PhoneTools
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Corel Photo Album 6
Corel Photo Album Additional Content
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Digital Line Detect
DVDFab Decrypter 2.9.7.0
EarthLink Free Trial
EarthLink MDAC
Easy CD Creator 5 Basic
eNeighborhoods Personal Edition
Google Photos Screensaver
Google Updater
Hallmark Card Studio
Help and Support Customization
Hotfix for Windows XP (KB952287)
HP Color LaserJet 3600
ImageMixer
Indeo® software
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
Investment Analysis for Marketing Library
iolo technologies' System Mechanic
J2SE Runtime Environment 5.0 Update 5
Java™ 6 Update 3
LimeWire 4.16.7
Macromedia Flash Player
Malwarebytes' Anti-Malware
Marketing Library 3.0
Marketing Library Calendars Add-in
Marketing Library Pocket Flyers Add-in
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft IEAK 6
Microsoft Office 2000 Disc 2
Microsoft Office Standard Edition 2003
Microsoft XML Parser
MicroStaff WINASPI
Midnight Theme Set for Marketing Library
Modem Helper
Mozilla Firefox (3.0.1)
MSSoap
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Paint Shop Pro 7
Picasa 2
PowerDVD
Qualxserve Service Agreement
QuickBooks Pro
QuickBooks Pro 2005
QuickTime
RawShooter essentials 2005
RealPlayer
Respond
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SierraHome Print Artist 12.0
SIW version 2008-10-28
Sound Blaster Live!
Spy Sweeper Core
SUPERAntiSpyware Free Edition
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Viewpoint Media Player (Remove Only)
WebFldrs XP
Webroot AntiVirus with AntiSpyware
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows XP Service Pack 3
WINForms® Desktop
WinMX
WinMX Fix
WordPerfect Office 2002
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/25/2009 8:38:58 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
1/31/2009 12:34:35 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
1/31/2009 1:25:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/31/2009 1:25:54 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 1:25:54 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 1:25:54 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 1:25:54 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 1:25:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
1/31/2009 10:47:29 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

==== End Of File ===========================

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:39 AM

Posted 01 February 2009 - 06:13 AM

Hello there,

I didn't see that you were having any trouble with downloads, so I'd like a couple to start out with, please. :step4:

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Then please restart your computer, and post a new HijackThis log.

And yes, please get HijackThis. http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Does this person use Earthlink, or AOL?

Uninstall the following, please:

Ask Toolbar
J2SE Runtime Environment 5.0 Update 5 <<<< and all others except the newest version you see in there. We'll update Java totally a bit later.
Viewpoint Media Player


If this user doesn't use Earthlink, then uninstall the two programs pertaining to it as well. I saw entries for MyWebSearch, but nothing in the uninstall list, so it may be that just the folder remains. The same for Crawler.

Reboot when you're done with these to reset the registry, then run ATF Cleaner.

I see you've used MBAM and SAS.......plus there is the suite from Webroot. This is too much antispyware to be running realtime, so be sure only to have one of them running realtime shields and disable the others.

I'd like a run with ComboFix, please. There are lots of files that need to go. I'm going to assume you've run it before. :)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

So, in your reply I'll be looking for the ComboFix report, a new HijackThis log, and a report on how it's running now. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:39 AM

Posted 01 February 2009 - 06:37 AM

Hi teacup61,

This computer is not going to be online so I will have to transfer data between the two, so I may be a little slower than I normally would be.

This computer has Java ™ 6 update 3, should I uninstall this as well?

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:39 AM

Posted 01 February 2009 - 06:46 AM

No problem. :thumbup2: Right now I'm more interested in getting stuff out of it than on it. That's why I said leave the latest version of Java you see in there. We'll update to 11 after the ComboFix run. I don't want to chance any problems with the download right now. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:39 AM

Posted 01 February 2009 - 06:58 AM

Ok, I'm having a little issue with the DelDomains, when I right click on the link the only save as option that I have is to save the link as. I'm using Firefox, is this a problem.

I'm also on limited space on my flash drive until later this morning, so I'm having to transfer data in small amounts.

Here's the HJT Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:29 AM, on 2/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchitquick.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prospector.metrolist.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\system32\blank.htm
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {33A44762-FECF-1651-1758-359F5E8ADCCA} - C:\WINDOWS\wintv32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wuamgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Restore] scrgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Media Player] vtndgq.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Windows Media Player] vtndgq.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] wuamgrd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Media Player] vtndgq.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://*.metrolist.net
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: http://*.rapmls.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093651638484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170893122437
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 7546 bytes

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:39 AM

Posted 01 February 2009 - 07:33 AM

Sorry....yes, I use Firefox too. Use the save link as option. :thumbup2: After you get that, then run HijackThis again. DelDomains *should* take care of all those 015s. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:39 AM

Posted 01 February 2009 - 08:12 AM

There seems to be a problem with the DelDomain, when I right click on it the option to install it is not there. If I click on the icon on the desktop a file opens, but once again there is no option to install it.

I'm having to download software to put the combo fix on a DVD so that I can install it on the other computer and this is taking time. The CD media that I had thought I had is DVD, such is life.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:39 AM

Posted 01 February 2009 - 08:23 AM

Try it directly from here: http://www.mvps.org/winhelp2002/restricted.htm

It's right underneath " To remove all the sites listed in the Restricted Zone"
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:39 AM

Posted 01 February 2009 - 08:52 AM

Teacup, I had the same results using the direct link, there is no option to install it. grrrrrrrr

I have in on my desktop and when I right click on it I get the usual choices, open, cut, copy, send to, create shortcut..., but there is no option to install it. Am I special or what?!?

Ok... I saved it to My Documents and now I have the option to install, what ever it takes I guess.

Edited by dc3, 01 February 2009 - 08:57 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:39 AM

Posted 01 February 2009 - 09:00 AM

Heh....okay. I would just tell you to skip it, but it's important in this case. It might not work just to fix them with HijackThis, especially with everything else running around in there. I want it to be as protected as it can be through the cleaning process. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:39 AM

Posted 01 February 2009 - 09:05 AM

If you listen very carefully you can hear me yelling out on the west coast. It will install on my computer but not on the other where it is needed. I'll keep trying.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:39 AM

Posted 01 February 2009 - 09:19 AM

Let's flip the order then.....see if ComboFix will run first, then after it's done, try it again, then do HijackThis. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:39 AM

Posted 01 February 2009 - 10:44 AM

Hi teacup,

Sorry for the delay, I was having problems downloading a program that I could burn data to DVDs, I now have Combofix installed on the other computer. I have not run a combo fix before, could you please give me an outline of what you want?

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:39 AM

Posted 01 February 2009 - 10:52 AM

Hi,

I'm not going to make a big production of it like some do. Follow the prompts. If you want to wait on the Recovery Console, then wait until later when you have it online. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:39 AM

Posted 01 February 2009 - 11:10 AM

Here's the Combofix log.

ComboFix 09-01-31.02 - Tami 2009-02-01 7:46:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.124 [GMT -8:00]
Running from: F:\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brittany\Local Settings\Temporary Internet Files\Tvm.log
c:\program files\INSTALL.LOG
c:\windows\gxrsm.dat
c:\windows\mihlt.dat
c:\windows\n_clldwf.log
c:\windows\n_gswbpw.txt
c:\windows\n_qzcyhg.txt
c:\windows\n_rwfggb.txt
c:\windows\n_zgairc.txt
c:\windows\nwnow.dat
c:\windows\siens.dat
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\addad.dll
c:\windows\system32\addbi.dll
c:\windows\system32\addcy.dll
c:\windows\system32\addfm32.dll
c:\windows\system32\addkq.dll
c:\windows\system32\addwo32.dll
c:\windows\system32\addwp32.dll
c:\windows\system32\apide32.dll
c:\windows\system32\apife32.dll
c:\windows\system32\apige32.dll
c:\windows\system32\apikq32.dll
c:\windows\system32\apiou32.dll
c:\windows\system32\apiso.dll
c:\windows\system32\apiyl32.dll
c:\windows\system32\appfq32.dll
c:\windows\system32\appsz.dll
c:\windows\system32\appxv.dll
c:\windows\system32\atldr32.dll
c:\windows\system32\atlen.dll
c:\windows\system32\atljs32.dll
c:\windows\system32\atlly.dll
c:\windows\system32\atlon.dll
c:\windows\system32\atlte32.dll
c:\windows\system32\atluy.dll
c:\windows\system32\aytui.dll
c:\windows\system32\bszip.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\audio cd.bmp
c:\windows\system32\Cache\buts.bin
c:\windows\system32\Cache\dating.bmp
c:\windows\system32\Cache\dating1.bmp
c:\windows\system32\Cache\financial.bmp
c:\windows\system32\Cache\freestuff.bmp
c:\windows\system32\Cache\opened box yellow.bmp
c:\windows\system32\Cache\peoples 1.bmp
c:\windows\system32\Cache\phone green.bmp
c:\windows\system32\Cache\porn.bmp
c:\windows\system32\Cache\shopping.bmp
c:\windows\system32\Cache\showbtn1.bmp
c:\windows\system32\Cache\showbtn12.bmp
c:\windows\system32\Cache\showbtn123.bmp
c:\windows\system32\Cache\tools setup.bmp
c:\windows\system32\cras.dll
c:\windows\system32\crcv32.dll
c:\windows\system32\crek32.dll
c:\windows\system32\cren.dll
c:\windows\system32\crix.dll
c:\windows\system32\crjb32.dll
c:\windows\system32\crly.dll
c:\windows\system32\cvove.dat
c:\windows\system32\cxfwy.dll
c:\windows\system32\d3bu32.dll
c:\windows\system32\d3jr.dll
c:\windows\system32\d3lq.dll
c:\windows\system32\d3rp32.dll
c:\windows\system32\d3ug32.dll
c:\windows\system32\d3vc32.dll
c:\windows\system32\d3vu32.dll
c:\windows\system32\d3ya32.dll
c:\windows\system32\emxhp.dat
c:\windows\system32\fmrlo.dat
c:\windows\system32\fzcbb.dll
c:\windows\system32\hebhu.dll
c:\windows\system32\iejh32.dll
c:\windows\system32\iend32.exe
c:\windows\system32\ieum32.dll
c:\windows\system32\ieur32.dll
c:\windows\system32\iphk32.dll
c:\windows\system32\ipms32.dll
c:\windows\system32\ipph.dll
c:\windows\system32\ipxz.dll
c:\windows\system32\ivdkv.dll
c:\windows\system32\javacx.dll
c:\windows\system32\javadi.dll
c:\windows\system32\javafc32.dll
c:\windows\system32\javagf.dll
c:\windows\system32\javajx32.dll
c:\windows\system32\javall.dll
c:\windows\system32\javaqt32.dll
c:\windows\system32\javarm.dll
c:\windows\system32\javarw.dll
c:\windows\system32\javavq32.dll
c:\windows\system32\jlgoz.dat
c:\windows\system32\kyjxf.dll
c:\windows\system32\mfcbn32.dll
c:\windows\system32\mfcfa32.dll
c:\windows\system32\mfcih32.dll
c:\windows\system32\mfcjt32.dll
c:\windows\system32\mfcjz32.dll
c:\windows\system32\mfcmv.dll
c:\windows\system32\mfcol32.dll
c:\windows\system32\mfcse32.dll
c:\windows\system32\mfcub32.dll
c:\windows\system32\mfcxo32.dll
c:\windows\system32\mseq32.dll
c:\windows\system32\msjd.dll
c:\windows\system32\mskn32.dll
c:\windows\system32\mswk32.dll
c:\windows\system32\msxo32.dll
c:\windows\system32\mszr.dll
c:\windows\system32\netfw32.dll
c:\windows\system32\netgm.dll
c:\windows\system32\netgw.dll
c:\windows\system32\netpr32.dll
c:\windows\system32\netza.dll
c:\windows\system32\ntag.dll
c:\windows\system32\ntan32.dll
c:\windows\system32\ntci32.dll
c:\windows\system32\ntcl32.dll
c:\windows\system32\ntfb32.dll
c:\windows\system32\ntne.dll
c:\windows\system32\ntws.dll
c:\windows\system32\open.ico
c:\windows\system32\phhvs.dat
c:\windows\system32\pzrie.dll
c:\windows\system32\rkxlq.dat
c:\windows\system32\sdkaw.dll
c:\windows\system32\sdkhr.dll
c:\windows\system32\sdkpv.dll
c:\windows\system32\sdkre32.dll
c:\windows\system32\sdkwo32.dll
c:\windows\system32\sdkxv32.dll
c:\windows\system32\sysds.dll
c:\windows\system32\syslo32.dll
c:\windows\system32\syslw.dll
c:\windows\system32\sysoq.dll
c:\windows\system32\syspj32.dll
c:\windows\system32\winhf32.dll
c:\windows\system32\winmk32.dll
c:\windows\system32\wintu32.dll
c:\windows\system32\winyp32.dll
c:\windows\wfwtn.dat

.
((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-02-01 03:45 . 2009-02-01 03:45 <DIR> d-------- c:\program files\Trend Micro
2009-02-01 00:11 . 2008-12-12 03:18 685 --a------ c:\windows\win.ini.bak
2009-01-31 23:45 . 2009-01-31 23:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Webroot
2009-01-31 23:34 . 2009-01-31 23:34 250 --a------ c:\windows\gmer.ini
2009-01-31 01:52 . 2009-01-31 01:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-31 01:37 . 2009-01-31 23:58 664 --a------ c:\windows\SYSTEM32\d3d9caps.dat
2009-01-31 01:25 . 2009-01-31 01:25 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-30 22:17 . 2009-01-30 22:17 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-01-30 22:17 . 2009-01-30 22:17 <DIR> d-------- c:\windows\SYSTEM32\en
2009-01-30 22:17 . 2009-01-30 22:17 <DIR> d-------- c:\windows\l2schemas
2009-01-30 09:59 . 2009-01-30 09:59 <DIR> d-------- c:\program files\Crawler
2009-01-30 09:58 . 2009-01-30 10:11 <DIR> d-------- c:\program files\SIW
2009-01-30 09:55 . 2009-01-30 09:55 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-30 09:55 . 2009-01-30 09:55 <DIR> d-------- c:\documents and settings\Tami\Application Data\SUPERAntiSpyware.com
2009-01-30 09:55 . 2009-01-30 09:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-30 09:54 . 2009-01-30 09:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-30 09:53 . 2009-01-30 09:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-30 09:53 . 2009-01-30 09:53 <DIR> d-------- c:\documents and settings\Tami\Application Data\Malwarebytes
2009-01-30 09:53 . 2009-01-30 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-30 09:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-30 09:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 11:30 --------- d-----w c:\program files\Java
2009-02-01 01:38 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-29 23:07 --------- d-----w c:\program files\WINForms Desktop
2008-12-18 22:48 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2008-12-18 19:34 --------- d-----w c:\documents and settings\Tami\Application Data\iolo
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-03 19:09 --------- d-----w c:\program files\Common Files\Adobe
2008-12-03 18:41 --------- d-----w c:\program files\Media
2008-11-12 01:32 164 ----a-w C:\install.dat
2008-09-11 21:51 60,968 ----a-w c:\documents and settings\Tami\GoToAssistDownloadHelper.exe
2005-06-14 07:08 32 ----a-w c:\documents and settings\Brittany\Application Data\tvmcwrd.dll
2005-06-14 03:54 138 ----a-w c:\documents and settings\Tami\Application Data\tvmdmns.dll
2005-06-13 21:23 30 ----a-w c:\documents and settings\Tami\Application Data\tvmcwrd.dll
2005-02-10 05:37 3,567 --sha-w c:\windows\idwjf.dat
2005-02-06 22:04 0 --sha-w c:\windows\jrnan.dll
2005-01-29 17:05 3,567 --sha-w c:\windows\rcuds.dat
2005-02-24 16:13 3,567 --sha-w c:\windows\wjvqb.dat
2007-04-05 01:12 88 --sh--r c:\windows\SYSTEM32\B24A550B5E.sys
2005-02-22 08:38 3,567 --sha-w c:\windows\SYSTEM32\jwbuf.dat
2005-01-31 12:03 3,567 --sha-w c:\windows\SYSTEM32\pluhu.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-11-11 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-11-11 17:39 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-10-12 13:11 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_9.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-18 185896]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-10-12 6272888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=c:\windows\pss\Date Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk
backup=c:\windows\pss\PrecisionTime.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2LRX2W83X2T3MQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AKU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cryptographic Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEDriver
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISAK
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OYGQL
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pcsv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll16
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunWindowsUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Soundmx
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xyd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 14:44 679936 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
--a------ 2002-04-02 23:01 135264 c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-10-18 16:03 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-10 23:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [2008-10-02 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-01-18 596336]
R4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-01-18 596336]
R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-11-11 1066360]
S3 AX88172;NETGEAR FA120 USB 2.0 Fast Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\FA120.sys [2004-01-30 14048]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\SYSTEM32\DRIVERS\pixmcvc.sys [2007-06-19 32000]
.
Contents of the 'Scheduled Tasks' folder

2003-03-28 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2008-04-13 16:12]

2009-01-28 c:\windows\Tasks\Webroot Backup Online Backup - Tamilina.job
- c:\program files\webroot\webrootsecurity\backup\sosuploadagent.exe [2008-10-12 13:11]

2009-01-30 c:\windows\Tasks\wrSpySweeper_LBA629B7378FC40399E05978E2BF35060.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-10-12 13:18]

2009-01-30 c:\windows\Tasks\wrSpySweeper_LBA629B7378FC40399E05978E2BF35060.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-10-12 13:18]

2009-01-30 c:\windows\Tasks\wrSpySweeper_LBA629B7378FC40399E05978E2BF35060.job
- A:\ []
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Microsoft Update - wuamgrd.exe
HKU-Default-Run-Microsoft Restore - scrgrd.exe
HKU-Default-Run-Windows Media Player - vtndgq.exe
HKU-Default-RunServices-Windows Media Player - vtndgq.exe
MSConfigStartUp-AutoUpdater - c:\program files\AutoUpdate\AutoUpdate.exe
MSConfigStartUp-BullsEye Network - c:\program files\BullsEye Network\bin\bargains.exe
MSConfigStartUp-CashBack - c:\program files\CashBack\bin\cashback.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ClrSchLoader - c:\program files\ClearSearch\Loader.exe
MSConfigStartUp-CMESys - c:\program files\Common Files\CMEII\CMESys.exe
MSConfigStartUp-ConMgr - c:\program files\EarthLink 5.0\ConMgr.exe
MSConfigStartUp-Dpi - c:\program files\Common Files\Dpi\dpi.exe
MSConfigStartUp-Internet Optimizer - c:\program files\Internet Optimizer\optimize.exe
MSConfigStartUp-IST Service - c:\program files\ISTsvc\istsvc.exe
MSConfigStartUp-MCAgentExe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-NAV CfgWiz - c:\program files\Common Files\Symantec Shared\CfgWiz.exe
MSConfigStartUp-NaviSearch - c:\program files\NaviSearch\bin\nls.exe
MSConfigStartUp-Power Scan - c:\program files\Power Scan\powerscan.exe
MSConfigStartUp-QBCD Autorun - D:\autorun.exe
MSConfigStartUp-RunDLL - c:\windows\System32\bridge.dll
MSConfigStartUp-Rundll32_7 - c:\windows\System32\msiefr40.dll
MSConfigStartUp-Rundll32_8 - c:\windows\System32\inetp60.dll
MSConfigStartUp-TV Media - c:\program files\TV Media\Tvm.exe
MSConfigStartUp-UpdateStats - c:\program files\Media\Media\UpdateStats.exe
MSConfigStartUp-updmgr - c:\program files\Common files\updmgr\updmgr.exe
MSConfigStartUp-{2CF0B992-5EEB-4143-99C0-5297EF71F444} - c:\windows\System32\stlbdist.DLL
MSConfigStartUp-avserve2 - (no file)
MSConfigStartUp-Microsoft Restore - scrgrd.exe
MSConfigStartUp-Microsoft Update - wuamgrd.exe
MSConfigStartUp-sF6T36X - shudsk.exe
MSConfigStartUp-Win32 USB2 Driver - svchosting.exe
MSConfigStartUp-Windows Media Player - vtndgq.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.prospector.metrolist.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clickspring.net
Trusted Zone: frame.crazywinnings.com
Trusted Zone: metrolist.net
Trusted Zone: my-internet.info
Trusted Zone: rapmls.com
Trusted Zone: scoobidoo.com
Trusted Zone: static.topconverting.com
Trusted Zone: clickspring.net
Trusted Zone: frame.crazywinnings.com
Trusted Zone: my-internet.info
Trusted Zone: scoobidoo.com
Trusted Zone: static.topconverting.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tami\Application Data\Mozilla\Firefox\Profiles\chxwv5eg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 07:53:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0117932E-E4D1-5936-D29B-CD7314854EC4}\Data]
@DACL=(02 0000)
@=hex:38,67,78,ab,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02C0DCC5-3CE6-0398-0598-65E2B62B528F}\Data]
@DACL=(02 0000)
@=hex:83,9b,a4,bd,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0633A0E3-289A-7FC6-E116-FE2F8F786A3E}\Data]
@DACL=(02 0000)
@=hex:de,97,57,8c,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{070C0DA5-4571-4CFF-83F7-EC2132306285}\Data]
@DACL=(02 0000)
@=hex:99,ee,55,4f,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0785E382-D842-E060-C164-DD3F0FB832F7}\Data]
@DACL=(02 0000)
@=hex:d4,ab,bc,d3,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{092C89DA-6FB1-13BA-404C-464FC926BA68}\Data]
@DACL=(02 0000)
@=hex:9c,ca,b3,fa,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C0B3165-AF00-6B5A-D914-42A02B2759AC}\Data]
@DACL=(02 0000)
@=hex:f8,58,75,f6,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0D9EEFA5-9AEE-2FD1-4E09-2EFA3E7F8C8C}\Data]
@DACL=(02 0000)
@=hex:76,12,75,ea,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0F8C4166-6513-FF22-D406-84A3652D603F}\Data]
@DACL=(02 0000)
@=hex:7b,77,06,5b,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{10123428-A96D-94DF-C71E-72AD4E1826F7}\Data]
@DACL=(02 0000)
@=hex:f0,5e,94,b9,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18A17541-1D7D-F514-A197-5E995C5D8B77}\Data]
@DACL=(02 0000)
@=hex:3f,7f,9f,a6,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18E1732F-77F2-2029-71E8-F3E634ABC0AA}\Data]
@DACL=(02 0000)
@=hex:77,78,78,d9,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1F78C92C-4C19-8C99-63B8-180F8DEADFA6}\Data]
@DACL=(02 0000)
@=hex:f5,26,9f,e7,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1FA8D016-1C73-BC8D-6A16-70E4A2EE58A2}\Data]
@DACL=(02 0000)
@=hex:5e,d0,f2,82,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{28788014-A45C-118B-A96E-A6516BFCAB86}\Data]
@DACL=(02 0000)
@=hex:a9,53,4d,da,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{292BEF21-33AD-10B1-429C-323A3A1207E6}\Data]
@DACL=(02 0000)
@=hex:e7,db,f0,cd,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2DCB300B-8992-BE39-ABB4-00C240619497}\Data]
@DACL=(02 0000)
@=hex:da,70,d9,eb,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EE3C97B-04E4-9DB0-B797-A81C69CDD6D3}\Data]
@DACL=(02 0000)
@=hex:df,c1,fa,67,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2F1D33AC-0064-E874-1148-32D75B7B52B1}\Data]
@DACL=(02 0000)
@=hex:e2,8c,87,21,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3683F4A4-452A-6A66-D6CC-10F0E17747CC}\Data]
@DACL=(02 0000)
@=hex:44,5c,c0,32,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3764A70B-08CA-A3C8-9F8B-1BABB4D566F5}\Data]
@DACL=(02 0000)
@=hex:5f,ee,15,11,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{37FC7122-6823-FF6A-4065-9DAB1F0E5954}\Data]
@DACL=(02 0000)
@=hex:d6,92,ac,b3,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38EA8712-9AED-82F9-0AB9-F1B2A69B4EDB}\Data]
@DACL=(02 0000)
@=hex:c0,18,82,37,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38F792AB-B858-758A-2C0D-9E15109055B9}\Data]
@DACL=(02 0000)
@=hex:b5,7d,c7,4a,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3C5C4850-36D4-6572-6140-C96039A1ECF5}\Data]
@DACL=(02 0000)
@=hex:fc,68,63,7b,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3E7DB320-7E09-59EF-EBB8-1F9DD474D568}\Data]
@DACL=(02 0000)
@=hex:75,66,28,59,1f,2f,d2,66,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43C1568E-3180-70AF-78D3-0AF569D9FBCE}\Data]
@DACL=(02 0000)
@=hex:8f,e4,66,17,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47AEE64C-5AEA-4ED8-103A-64D56785E44D}\Data]
@DACL=(02 0000)
@=hex:b8,5d,4a,2c,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47D0321F-56CD-2231-D9A9-E14B4D3F6F81}\Data]
@DACL=(02 0000)
@=hex:a2,13,c5,b9,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AF6F90A-F3E8-15B3-4B30-88AF19DE461C}\Data]
@DACL=(02 0000)
@=hex:2f,87,97,61,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5BCF260F-C801-D6F7-224D-7118C2A58518}\Data]
@DACL=(02 0000)
@=hex:cd,42,32,b6,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C32B1F7-AC71-BBEE-CC0B-2FA5E116AA6C}\Data]
@DACL=(02 0000)
@=hex:21,1d,4b,68,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E69E594-649C-5E92-356E-8CDF7589910E}\Data]
@DACL=(02 0000)
@=hex:8a,2b,35,17,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61D02CEC-F196-F016-A5EC-BFA68EABD7C3}\Data]
@DACL=(02 0000)
@=hex:40,6f,54,52,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{63E988EA-B1A2-6EB4-88EE-55949C150872}\Data]
@DACL=(02 0000)
@=hex:ec,95,87,41,1f,2f,d2,66,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{710D83F2-D312-9683-955D-E46F3DC64541}\Data]
@DACL=(02 0000)
@=hex:90,b8,e1,76,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{729C8736-0F18-3F7A-E5BB-A9B57E2CDBEC}\Data]
@DACL=(02 0000)
@=hex:20,c6,6f,a0,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{763AF3F6-BC0C-14B6-3366-52CE92AA3A6D}\Data]
@DACL=(02 0000)
@=hex:56,63,41,a7,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{768510DB-4B3E-B9C1-962A-3FE96793A206}\Data]
@DACL=(02 0000)
@=hex:66,22,4c,81,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7C6C0FE2-A8B2-F463-B4C9-AF3F0427AAAC}\Data]
@DACL=(02 0000)
@=hex:80,87,34,3d,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7FFCC75E-5674-7B6F-24F8-13B92DA42ADF}\Data]
@DACL=(02 0000)
@=hex:98,bf,93,8c,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8231569C-7C20-3AC6-6800-79F89324EF28}\Data]
@DACL=(02 0000)
@=hex:2a,c3,cb,ba,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{827CDFA8-77CD-EDA5-3DCB-A73515055C0A}\Data]
@DACL=(02 0000)
@=hex:74,0c,c3,15,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{862B880F-8C8B-27F3-B154-FA38A4A647BA}\Data]
@DACL=(02 0000)
@=hex:0e,c3,42,ac,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8A4CF18B-B846-C0E7-A457-DF8C366EE6AB}\Data]
@DACL=(02 0000)
@=hex:71,f3,48,c1,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8C6233B9-0AC4-7DAC-AEB8-897EA23435DD}\Data]
@DACL=(02 0000)
@=hex:20,99,83,13,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8DED84AD-BB1F-9368-1990-BB8743516D63}\Data]
@DACL=(02 0000)
@=hex:97,45,6a,34,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E791205-E0B5-2600-EEB9-32CAB7717620}\Data]
@DACL=(02 0000)
@=hex:fd,67,11,cb,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{95686E2E-0FC4-B785-AB07-8BEFF99F6A9D}\Data]
@DACL=(02 0000)
@=hex:38,97,3a,20,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{95C2E350-02E5-F766-2847-040897D53CA0}\Data]
@DACL=(02 0000)
@=hex:fd,8d,ce,73,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9DCAC14C-5AED-ADB0-13C7-BC0FD19AC9B5}\Data]
@DACL=(02 0000)
@=hex:fd,8f,d6,33,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A0143008-D257-1264-D990-7C6BFBD3F2AF}\Data]
@DACL=(02 0000)
@=hex:6b,8f,6c,2c,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A12F8C71-8266-116B-4118-FD5124D815E9}\Data]
@DACL=(02 0000)
@=hex:8f,3c,0a,6a,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A5363EEA-80FF-2D9D-B95C-136303CBE2E5}\Data]
@DACL=(02 0000)
@=hex:50,9a,38,f3,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6860367-B1AF-92CF-BB33-A8D79079CD31}\Data]
@DACL=(02 0000)
@=hex:38,38,86,28,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A9286A6C-DA6E-C7A6-3C97-95677D9DA2FE}\Data]
@DACL=(02 0000)
@=hex:8f,3e,12,2a,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF78CC8D-6C38-4877-8A5D-18C72E19E404}\Data]
@DACL=(02 0000)
@=hex:0c,3a,e9,db,1f,2f,d2,66,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B66EAEC2-2CE6-1697-9346-9B1E60E39650}\Data]
@DACL=(02 0000)
@=hex:d8,fc,2e,62,1f,2f,d2,66,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BA99F0F7-81BA-A3D0-11AE-7FAE337FF72F}\Data]
@DACL=(02 0000)
@=hex:08,08,e7,64,1f,2f,d2,66,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C375DE0D-F4D5-D76E-F451-DC7FECE368E5}\Data]
@DACL=(02 0000)
@=hex:34,2f,a5,37,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C47DCAF3-F99D-8C67-52D6-BC5A17E2D173}\Data]
@DACL=(02 0000)
@=hex:1c,ec,c1,18,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C4D2AC2E-07C1-9311-0E17-585FF4D9D9CE}\Data]
@DACL=(02 0000)
@=hex:c6,71,f1,a9,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8E09E11-D541-F895-3F54-4597E03FF821}\Data]
@DACL=(02 0000)
@=hex:77,e8,34,c3,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CC67ADD3-8236-844B-5732-907E26BCF629}\Data]
@DACL=(02 0000)
@=hex:f4,1b,e1,e4,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D2C22B7F-8DD3-0C16-DA5B-AF1BC159FCC4}\Data]
@DACL=(02 0000)
@=hex:63,ee,96,37,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D8F83F56-26F9-C667-A9AA-64C24DF449D6}\Data]
@DACL=(02 0000)
@=hex:dd,c7,9c,d2,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DBCAF7B9-90DE-F394-8B27-99397DB98475}\Data]
@DACL=(02 0000)
@=hex:ff,7f,1c,04,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DD6D55FD-C699-0028-DB35-7E38BF78BA5D}\Data]
@DACL=(02 0000)
@=hex:ff,67,e7,9a,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DF759AF7-B857-F801-07D7-2880E7156CC1}\Data]
@DACL=(02 0000)
@=hex:b6,19,05,97,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E2D18933-6CA1-461A-2D30-CC986B408A2C}\Data]
@DACL=(02 0000)
@=hex:1e,ce,d0,37,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E5FE8B28-20B7-0E2B-7FD1-042B1A24EF17}\Data]
@DACL=(02 0000)
@=hex:50,99,30,b3,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E85F044E-692F-88A1-DCF0-A6CE8A4E910A}\Data]
@DACL=(02 0000)
@=hex:ff,7f,51,cb,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E8A24F81-F9FE-B428-CFF6-913E5B4C1A5F}\Data]
@DACL=(02 0000)
@=hex:28,54,2e,42,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EA0DBEF3-D854-011A-6794-0E147DB05646}\Data]
@DACL=(02 0000)
@=hex:f4,1c,c7,24,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC1707B3-CAC1-BD23-6786-C373710EE156}\Data]
@DACL=(02 0000)
@=hex:85,61,8f,59,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EDD0FA6A-D598-B563-ABA9-261EAEB33DE2}\Data]
@DACL=(02 0000)
@=hex:83,74,71,f5,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF00589F-4853-36A5-3704-A19633EDC95B}\Data]
@DACL=(02 0000)
@=hex:7d,72,1d,2a,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFBFBA2F-CC59-CEAD-D6D0-CD413F205910}\Data]
@DACL=(02 0000)
@=hex:ca,6f,92,44,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F1BCAC5E-0A67-6C42-AA0C-92D908BE4189}\Data]
@DACL=(02 0000)
@=hex:33,3e,97,1c,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F5FE0B4F-6539-4884-A16A-13AF58029AB1}\Data]
@DACL=(02 0000)
@=hex:a4,dc,c4,2e,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB375D03-ADFB-A764-80E7-7750FF44A796}\Data]
@DACL=(02 0000)
@=hex:11,a1,8b,47,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FD61B84C-0010-955A-086A-0FC97935B74A}\Data]
@DACL=(02 0000)
@=hex:43,64,9b,f9,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEF27C0E-F323-983C-7373-F21C8EF035DF}\Data]
@DACL=(02 0000)
@=hex:5d,00,3d,07,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FF3C44AD-FD55-5AC7-EB1B-96541E72E0B6}\Data]
@DACL=(02 0000)
@=hex:91,cc,4a,6e,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FF821169-5E94-6256-7895-F4D785DD878A}\Data]
@DACL=(02 0000)
@=hex:e4,df,d3,46,a0,dc,86,47,56,1a,e8,b3,cf,52,c6,41,e1,6d,00,00,32,35,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\SYSTEM32\hpzipm12.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
.
**************************************************************************
.
Completion time: 2009-02-01 8:03:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-01 16:03:21

Pre-Run: 37,615,108,096 bytes free
Post-Run: 37,513,777,152 bytes free

672 --- E O F --- 2009-01-31 06:37:16

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users