Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo keeps beating Malawarebytes and Norton


  • This topic is locked This topic is locked
11 replies to this topic

#1 Pieter Pos

Pieter Pos

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 01 April 2009 - 06:19 PM

Please see the log below. I have Norton 2009 active, cleaned with Malawarebytes, Lavasoft and Spybot. Vundo keep coming back. I do recognize some entries as potential viruses but probably not all.

Thanks in advance for any help

HiJackThis v2.0.2
Scan saved at 17:46, on 2009-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2a14ce34-4821-4966-821e-612c12be8468} - C:\WINDOWS\system32\behimami.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175216722\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [sevobukata] Rundll32.exe "C:\WINDOWS\system32\nowowise.dll",s
O4 - HKLM\..\Run: [4c25c98d] rundll32.exe "C:\WINDOWS\system32\negonito.dll",b
O4 - HKLM\..\Run: [CPM4f16fa11] Rundll32.exe "c:\windows\system32\kuwolije.dll",a
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI9091~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI9091~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail.prgx.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\WINDOWS\system32\pepaveji.dll c:\windows\system32\kuwolije.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kuwolije.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kuwolije.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:17 AM

Posted 08 April 2009 - 06:50 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 09 April 2009 - 06:12 PM

Thanks so much for your response - no problem with the delay - just glad I am getting help. A few updates. Norton took care of a few of the Vundo's but continues to register activity daily.

Below the DDS log and Attached Attached.txt

Thanks again and I'll look forward to your reply


DDS (Ver_09-03-16.01) - NTFSx86
Run by DAD at 18:03:06.40 on 2009-04-09
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1310 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Legacy7\Legacy.exe
C:\Program Files\RealRhapsody\rhaphlpr.exe
C:\Program Files\DVDFab 5\DVDFab.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\DVD Shrink\DVD Shrink 3.1.exe
C:\Program Files\Roxio\Easy Media Creator 7\Disc Copier\DiscCopier7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\DAD\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {2a14ce34-4821-4966-821e-612c12be8468} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi9091~1\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [HostManager] c:\program files\common files\aol\1175216722\ee\AOLSoftware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [sevobukata] Rundll32.exe "c:\windows\system32\nowowise.dll",s
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [CPM4f16fa11] Rundll32.exe "c:\windows\system32\mipozefo.dll",a
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ccWasher] c:\program files\cookie washer\aolwasher.exe /0
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [IETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
StartupFolder: c:\documents and settings\dad\start menu\programs\startup\Cyber-shot Viewer Media Check Tool.lnk.disabled
StartupFolder: c:\documents and settings\dad\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\documents and settings\dad\start menu\programs\startup\RAR Password Cracker.lnk.disabled
StartupFolder: c:\documents and settings\dad\start menu\programs\startup\SpywareGuard.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\AutoCAD Startup Accelerator.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster silver 17\Remind.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Image Zone Fast Start.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\KODAK Software Updater.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk.disabled
mPolicies-explorer: <NO NAME> =
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi9091~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi9091~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: google.com\www
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mail.prgx.com/iNotes6W.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL ,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\fromgl4p.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-1-30 21512]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-3-31 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-3-31 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-3-31 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090331.007\IDSXpx86.sys [2009-4-2 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2009-1-22 267333]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-3-31 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-15 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-2 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090409.004\NAVENG.SYS [2009-4-9 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090409.004\NAVEX15.SYS [2009-4-9 876144]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S2 CSIScanner;CSIScanner;"c:\program files\prevxcsi\prevxcsi.exe" /service --> c:\program files\prevxcsi\prevxcsi.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-9-21 29744]
S3 ldiskl;ldiskl;\??\c:\docume~1\jean-luc\locals~1\temp\ldiskl.sys --> c:\docume~1\jean-luc\locals~1\temp\ldiskl.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2003-12-20 155264]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [2004-1-17 220928]
S3 USB-100;SMC Compact USB to Ethernet converter;c:\windows\system32\drivers\SMC2208.SYS [2003-12-16 27519]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-4-15 280344]

=============== Created Last 30 ================

2009-04-07 16:55 <DIR> --d----- c:\program files\iPod
2009-04-07 16:55 <DIR> --d----- c:\program files\iTunes
2009-04-07 16:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 16:46 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-04-07 16:41 <DIR> --d----- c:\program files\Bonjour
2009-04-04 09:42 <DIR> --d----- C:\New Folder (4)
2009-04-02 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-02 17:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-02 17:34 <DIR> --d----- c:\docume~1\dad\applic~1\SUPERAntiSpyware.com
2009-04-02 06:49 9,216 a------- c:\windows\system32\ffnd.exe
2009-04-02 06:42 <DIR> --d----- c:\program files\FreeFixer
2009-03-31 23:30 1,403,738 ---sh--- c:\windows\system32\otinogen.ini
2009-03-31 22:44 5,202 ---sh--- c:\windows\system32\febasuvo.dll
2009-03-31 22:44 2,713 ---sh--- c:\windows\system32\seruyone.dll
2009-03-31 18:32 <DIR> --d----- C:\VundoFix Backups
2009-03-31 18:32 119,808 a------- C:\VundoFix.exe
2009-03-31 10:43 2,713 ---sh--- c:\windows\system32\zitakihu.exe
2009-03-30 18:07 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-03-30 18:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-30 18:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-30 18:07 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-30 18:07 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-30 18:06 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-03-30 18:06 <DIR> --d----- c:\program files\Norton AntiVirus
2009-03-30 17:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-03-30 17:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-03-30 17:53 <DIR> --d----- c:\program files\NortonInstaller
2009-03-30 17:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-03-30 04:41 3,290,752 ---sh--- c:\windows\system32\ajejugan.ini
2009-03-29 18:24 122 ---sh--- c:\windows\system32\ehebozir.ini
2009-03-11 18:56 <DIR> --d----- C:\New Folder (3)

==================== Find3M ====================

2009-04-09 17:27 34 a------- c:\documents and settings\dad\jagex_runescape_preferences.dat
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-26 17:28 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-01-18 03:53 388,608 a------- c:\windows\system32\CF30101.exe
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-11 13:33 388,608 a------- c:\windows\system32\CF3654.exe
2009-01-11 13:26 388,608 a------- c:\windows\system32\CF2178.exe
2008-12-13 15:53 87,608 a------- c:\docume~1\dad\applic~1\inst.exe
2008-12-13 15:53 47,360 a------- c:\docume~1\dad\applic~1\pcouffin.sys
2008-08-09 16:01 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2006-12-12 21:57 2,419 a------- c:\program files\INSTALL.LOG
2005-08-07 04:38 507,175 a------- c:\documents and settings\dad\defs.zip
2004-02-28 07:53 32 a------- c:\program files\heck2flaw.dat
2003-08-27 14:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll

============= FINISH: 18:04:22.50 ===============

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:17 PM

Posted 10 April 2009 - 10:23 AM

Hello,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.

You might want to save this page on your favorites, so you can find it again when you return.

#5 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 10 April 2009 - 07:53 PM

Hi Farbar

Thanks for the quick reply. Please see the MBam log below as well as the Hijack this Log. Note that Mbam will clean one or two Vundo's each time but they will pop back up after reboot.

Malwarebytes' Anti-Malware 1.36
Database version: 1963
Windows 5.1.2600 Service Pack 2

2009-04-10 19:40:52
mbam-log-2009-04-10 (19-40-45).txt

Scan type: Quick Scan
Objects scanned: 121125
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sevobukata (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4f16fa11 (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> No action taken.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> No action taken.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47, on 2009-04-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Legacy7\Legacy.exe
C:\Program Files\RealRhapsody\rhaphlpr.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Sonic\RecordNow!\RecordNow.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2a14ce34-4821-4966-821e-612c12be8468} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175216722\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [sevobukata] Rundll32.exe "C:\WINDOWS\system32\nowowise.dll",s
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CPM4f16fa11] Rundll32.exe "c:\windows\system32\mipozefo.dll",a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - S-1-5-18 Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: RAR Password Cracker.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: SpywareGuard.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - .DEFAULT Startup: RAR Password Cracker.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: SpywareGuard.lnk.disabled (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RAR Password Cracker.lnk.disabled
O4 - Startup: SpywareGuard.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: KODAK Software Updater.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI9091~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI9091~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail.prgx.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL ,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16754 bytes

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:17 PM

Posted 11 April 2009 - 03:30 AM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. We are not here to pass judgment on file-sharing as a concept. But file-sharing is used to infect users as tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p download folders. They might contain infected files. Please avoid using these p2p applications or uninstall them. Using these applications at this stage might lead to reinfection or infecting other users.

  • Optional: Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program if you are not using it.
    If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following:

    Viewpoint Manager, Viewpoint Media Player.

    If you uninstalled the application also remove the folder in bold: C:\Program Files\Viewpoint

  • From the MBAM log:

    C:\Program Files\Common\helper.sig (Trojan.Agent) -> No action taken.


    This means MBAM did nothing but a scan. Please run a quick scan with MBAM, make sure that everything is checked, and click Remove Selected. No need to post the log.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please include in your next reply:
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#7 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 11 April 2009 - 01:18 PM

Hi Farbar

Thanks again for your help. Too many things on the PC that I was not even aware of. I followed your instructions and below are the results from HJThis and ComboFix. One thing I did notice is that on the previous MBAM scan _helper.sig was identified as a problem and supposedly corrected on reboot. This file resides in Program Files\Common together with _helper.dll. This folder automatically opens up on boot, even after _helper.sig was removed by MBAM.

Thanks in advance for any further help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:19 PM, on 4/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175216722\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - S-1-5-18 Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: RAR Password Cracker.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: SpywareGuard.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - .DEFAULT Startup: RAR Password Cracker.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: SpywareGuard.lnk.disabled (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RAR Password Cracker.lnk.disabled
O4 - Startup: SpywareGuard.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: KODAK Software Updater.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI9091~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI9091~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail.prgx.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16345 bytes



ComboFix 09-04-04.01 - DAD 2009-04-11 12:33:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1216 [GMT -5:00]
Running from: c:\documents and settings\DAD\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\DAD\Application Data\inst.exe
c:\documents and settings\JEAN-LUC\Application Data\Hotbar
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1037962.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055937.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059014.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066790.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067625.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383517.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386121.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387285.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387587.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387641.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390688.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390845.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400989.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402048.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402096.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\302932.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\399103.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\421519.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\456868.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\491421.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\512426.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\593670.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\647388.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\671709.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\675845.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\788621.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\30b5.dat
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10052
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10807
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12087
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13562
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14083
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14575
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14747
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15541
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\184591
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20128
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\202699
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20570
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20898
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22582
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23066
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24625
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25272
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25351
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25708
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26030
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26245
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26247
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26272
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26340
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26927
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28437
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29338
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29642
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31327
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31528
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32221
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32541
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32676
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33137
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34134
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34374
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35012
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35015
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35020
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35285
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35900
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36072
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36079
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38123
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39897
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4142
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42034
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42194
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42425
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42915
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43979
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44271
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44458
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46021
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47468
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47484
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\478548
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4899
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49432
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\50830
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53077
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54469
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54473
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54660
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56445
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59234
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60686
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6098
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61167
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61779
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61894
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61923
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\62985
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64404
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64446
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64454
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64703
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64983
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66228
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66836
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67464
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67630
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68386
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6873
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69199
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69235
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70907
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\71225
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\71602
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72072
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72807
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72846
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73670
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\74263
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7515
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7521
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79079
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79257
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80670
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81785
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82292
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82646
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82647
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83733
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85386
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86020
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86173
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86632
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87304
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90009
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90358
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90711
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91224
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91231
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9149
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91565
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93815
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93921
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93934
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94230
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95325
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95645
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95678
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95701
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95704
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95740
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95803
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\96961
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9805
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\98677
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99008
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\30b5.dat
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbarcom.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbarcom.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
c:\documents and settings\JEAN-LUC\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055937.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056880.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1058599.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059135.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065863.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1069287.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070500.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1154853.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383623.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383789.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387285.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387587.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387588.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\153438.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\186440.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\269641.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\387979.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\504940.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\593670.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\600583.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\633695.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\670828.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\691690.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\737654.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\768158.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\806804.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\807019.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\918486.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\939171.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\956600.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\30bc.dat
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13562
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13919
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\141880
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14440
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14575
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1491
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15541
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16086
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18035
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18806
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20570
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20970
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21017
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21889
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22094
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23066
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23616
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24996
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25043
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25469
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26340
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26821
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27515
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28383
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28437
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\297534
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30189
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31638
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32171
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32198
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32541
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33069
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33137
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34134
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34706
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34952
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35285
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\356690
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36079
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37602
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41115
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41215
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4124
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41352
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41364
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42751
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42915
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43811
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44458
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45496
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47468
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47484
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47914
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49432
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49512
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49622
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4967
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49821
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49958
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\50056
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51880
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53481
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\5411
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54473
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58228
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58804
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59873
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59923
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60421
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6098
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61167
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63264
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63801
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64414
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64429
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64703
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64961
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65502
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65762
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65843
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65933
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67357
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67733
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68076
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68094
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68370
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6873
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70330
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70449
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70611
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70907
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70965
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\71225
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73476
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7518
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7521
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7652
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78237
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78424
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78679
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79079
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79257
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79596
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82292
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83329
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83505
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83733
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85568
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\8573
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86100
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86632
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87090
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87154
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87499
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87555
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87584
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87594
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\88104
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\89151
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\89623
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90009
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90234
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93921
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94204
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95678
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95701
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95704
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95740
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95803
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95825
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95917
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99507
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\30bc.dat
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbarcom.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbarcom.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
c:\documents and settings\SANNE_PIETER\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
c:\program files\INSTALL.LOG
c:\windows\system32\ajejugan.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\ehebozir.ini
c:\windows\system32\otinogen.ini
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\system
c:\windows\system32\system\msxml4.dll
c:\windows\system32\system\msxml4r.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
F:\Autorun.inf
H:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-07 16:55 . 2009-04-07 16:56 <DIR> d-------- c:\program files\iTunes
2009-04-07 16:55 . 2009-04-07 16:55 <DIR> d-------- c:\program files\iPod
2009-04-07 16:55 . 2009-04-07 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 16:46 . 2009-03-26 15:23 1,900,544 --a------ c:\windows\SYSTEM32\usbaaplrc.dll
2009-04-07 16:42 . 2009-04-07 16:42 <DIR> d-------- c:\program files\Safari
2009-04-07 16:41 . 2009-04-07 16:41 <DIR> d-------- c:\program files\Bonjour
2009-04-04 09:42 . 2009-04-04 09:42 <DIR> d-------- C:\New Folder (4)
2009-04-02 17:35 . 2009-04-02 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-02 17:34 . 2009-04-02 17:34 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-04-02 17:34 . 2009-04-02 17:34 <DIR> d-------- c:\documents and settings\DAD\Application Data\SUPERAntiSpyware.com
2009-04-02 06:49 . 2007-08-14 13:04 9,216 --a------ c:\windows\SYSTEM32\ffnd.exe
2009-04-02 06:42 . 2009-04-02 06:42 <DIR> d-------- c:\program files\FreeFixer
2009-03-31 22:44 . 2009-03-31 22:44 5,202 ---hs---- c:\windows\SYSTEM32\febasuvo.dll
2009-03-31 22:44 . 2009-03-31 22:44 2,713 ---hs---- c:\windows\SYSTEM32\seruyone.dll
2009-03-31 18:32 . 2009-03-31 18:32 <DIR> d-------- C:\VundoFix Backups
2009-03-31 18:32 . 2009-03-30 21:22 119,808 --a------ C:\VundoFix.exe
2009-03-31 10:43 . 2009-03-31 10:43 2,713 ---hs---- c:\windows\SYSTEM32\zitakihu.exe
2009-03-30 18:07 . 2009-03-31 21:45 124,464 --a------ c:\windows\SYSTEM32\DRIVERS\SYMEVENT.SYS
2009-03-30 18:07 . 2009-03-31 21:45 60,808 --a------ c:\windows\SYSTEM32\S32EVNT1.DLL
2009-03-30 18:07 . 2009-02-27 05:57 36,400 -ra------ c:\windows\SYSTEM32\DRIVERS\SymIM.sys
2009-03-30 18:07 . 2009-03-31 21:45 7,386 --a------ c:\windows\SYSTEM32\DRIVERS\SYMEVENT.CAT
2009-03-30 18:07 . 2009-03-31 21:45 805 --a------ c:\windows\SYSTEM32\DRIVERS\SYMEVENT.INF
2009-03-30 18:06 . 2009-03-31 21:44 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\NAV
2009-03-30 18:06 . 2009-03-30 18:06 <DIR> d-------- c:\program files\Windows Sidebar
2009-03-30 18:06 . 2009-03-30 18:06 <DIR> d-------- c:\program files\Norton AntiVirus
2009-03-30 17:57 . 2009-03-30 17:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2009-03-30 17:57 . 2009-03-30 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-03-30 17:53 . 2009-03-30 17:53 <DIR> d-------- c:\program files\NortonInstaller
2009-03-30 17:46 . 2009-03-30 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-11 18:56 . 2009-03-11 18:56 <DIR> d-------- C:\New Folder (3)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 17:52 --------- d-----w c:\documents and settings\DAD\Application Data\Skype
2009-04-11 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-11 16:45 --------- d-----w c:\program files\Pure Networks
2009-04-11 16:45 --------- d-----w c:\program files\Apple Software Update
2009-04-11 16:36 --------- d-----w c:\program files\Common
2009-04-11 16:14 --------- d-----w c:\documents and settings\DAD\Application Data\skypePM
2009-04-11 16:09 --------- d-----w c:\documents and settings\DAD\Application Data\Apple Computer
2009-04-11 00:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 00:15 34 ----a-w c:\documents and settings\DAD\jagex_runescape_preferences.dat
2009-04-09 23:35 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-07 21:55 --------- d-----w c:\program files\Common Files\Apple
2009-04-07 21:53 --------- d-----w c:\program files\QuickTime
2009-04-06 20:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 22:34 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-01 12:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 02:46 --------- d-----w c:\program files\Symantec
2009-03-30 23:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-30 23:01 --------- d-----w c:\program files\SymNetDrv
2009-03-29 03:17 --------- d-----w c:\program files\AIMTunes
2009-03-27 06:51 --------- d-----w c:\program files\Common Files\AOL
2009-03-26 20:23 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-25 02:02 --------- d-----w c:\program files\RealRhapsody
2009-03-23 22:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 21:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-24 06:59 --------- d-----w c:\program files\America Online 9.0a
2009-02-17 18:51 --------- d-----w c:\program files\America Online 9.0
2009-02-15 20:05 --------- d-----w c:\program files\lotus
2009-02-14 06:57 --------- d-----w c:\program files\WiFiConnector
2008-12-13 20:53 47,360 ----a-w c:\documents and settings\DAD\Application Data\pcouffin.sys
2008-08-09 21:01 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2005-08-07 09:38 507,175 ----a-w c:\documents and settings\DAD\defs.zip
2004-02-28 12:53 32 ----a-w c:\program files\heck2flaw.dat
2003-08-27 19:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,160 2005-08-05 13:08:26 c:\program files\AIM\bak\aim.exe
----a-w 67,112 2006-08-01 21:35:36 c:\program files\AIM\aim.exe

----a-w 151,597 2003-12-11 09:02:11 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 155,648 2003-02-13 07:01:00 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

----a-w 58,992 2005-07-14 19:16:00 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 135,264 2002-04-03 07:01:00 c:\program files\Creative\SBLive\Diagnostics\bak\diagent.exe

----a-w 81,920 2004-08-22 15:05:02 c:\program files\D-Tools\bak\daemon.exe

----a-w 306,688 2004-07-19 06:51:24 c:\program files\Dell Support\bak\DSAgnt.exe

----a-w 53,248 2002-12-17 20:49:16 c:\program files\Fellowes\MediaFACE 4.0\bak\SetHook.exe

----a-w 49,152 2004-09-13 13:49:00 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 49,152 2004-09-13 21:49:00 c:\program files\HP\HP Software Update\hpwuSchd2.exe

----a-w 36,975 2005-11-10 11:03:52 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 35,328 2001-09-19 15:41:00 c:\program files\Logitech\MouseWare\system\bak\EM_EXEC.EXE

----a-w 7,086,080 2005-10-12 16:13:32 c:\program files\MSN Messenger\bak\MsnMsgr.Exe
----a-w 5,674,352 2007-01-19 17:54:56 c:\program files\MSN Messenger\msnmsgr.exe

----a-w 1,118,208 2006-05-26 11:39:18 c:\program files\MySpace\IM\bak\MySpaceIM.exe
----a-w 5,181,440 2007-03-07 05:06:56 c:\program files\MySpace\IM\MySpaceIM.exe

----a-w 98,304 2004-06-08 11:14:03 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2009-01-05 21:18:48 c:\program files\QuickTime\QTTask.exe

----a-w 335,872 2003-03-05 18:49:00 c:\program files\RealVNC\WinVNC\bak\WinVNC.exe

----a-w 100,056 2005-04-29 19:31:00 c:\program files\SymNetDrv\bak\SNDMon.exe

----a-w 35,328 2006-05-25 17:35:48 c:\program files\Winamp\bak\winampa.exe
----a-w 35,328 2006-11-21 17:38:22 c:\program files\Winamp\winampa.exe

----a-w 90,112 2000-05-11 07:00:00 c:\windows\bak\UpdReg.EXE

----a-w 28,672 2003-08-13 16:27:40 c:\windows\SYSTEM32\bak\DSentry.exe

----a-w 406,016 2003-12-04 17:34:44 c:\windows\SYSTEM32\bak\PSDrvCheck.exe

----a-w 114,741 2003-08-06 07:04:00 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"HostManager"="c:\program files\Common Files\AOL\1175216722\ee\AOLSoftware.exe" [2008-06-24 41824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [N/A]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [N/A]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-07-08 78960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ccWasher"="c:\program files\Cookie Washer\aolwasher.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [N/A]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="c:\program files\Skype\Phone\IEPlugin\unins000.exe" [N/A]

c:\documents and settings\DAD\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk.disabled [2006-12-31 1975]
PowerReg Scheduler V3.exe [2003-12-19 225280]
RAR Password Cracker.lnk.disabled [2008-03-19 817]
SpywareGuard.lnk.disabled [2004-05-01 650]

c:\documents and settings\JEAN-LUC\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-09-13 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
AutoCAD Startup Accelerator.lnk.disabled [2006-10-28 1985]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2009-01-22 1282122]
Event Reminder.lnk - c:\program files\PrintMaster Silver 17\Remind.exe [2006-02-22 344064]
HP Digital Imaging Monitor.lnk.disabled [2006-04-17 1844]
HP Image Zone Fast Start.lnk.disabled [2006-04-17 834]
Kodak EasyShare software.lnk.disabled [2007-09-08 1873]
KODAK Software Updater.lnk.disabled [2007-09-08 2032]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-09-23 114688]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-11-01 118784]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-02-14 1073152]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2004-03-22 69632]
Ulead Photo Express 3.0 SE Calendar Checker.lnk.disabled [2003-12-26 1898]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccPwdSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"LDM"=\Program\BackWeb-8876480.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Sonic RecordNow!"=
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HostManager"=c:\program files\Common Files\AOL\1175216722\ee\AOLSoftware.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" -s
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" /hide
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"mmtask"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"SM1BG"=c:\windows\SM1BG.EXE
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
"WebRebates0"="c:\program files\Web_Rebates\WebRebates0.exe"
"Windows SyncroAd"=c:\program files\Windows SyncroAd\SyncroAd.exe
"DeskAd Service"=c:\program files\DeskAd Service\DeskAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\1175216722\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Documents and Settings\\MINKE\\My Documents\\My Music\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\RealRhapsody\\rhapsody.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pxscan;pxscan;c:\windows\SYSTEM32\DRIVERS\pxscan.sys [2009-01-30 21512]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1005000.086\SymEFA.sys [2009-03-31 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1005000.086\BHDrvx86.sys [2009-03-31 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1005000.086\cchpx86.sys [2009-03-31 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090408.002\IDSXpx86.sys [2009-04-09 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\SYSTEM32\DRIVERS\CVPNDrv.sys [2009-01-22 267333]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-03-31 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-02 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S2 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service --> c:\program files\PrevxCSI\prevxcsi.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-09-21 29744]
S3 ldiskl;ldiskl;\??\c:\docume~1\JEAN-LUC\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\JEAN-LUC\LOCALS~1\Temp\ldiskl.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [2007-01-25 42000]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\SYSTEM32\DRIVERS\nuvvid2.sys [2003-12-20 155264]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\SYSTEM32\DRIVERS\snphv71.sys [2004-01-17 220928]
S3 USB-100;SMC Compact USB to Ethernet converter;c:\windows\SYSTEM32\DRIVERS\SMC2208.SYS [2003-12-16 27519]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0338fe57-32dd-11dc-8beb-00038a000015}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-05 c:\windows\Tasks\RoxioUpdator.job
- c:\program files\Common Files\Roxio Shared\Autoupdater\autoupdater.exe [2004-04-13 14:33]

2009-04-11 c:\windows\Tasks\{1A08BFE1-9719-48C6-80AB-16F1577AE638}_D6KH5X31_MOM.job
- c:\windows\system32\MOBSYNC.EXE [2004-08-04 02:56]

2009-04-11 c:\windows\Tasks\{6096632C-971C-4F8F-A382-A77B6621F64E}_D6KH5X31_SANNE_PIETER.job
- c:\windows\system32\MOBSYNC.EXE [2004-08-04 02:56]

2009-04-11 c:\windows\Tasks\{EEADB604-4A23-44A8-8289-D625FDC89D39}_D6KH5X31_JEAN-LUC.job
- c:\windows\system32\MOBSYNC.EXE [2004-08-04 02:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2a14ce34-4821-4966-821e-612c12be8468} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI9091~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: google.com\www
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
FF - ProfilePath - c:\documents and settings\DAD\Application Data\Mozilla\Firefox\Profiles\fromgl4p.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 12:52:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1205651540-596229874-3691167622-1007\Software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\CDAC11BA.EXE
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\mnmsrvc.exe
c:\progra~1\MI6841~1\MSSQL\Binn\sqlservr.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\lotus\notes\ntmulti.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\fxssvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-04-11 13:08:59 - machine was rebooted [DAD]
ComboFix-quarantined-files.txt 2009-04-11 18:08:51

Pre-Run: 1,603,084,288 bytes free
Post-Run: 1,618,440,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

1028 --- E O F --- 2009-03-16 08:05:19

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:17 PM

Posted 12 April 2009 - 04:49 AM

Sorry for the delay and thanks for the feedback.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    File::
    c:\windows\SYSTEM32\zitakihu.exe
    c:\windows\SYSTEM32\febasuvo.dll
    c:\windows\SYSTEM32\seruyone.dll
    
    Folder::
    c:\program files\Common
    C:\VundoFix Backups
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    Save this as CFScript.txt, in the same location as ComboFix.exe

    Close any open browsers.

    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start => Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. To do that:
      • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
      • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
      • Repeat as many times as necessary to remove each Java versions.
      • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
    Note 1. If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
    Note 2. The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.[/color][/i]

    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

  • Please copy and paste a fresh Hijackthis log to your reply. Tell me also how is the computer running.


#9 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 12 April 2009 - 11:15 AM

Good morning Farbar and a Happy Easter to you and your colleagues here -

The PC seems to be running much better and for the first time I have not received any notifications of Trojans from Norton.

A big thanks for all your help and I'll be sure to make a donation to keep you guys going.

Let me know if we're good to go.

Best regards

I uninstalled the older versions of Javan and ran the scripts you suggested. below the logs for ComboFix and HJThis respectively.

ComboFix 09-04-12.03 - DAD 2009-04-12 10:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1379 [GMT -5:00]
Running from: c:\documents and settings\DAD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DAD\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\SYSTEM32\febasuvo.dll
c:\windows\SYSTEM32\seruyone.dll
c:\windows\SYSTEM32\zitakihu.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common
c:\program files\Common\_helper.dll
c:\program files\Common\_helper.sig
C:\VundoFix Backups
c:\windows\SYSTEM32\febasuvo.dll
c:\windows\SYSTEM32\seruyone.dll
c:\windows\SYSTEM32\zitakihu.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.

2009-04-07 21:55 . 2009-04-07 21:55 -------- d-----w c:\program files\iPod
2009-04-07 21:55 . 2009-04-07 21:56 -------- d-----w c:\program files\iTunes
2009-04-07 21:55 . 2009-04-07 21:56 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 21:46 . 2009-03-26 20:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

2009-04-07 21:42 . 2009-04-07 21:42 -------- d-----w c:\program files\Safari
2009-04-07 21:41 . 2009-04-07 21:41 -------- d-----w c:\program files\Bonjour
2009-04-04 14:42 . 2009-04-04 14:42 -------- d-----w C:\New Folder (4)
2009-04-02 22:35 . 2009-04-02 22:35 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-02 22:34 . 2009-04-02 22:34 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-02 22:34 . 2009-04-02 22:34 -------- d-----w c:\documents and settings\DAD\Application Data\SUPERAntiSpyware.com
2009-04-02 11:49 . 2007-08-14 18:04 9216 ----a-w c:\windows\system32\ffnd.exe
2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\FreeFixer
2009-03-31 23:32 . 2009-03-31 02:22 119808 ----a-w C:\VundoFix.exe
2009-03-30 23:07 . 2009-02-27 10:57 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-03-30 23:07 . 2009-04-01 02:45 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-30 23:07 . 2009-04-01 02:45 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-30 23:07 . 2009-04-01 02:45 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-30 23:07 . 2009-04-01 02:45 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-30 23:06 . 2009-04-01 02:44 -------- d-----w c:\windows\system32\drivers\NAV
2009-03-30 23:06 . 2009-03-30 23:06 -------- d-----w c:\program files\Windows Sidebar
2009-03-30 23:06 . 2009-03-30 23:06 -------- d-----w c:\program files\Norton AntiVirus
2009-03-30 22:57 . 2009-03-30 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\PCSettings
2009-03-30 22:57 . 2009-03-30 23:06 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-03-30 22:53 . 2009-03-30 22:53 -------- d-----w c:\program files\NortonInstaller
2009-03-30 22:46 . 2009-03-30 23:06 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 15:21 . 2005-11-13 01:06 -------- d-----w c:\documents and settings\DAD\Application Data\Skype
2009-04-12 15:07 . 2009-04-12 15:07 452 ----a-w C:\CFScript.txt
2009-04-12 13:01 . 2008-06-21 16:22 -------- d-----w c:\documents and settings\DAD\Application Data\skypePM
2009-04-11 18:20 . 2009-04-11 18:20 91456 ----a-w C:\lComboFixLogog.txt
2009-04-11 17:19 . 2003-12-11 09:01 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-11 16:45 . 2007-03-11 16:37 -------- d-----w c:\program files\Apple Software Update
2009-04-11 16:45 . 2004-06-08 11:14 -------- d-----w c:\program files\Pure Networks
2009-04-11 16:09 . 2007-03-02 23:40 -------- d-----w c:\documents and settings\DAD\Application Data\Apple Computer
2009-04-11 00:40 . 2009-01-11 23:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 00:15 . 2008-07-01 17:14 34 ----a-w c:\documents and settings\DAD\jagex_runescape_preferences.dat
2009-04-09 23:35 . 2004-05-30 12:12 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-07 21:55 . 2007-07-18 04:19 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 21:53 . 2003-12-11 09:01 -------- d-----w c:\program files\QuickTime
2009-04-06 20:32 . 2009-01-11 23:56 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-01-11 23:56 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 22:34 . 2009-01-18 08:51 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-01 12:52 . 2003-12-21 20:28 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 02:46 . 2003-12-18 09:29 -------- d-----w c:\program files\Symantec
2009-04-01 01:34 . 2006-04-04 03:09 1229 ----a-w C:\VundoFix.txt
2009-03-30 23:21 . 2003-12-18 09:29 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 23:10 . 2003-12-18 09:29 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-30 23:01 . 2005-01-09 11:35 -------- d-----w c:\program files\SymNetDrv
2009-03-29 03:17 . 2009-01-15 17:29 -------- d-----w c:\program files\AIMTunes
2009-03-27 06:51 . 2003-12-11 09:00 -------- d-----w c:\program files\Common Files\AOL
2009-03-26 20:23 . 2008-02-15 00:57 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-25 02:02 . 2004-06-13 18:43 -------- d-----w c:\program files\RealRhapsody
2009-03-23 22:59 . 2003-12-21 20:27 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-26 22:28 . 2007-04-06 16:14 3350 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2009-02-24 16:38 . 2009-02-24 16:38 67 ----a-w C:\inferno.log
2009-02-24 06:59 . 2004-06-08 11:09 -------- d-----w c:\program files\America Online 9.0a
2009-02-17 18:51 . 2003-12-11 09:00 -------- d-----w c:\program files\America Online 9.0
2009-02-15 20:05 . 2009-02-15 20:05 -------- d-----w c:\program files\lotus
2009-02-14 06:57 . 2009-02-14 06:57 -------- d-----w c:\program files\WiFiConnector
2009-02-09 10:19 . 2002-08-29 11:00 1846272 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 10:19 . 2002-08-29 11:00 1846272 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-17 03:35 . 2004-01-21 21:19 3594752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-01-14 04:19 . 2004-04-20 23:12 73194 ----a-w C:\mmjb.DDF
2009-01-14 00:52 . 2006-10-29 16:35 21002 ----a-w C:\dvdfabexpress_burn.log
2008-12-13 20:53 . 2008-12-13 20:52 47360 ----a-w c:\documents and settings\DAD\Application Data\pcouffin.sys
2008-08-09 21:01 . 2007-11-03 00:13 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2005-08-07 09:38 . 2005-08-07 09:38 507175 ----a-w c:\documents and settings\DAD\defs.zip
2004-02-28 12:53 . 2004-02-28 12:53 32 ----a-w c:\program files\heck2flaw.dat
2003-08-27 19:19 . 2004-06-13 22:10 36963 ----a-r c:\program files\Common Files\SM1updtr.dll
2009-02-26 22:28 . 2007-04-06 16:19 168 --sh--r c:\windows\SYSTEM32\D52A2A07FB.sys
2009-02-26 22:28 . 2007-04-06 16:14 3350 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,160 2005-08-05 13:08 c:\program files\AIM\bak\aim.exe
----a-w 67,112 2006-08-01 21:35 c:\program files\AIM\aim.exe

----a-w 151,597 2003-12-11 09:02 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 155,648 2003-02-13 07:01 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

----a-w 58,992 2005-07-14 19:16 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 135,264 2002-04-03 07:01 c:\program files\Creative\SBLive\Diagnostics\bak\diagent.exe

----a-w 81,920 2004-08-22 15:05 c:\program files\D-Tools\bak\daemon.exe

----a-w 306,688 2004-07-19 06:51 c:\program files\Dell Support\bak\DSAgnt.exe

----a-w 53,248 2002-12-17 20:49 c:\program files\Fellowes\MediaFACE 4.0\bak\SetHook.exe

----a-w 49,152 2004-09-13 13:49 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 49,152 2004-09-13 21:49 c:\program files\HP\HP Software Update\hpwuSchd2.exe

----a-w 36,975 2005-11-10 11:03 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 35,328 2001-09-19 15:41 c:\program files\Logitech\MouseWare\system\bak\EM_EXEC.EXE

----a-w 7,086,080 2005-10-12 16:13 c:\program files\MSN Messenger\bak\MsnMsgr.Exe
----a-w 5,674,352 2007-01-19 17:54 c:\program files\MSN Messenger\msnmsgr.exe

----a-w 1,118,208 2006-05-26 11:39 c:\program files\MySpace\IM\bak\MySpaceIM.exe
----a-w 5,181,440 2007-03-07 05:06 c:\program files\MySpace\IM\MySpaceIM.exe

----a-w 98,304 2004-06-08 11:14 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2009-01-05 21:18 c:\program files\QuickTime\QTTask.exe

----a-w 335,872 2003-03-05 18:49 c:\program files\RealVNC\WinVNC\bak\WinVNC.exe

----a-w 100,056 2005-04-29 19:31 c:\program files\SymNetDrv\bak\SNDMon.exe

----a-w 35,328 2006-05-25 17:35 c:\program files\Winamp\bak\winampa.exe
----a-w 35,328 2006-11-21 17:38 c:\program files\Winamp\winampa.exe

----a-w 90,112 2000-05-11 07:00 c:\windows\bak\UpdReg.EXE

----a-w 28,672 2003-08-13 16:27 c:\windows\SYSTEM32\bak\DSentry.exe

----a-w 406,016 2003-12-04 17:34 c:\windows\SYSTEM32\bak\PSDrvCheck.exe

----a-w 114,741 2003-08-06 07:04 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"HostManager"="c:\program files\Common Files\AOL\1175216722\ee\AOLSoftware.exe" [2008-06-24 41824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [N/A]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [N/A]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-07-08 78960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ccWasher"="c:\program files\Cookie Washer\aolwasher.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [N/A]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="c:\program files\Skype\Phone\IEPlugin\unins000.exe" [N/A]

c:\documents and settings\DAD\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk.disabled [2006-12-31 1975]
PowerReg Scheduler V3.exe [2003-12-19 225280]
RAR Password Cracker.lnk.disabled [2008-03-19 817]
SpywareGuard.lnk.disabled [2004-05-01 650]

c:\documents and settings\JEAN-LUC\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-09-13 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
AutoCAD Startup Accelerator.lnk.disabled [2006-10-28 1985]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2009-01-22 1282122]
Event Reminder.lnk - c:\program files\PrintMaster Silver 17\Remind.exe [2006-02-22 344064]
HP Digital Imaging Monitor.lnk.disabled [2006-04-17 1844]
HP Image Zone Fast Start.lnk.disabled [2006-04-17 834]
Kodak EasyShare software.lnk.disabled [2007-09-08 1873]
KODAK Software Updater.lnk.disabled [2007-09-08 2032]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-09-23 114688]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-11-01 118784]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-02-14 1073152]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2004-03-22 69632]
Ulead Photo Express 3.0 SE Calendar Checker.lnk.disabled [2003-12-26 1898]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccPwdSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"LDM"=\Program\BackWeb-8876480.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Sonic RecordNow!"=
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HostManager"=c:\program files\Common Files\AOL\1175216722\ee\AOLSoftware.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" -s
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" /hide
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"mmtask"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"SM1BG"=c:\windows\SM1BG.EXE
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
"WebRebates0"="c:\program files\Web_Rebates\WebRebates0.exe"
"Windows SyncroAd"=c:\program files\Windows SyncroAd\SyncroAd.exe
"DeskAd Service"=c:\program files\DeskAd Service\DeskAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\1175216722\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Documents and Settings\\MINKE\\My Documents\\My Music\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Norton AntiVirus\\Norton AntiVirus\\Engine\\16.5.0.134\\ccSvcHst.exe"=
"c:\\Program Files\\RealRhapsody\\rhapsody.exe"=

R2 CSIScanner;CSIScanner; [x]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-19 29744]
R3 ldiskl;ldiskl; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
R3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
R3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\DRIVERS\snphv71.sys [2003-04-17 220928]
R3 USB-100;SMC Compact USB to Ethernet converter;c:\windows\system32\DRIVERS\SMC2208.SYS [2001-09-25 27519]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2009-01-30 21512]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-02-27 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-31 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090408.002\IDSxpx86.sys [2009-01-29 276344]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\Drivers\CVPNDRV.sys [2003-04-15 267333]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-30 101936]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0338fe57-32dd-11dc-8beb-00038a000015}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-05 c:\windows\Tasks\RoxioUpdator.job
- c:\program files\Common Files\Roxio Shared\Autoupdater\autoupdater.exe [2004-04-13 14:33]

2009-04-12 c:\windows\Tasks\{1A08BFE1-9719-48C6-80AB-16F1577AE638}_D6KH5X31_MOM.job
- c:\windows\system32\MOBSYNC.EXE [2004-08-04 02:56]

2009-04-12 c:\windows\Tasks\{6096632C-971C-4F8F-A382-A77B6621F64E}_D6KH5X31_SANNE_PIETER.job
- c:\windows\system32\MOBSYNC.EXE [2004-08-04 02:56]

2009-04-12 c:\windows\Tasks\{EEADB604-4A23-44A8-8289-D625FDC89D39}_D6KH5X31_JEAN-LUC.job
- c:\windows\system32\MOBSYNC.EXE [2004-08-04 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI9091~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: google.com\www
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
FF - ProfilePath - c:\documents and settings\DAD\Application Data\Mozilla\Firefox\Profiles\fromgl4p.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 10:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1205651540-596229874-3691167622-1007\Software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-04-12 10:30
ComboFix-quarantined-files.txt 2009-04-12 15:30
ComboFix2.txt 2009-04-11 18:09

Pre-Run: 1,447,960,576 bytes free
Post-Run: 1,435,475,968 bytes free

341 --- E O F --- 2009-03-16 08:05





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:10 AM, on 4/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1175216722\ee\AOLSoftware.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2a14ce34-4821-4966-821e-612c12be8468} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175216722\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - S-1-5-18 Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: RAR Password Cracker.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: SpywareGuard.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - .DEFAULT Startup: RAR Password Cracker.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: SpywareGuard.lnk.disabled (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RAR Password Cracker.lnk.disabled
O4 - Startup: SpywareGuard.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: KODAK Software Updater.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI9091~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI9091~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail.prgx.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16726 bytes

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:17 PM

Posted 12 April 2009 - 01:42 PM

A happy Easter to you too Pieter Pos.

Everything looks good and indeed you are good to go. Just a few final things and some optional recommendations.

Thanks for the donation.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
    O2 - BHO: (no name) - {2a14ce34-4821-4966-821e-612c12be8468} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

    The first reboot might be a little slow, the next one will be faster.

Optional Recommendations:
  • Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. If you are not behind a router I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:

    Sunbelt-Kerio
    (Note: You install the Sunbelt trial version but after the trial period it will revert back to free version.)

    Online Armor Free edition

  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has released Service Pack 3 which has more features and is more secure than Service Pack 2.

    When installing SP3 disable your antivirus real-time/auto-protection and enable it again after installing SP3.

    In order to update Windows go to Start -> All Programs -> Windows Update wait the page to be loaded, then press Custom button. Windows searches your computer and gives you possible updates.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.
Please let me know Combofix uninstalled properly.

Happy surfing!

#11 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 13 April 2009 - 08:11 PM

Hi Farbar

Thanks for the continued support. All recommendations have been implemented. yes, I am behind a router but will install the additional suggestions anyway.

Thanks tremendously for the help. If there is anything I can do to return the favor at anytime, let me know. I take you know how to reach me through my account info.

Thanks again and best regards

Pieter

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:17 PM

Posted 14 April 2009 - 04:39 PM

You are most welcome and thanks for the donation Pieter.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users