Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have been infected by a nasty rootkit {TDSS Variant}


  • This topic is locked This topic is locked
8 replies to this topic

#1 amolamo1980

amolamo1980

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:05:56 AM

Posted 27 July 2009 - 06:34 PM

I had a virus/something that played a audio clip of pro skaters getting interviewed. While trying to get rid of that this rootkit was discovered. This is the link for that problem which I believe is solved http://www.bleepingcomputer.com/forums/t/243428/no-programs-running-but-im-getting-audio/

Here is the DDS Log


DDS (Ver_09-06-26.01) - NTFSx86
Run by Amy Geno at 18:28:46.60 on Mon 07/27/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.843 [GMT -5:00]

AV: iolo AntiVirus® *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: iolo Personal Firewall® *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Subsonic\subsonic-service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Subsonic\subsonic-agent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
C:\Program Files\CometBird\CometBird.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Amy Geno\Desktop\My Stuff\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uWinlogon: Userinit=c:\windows\system32\qiawpbjj.exe,c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wishpot Button: {9e40f4a8-6896-4b67-91f5-f6f287ecb5d9} - c:\program files\wishpot\ietb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Wishpot Button: {7daaffd0-5a88-447d-96c6-e6ca06af0758} - c:\program files\wishpot\ietb.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\subsonic.lnk - c:\program files\subsonic\subsonic-agent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\common\firewall\iFW_Xfilter.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\amygen~1\appdata\roaming\mozilla\firefox\profiles\ld0xrkyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - The_Pirate_Bay Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\users\amy geno\appdata\roaming\mozilla\firefox\profiles\ld0xrkyg.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-11-9 12800]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-27 09:55 12,741 a------- c:\windows\system32\3215backdzor439.cpl
2009-07-26 02:42 4,308 a------- c:\windows\system32\98657spy4ze.exe
2009-07-26 01:14 13,973 a------- c:\windows\26140notza5virus7459.bin
2009-07-25 22:10 8,611 a------- c:\windows\28633s9azbot6c85.exe
2009-07-25 11:35 --d----- C:\Click to DVD 2
2009-07-25 01:22 10,517 a------- c:\windows\24358n5z-a-9irus9.exe
2009-07-24 23:41 15,764 a------- c:\windows\system32\599a5tealz292.cpl
2009-07-23 20:43 32 a----r-- c:\users\amy geno\hash.dat
2009-07-23 20:37 --d----- c:\users\amygen~1\appdata\roaming\Three Rings Design
2009-07-23 15:15 8,109 a------- c:\windows\system32\f05vzr1967.exe
2009-07-23 13:38 6,833 a------- c:\windows\6193thi5f1821z.cpl
2009-07-23 07:43 --d----- c:\program files\Sophos
2009-07-22 20:19 4,077 a------- c:\windows\system32\1dcavi9z55.bin
2009-07-22 01:53 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-22 01:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-22 01:53 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-22 01:53 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-21 23:25 --d----- c:\users\amy geno\DoctorWeb
2009-07-21 22:57 --d----- c:\users\amygen~1\appdata\roaming\Malwarebytes
2009-07-21 22:55 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 22:55 --d----- c:\programdata\Malwarebytes
2009-07-21 22:55 --d----- c:\progra~2\Malwarebytes
2009-07-21 22:55 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-21 22:55 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 17:04 3,635 a------- c:\windows\system32\299479acktozla5.dll
2009-07-20 04:55 6,296 a------- c:\windows\system32\7e96thzef2065.cpl
2009-07-19 00:05 14,369 a------- c:\windows\system32\32549ziru95d5.bin
2009-07-17 22:59 15,741 a------- c:\windows\43z6a5dware1957.bin
2009-07-16 19:16 13,017 a------- c:\windows\system32\7687hack9ooz56f.bin
2009-07-16 18:02 4,224 a------- c:\windows\17801spy5z9.cpl
2009-07-15 01:11 17,183 a------- c:\windows\system32\56f29hi5fz66.dll
2009-07-14 12:57 3,112 a------- c:\windows\19617wor5zbd9.bin
2009-07-14 05:30 8,456 a------- c:\windows\system32\3afspywzr91255.cpl
2009-07-13 20:01 4,574 a------- c:\windows\96815azktool6af.exe
2009-07-12 20:10 14,222 a------- c:\windows\94cedownloadez19485.exe
2009-07-12 12:17 13,492 a------- c:\windows\system32\188c9tea52z11.exe
2009-07-11 11:41 18,266 a------- c:\windows\16986hacz5ool219.exe
2009-07-10 20:53 17,320 a------- c:\windows\185fbackzoor2399.bin
2009-07-08 23:31 7,490 a------- c:\windows\1f795pyware6z69.dll
2009-07-08 17:07 11,771 a------- c:\windows\11369v9r5s54z.exe
2009-07-08 06:06 3,060 a------- c:\windows\system32\50b7doznloader31495.bin
2009-07-07 00:50 4,334 a------- c:\windows\system32\5059zspy426.bin
2009-07-04 22:44 6,956 a------- c:\windows\35dbstezl693.ocx
2009-07-04 19:55 9,875 a------- c:\windows\system32\80sparsz2295.ocx
2009-07-03 11:37 --d----- c:\program files\DVDVideoSoft
2009-07-03 11:37 --d----- c:\program files\common files\DVDVideoSoft
2009-07-03 11:28 --d----- c:\program files\XviD
2009-07-03 11:27 --d----- c:\program files\WMV9_VCM
2009-07-03 11:27 --d----- c:\program files\VirtualDub
2009-07-01 19:49 16,260 a------- c:\windows\16959spzmbote5.exe
2009-06-30 19:55 16,159 a------- c:\windows\1279vir538z.exe

==================== Find3M ====================

2009-06-25 11:39 6,414 a------- c:\windows\15999izu599.bin
2009-06-24 18:31 5,091 a------- c:\windows\66f9s5eaz851.exe
2009-06-23 07:54 5,415 a------- c:\windows\system32\1b9s5arse2z65.dll
2009-06-21 19:48 6,742 a------- c:\windows\281659py1ez.bin
2009-06-20 23:18 13,367 a------- c:\windows\5559spamb9t16z.dll
2009-06-20 11:20 6,677 a------- c:\windows\655add9arz2288.exe
2009-06-18 00:13 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-06-18 00:13 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-06-18 00:08 86,016 a------- c:\windows\inf\infpub.dat
2009-06-18 00:08 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-18 00:08 143,360 a------- c:\windows\inf\infstor.dat
2009-06-17 03:41 5,401 a------- c:\windows\3a98thzef596.exe
2009-06-16 14:59 9,120 a------- c:\windows\system32\5405dowzl5ad9r1949.bin
2009-06-14 05:38 17,712 a------- c:\windows\system32\59z55spy295.exe
2009-06-13 06:49 7,322 a------- c:\windows\9z23spamb593e5.dll
2009-06-13 06:46 15,305 a------- c:\windows\219639iruz351.bin
2009-06-12 17:57 8,814 a------- c:\windows\system32\3z536s5y7829.bin
2009-06-12 11:37 15,165 a------- c:\windows\system32\15469h9ck5oolz51.bin
2009-06-06 17:38 18,421 a------- c:\windows\system32\4355th9zf2423.dll
2009-06-03 08:10 3,225 a------- c:\windows\system32\285z2spambo99a.bin
2009-05-31 19:35 14,352 a------- c:\windows\system32\5993s5ywaze2035.bin
2009-05-29 15:54 940,896 a------- c:\windows\system32\Incinerator.dll
2009-05-28 08:19 5,239 a------- c:\windows\210adownl5aderz359.exe
2009-05-28 07:26 7,188 a------- c:\windows\system32\12046spz9205.bin
2009-05-25 05:53 12,447 a------- c:\windows\2959zspy35.bin
2009-05-22 15:16 12,505 a------- c:\windows\3be3szyw9re1650.exe
2009-05-21 04:50 11,101 a------- c:\windows\system32\7a44spzw5re2339.dll
2009-05-18 18:22 4,262 a------- c:\windows\z9c5s95al2128.dll
2009-05-17 09:30 14,416 a------- c:\windows\system32\374059amboz35e.dll
2009-05-15 17:54 14,980 a------- c:\windows\system32\f5zspar951673.exe
2009-05-13 12:28 4,020 a------- c:\windows\system32\5069spywarez728.bin
2009-05-12 22:48 3,884 a------- c:\windows\system32\tmp.reg
2009-05-12 22:48 691 a------- c:\users\amygen~1\appdata\roaming\GetValue.vbs
2009-05-12 22:48 35 a------- c:\users\amygen~1\appdata\roaming\SetValue.bat
2009-05-11 21:41 10,594 a------- c:\windows\139515ozm5b69.dll
2009-05-10 05:24 15,261 a------- c:\windows\system32\61d5zir2789.exe
2009-05-09 23:27 14,034 a------- c:\windows\system32\3594thiefz458.exe
2009-05-09 21:53 14,368 a------- c:\windows\9449tr5j424z.dll
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-07 02:54 2,926 a------- c:\windows\927845zyf8.exe
2009-05-06 13:50 17,439 a------- c:\windows\system32\563zir1229.dll
2009-05-05 06:37 10,797 a------- c:\windows\50599ackdzor2455.bin
2009-05-03 14:30 11,819 a------- c:\windows\1579backdzo91861.bin
2009-04-30 01:36 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-03-22 15:36 122 a------- c:\users\amygen~1\appdata\roaming\wklnhst.dat
2008-12-01 08:52 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-12-01 08:52 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-09-24 14:32 174 a--sh--- c:\program files\desktop.ini
2008-09-24 14:22 665,600 a------- c:\windows\inf\drvindex.dat
2007-12-19 23:17 774,144 a------- c:\program files\RngInterstitial.dll
2007-04-14 15:25 1,132,112 a------- c:\programdata\pswi_preloaded.exe
2007-04-14 15:25 1,132,112 a------- c:\progra~2\pswi_preloaded.exe
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:29:31.37 ===============





Thanks in advance.

--Amy

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 28 July 2009 - 04:18 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 amolamo1980

amolamo1980
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:05:56 AM

Posted 28 July 2009 - 08:06 PM

ComboFix 09-07-28.01 - Amy Geno 07/28/2009 19:53.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.930 [GMT -5:00]
Running from: c:\users\Amy Geno\Desktop\Combo-Fix.exe
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall® *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1302017585-2087028640-3495130007-500
c:\$recycle.bin\S-1-5-21-1433855387-3098790754-3859987759-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\windows\10344troz295.bin
c:\windows\10710vir95ez.ocx
c:\windows\1114zhackt9ol506.ocx
c:\windows\11369v9r5s54z.exe
c:\windows\11515wzrm2e9.bin
c:\windows\11691vir5z3d9.exe
c:\windows\1279vir538z.exe
c:\windows\13060zot-a-9irus635.cpl
c:\windows\13075spam9ot76z.exe
c:\windows\133715p92z7.exe
c:\windows\139515ozm5b69.dll
c:\windows\14043zro9552.dll
c:\windows\14111spz9bot6e85.bin
c:\windows\14250spy59fz.ocx
c:\windows\1429zt95l863.bin
c:\windows\14325n9t-a-vzrus85.dll
c:\windows\1455s9y95z.exe
c:\windows\145629zr5cf.bin
c:\windows\145znot9a-v5rus36f.bin
c:\windows\146895roj69z.cpl
c:\windows\1480notza-vi9us525.dll
c:\windows\148175ir9z536.dll
c:\windows\14aaad5zare389.ocx
c:\windows\15089noz-a-vir59545.exe
c:\windows\152409zruse0.dll
c:\windows\15396troj5z4.bin
c:\windows\15452not-a-9iruz1cd.exe
c:\windows\1556sparsez906.ocx
c:\windows\155edownlo9der253z.ocx
c:\windows\1579backdzo91861.bin
c:\windows\15939worm596z.cpl
c:\windows\15999izu599.bin
c:\windows\15a2baczdo9r2305.ocx
c:\windows\15daazdware5198.bin
c:\windows\15z9spambot33c9.cpl
c:\windows\16115not-a-v9ruz265.exe
c:\windows\1667th5zat92859.exe
c:\windows\16959spzmbote5.exe
c:\windows\16986hacz5ool219.exe
c:\windows\17271n5t-azvirus19b.ocx
c:\windows\17502wormz1a9.bin
c:\windows\17508viruz1b9.ocx
c:\windows\175z9vi5us289.ocx
c:\windows\17801spy5z9.cpl
c:\windows\1842znot-a-95rus162.bin
c:\windows\18553virzs8e9.dll
c:\windows\18554worz3719.bin
c:\windows\1857backdzor9781.exe
c:\windows\185fbackzoor2399.bin
c:\windows\190thizf2925.exe
c:\windows\1924zsp9mboted5.ocx
c:\windows\193z0hackto5l473.dll
c:\windows\19578worm629z.dll
c:\windows\19585wo5mz6c.cpl
c:\windows\1959not-azvir5s11a.exe
c:\windows\19617wor5zbd9.bin
c:\windows\19760z9t-a-vir5s6ba.exe
c:\windows\1988downlo5der1z90.exe
c:\windows\19d2sp5rsz98.bin
c:\windows\1c9zst5al9443.cpl
c:\windows\1d40adzwa5e339.bin
c:\windows\1f5spz9se22.bin
c:\windows\1f795pyware6z69.dll
c:\windows\1z036tr5j3919.dll
c:\windows\1z5fth9eat32652.exe
c:\windows\1z850spambo9f0.bin
c:\windows\1z9859pa5botb9.cpl
c:\windows\20369spy6fz5.cpl
c:\windows\20589hzck5ool4d9.exe
c:\windows\20808zo9-a-vir5s428.cpl
c:\windows\20z2s5ywar93157.cpl
c:\windows\210adownl5aderz359.exe
c:\windows\21797viru5z29.ocx
c:\windows\21801wo9z45f.cpl
c:\windows\219639iruz351.bin
c:\windows\220235otza-9irus308.bin
c:\windows\22496wozm57e.ocx
c:\windows\22534worm9z5.dll
c:\windows\22565no9-5-virus5bz.cpl
c:\windows\22685pars9z831.exe
c:\windows\22a5threaz11699.dll
c:\windows\2305spazbo952a.exe
c:\windows\2305zspambo9322.exe
c:\windows\23957t9oj16ez.ocx
c:\windows\2398troj5z1.exe
c:\windows\24146spz5099.bin
c:\windows\24562wo5965z.ocx
c:\windows\24718n5t-a-ziru9279.dll
c:\windows\24z85roj994.ocx
c:\windows\25068hac9tool7cez.bin
c:\windows\25295spy7z6.cpl
c:\windows\253389orm4zb.ocx
c:\windows\25378haz9tool54b5.exe
c:\windows\254thiz9253.bin
c:\windows\255cv5r1z49.cpl
c:\windows\25699not-azvir95412.bin
c:\windows\259005pamboz4f9.bin
c:\windows\2594zhack5ool97e.cpl
c:\windows\25d4downloader194z.exe
c:\windows\25d5th9eaz27569.ocx
c:\windows\26019wo5m19z.bin
c:\windows\26140notza5virus7459.bin
c:\windows\269185otza-9irusaa.cpl
c:\windows\26c7stea5198z.bin
c:\windows\26fz59reat10146.bin
c:\windows\26z89hreat5782.ocx
c:\windows\270z9wor5299.exe
c:\windows\2787worm9z5.dll
c:\windows\27996zpy1655.bin
c:\windows\279bst5al1501z.dll
c:\windows\27bzdownlo95er2815.exe
c:\windows\27f9spyzar5335.exe
c:\windows\280405acktooz9a9.dll
c:\windows\281659py1ez.bin
c:\windows\28625zorm1f59.ocx
c:\windows\28633s9azbot6c85.exe
c:\windows\29005vir9s7dfz.bin
c:\windows\29048zir5s924.ocx
c:\windows\29144hacktool3z5.exe
c:\windows\2944addware1151z.exe
c:\windows\2959zspy35.bin
c:\windows\29631hazkt5ol3a9.dll
c:\windows\2973tzreat2855.ocx
c:\windows\29785not-a9v5rus2z6.dll
c:\windows\29895spam9otz75.cpl
c:\windows\2998spar5e12z5.cpl
c:\windows\29b2ste5l25z59.cpl
c:\windows\29z48no5-a-virus198.dll
c:\windows\29z8sparse1153.dll
c:\windows\2a9fth5zf21639.cpl
c:\windows\2aaeszea59882.ocx
c:\windows\2d50sze5l9259.ocx
c:\windows\2de5dowzload9r3214.dll
c:\windows\2e7b5iz7619.ocx
c:\windows\2z143t5oj9d8.ocx
c:\windows\2z389teal1856.ocx
c:\windows\2z3e59ief959.dll
c:\windows\2z990spa5bot66d.bin
c:\windows\30453spa59zt16c.bin
c:\windows\3115359ojz8f.cpl
c:\windows\314495pz52e.bin
c:\windows\32377notza-v5rus559.cpl
c:\windows\325609r5jze.dll
c:\windows\32574hazkt5o9522.exe
c:\windows\325asteal9z.dll
c:\windows\326245zt-a-vi9us60b.ocx
c:\windows\32a8d59zloader2071.bin
c:\windows\32f5thrzat19983.ocx
c:\windows\32z32t95j1ce.ocx
c:\windows\337b5ckzoo92756.exe
c:\windows\35239spambot98z.ocx
c:\windows\35403w9rm57az.ocx
c:\windows\355bdzwn9oader2021.exe
c:\windows\3562trojz8d9.ocx
c:\windows\3599zhief523.cpl
c:\windows\35cbback9zor559.ocx
c:\windows\35dbstezl693.ocx
c:\windows\35eespywzre8059.ocx
c:\windows\38219pa5bot6z.cpl
c:\windows\38b89hreat1z2835.exe
c:\windows\3952tzoj33f9.ocx
c:\windows\3963zspy385.ocx
c:\windows\396zh95ktool485.bin
c:\windows\398st5al137z.dll
c:\windows\3999sp55zd.dll
c:\windows\399fviz2584.cpl
c:\windows\39c59ownloa5ez752.cpl
c:\windows\39d5steal995z.cpl
c:\windows\39zstea5696.exe
c:\windows\3a2cst9a51959z.exe
c:\windows\3a42add59rez20.dll
c:\windows\3a98thzef596.exe
c:\windows\3be2tzreat20965.dll
c:\windows\3be3szyw9re1650.exe
c:\windows\3c0thre9t2z556.cpl
c:\windows\3f3e5zdware2937.dll
c:\windows\3fac5hz9at23294.exe
c:\windows\3z40sparse92395.exe
c:\windows\3z50895y410.cpl
c:\windows\4330ba9kdoor3572z.dll
c:\windows\4382spamb5t9z9.ocx
c:\windows\43z6a5dware1957.bin
c:\windows\44ezspyw5re7969.bin
c:\windows\4516zro59e4.exe
c:\windows\45d9z9yware3007.exe
c:\windows\475z5ddwar92535.bin
c:\windows\4929backdo5z19939.bin
c:\windows\4974thi9549z.ocx
c:\windows\4993spy5arz2504.exe
c:\windows\49c7ste9l5549z.cpl
c:\windows\4de9down5o9derz401.bin
c:\windows\50448s9y2z6.dll
c:\windows\50599ackdzor2455.bin
c:\windows\5069z5rus1ab.ocx
c:\windows\50ccd9wzlo5der2995.exe
c:\windows\5109hazk5ool90e.cpl
c:\windows\51aead9war5z799.cpl
c:\windows\52a5st5al9997z.cpl
c:\windows\5375spars9z3.cpl
c:\windows\53c99zwnloader1232.cpl
c:\windows\53f9bac9doorz458.ocx
c:\windows\53z04wor93ee.dll
c:\windows\543espywaze2955.bin
c:\windows\5478not9z-virus7f2.dll
c:\windows\54856spy6z9.cpl
c:\windows\549z5wnloader1276.dll
c:\windows\5508n9t-a-virzs45.ocx
c:\windows\55243troz9cc.cpl
c:\windows\5554thief198z.bin
c:\windows\55599wozm159.bin
c:\windows\5559spamb9t16z.dll
c:\windows\5581sp9zbot583.bin
c:\windows\5598vzr3068.cpl
c:\windows\5599zpy5cf.cpl
c:\windows\55c8bzck9oor239.exe
c:\windows\55cfth59f923z.dll
c:\windows\56258n9t-a-vizus764.cpl
c:\windows\56409pywarz3109.ocx
c:\windows\5653hzcktoo91da.bin
c:\windows\565cspzrse10439.ocx
c:\windows\5669addwa5z1196.exe
c:\windows\566b59arze73.cpl
c:\windows\56735worz9ac.ocx
c:\windows\56z7vir5979.bin
c:\windows\573bzparse979.ocx
c:\windows\58aespzrse869.dll
c:\windows\5915ste9z2301.exe
c:\windows\591s5arze2665.dll
c:\windows\59259ackdoor72z.bin
c:\windows\5945spy395z.ocx
c:\windows\5956addzare972.exe
c:\windows\5969thz5f2992.ocx
c:\windows\5977tzief55.cpl
c:\windows\59859py3z3.ocx
c:\windows\5990vzr30785.exe
c:\windows\59cfaddzare728.bin
c:\windows\59d9zpa5se3184.dll
c:\windows\59zesteal1985.bin
c:\windows\5ab59ackdzor3015.bin
c:\windows\5b35st9zl1163.cpl
c:\windows\5b8z9hief589.cpl
c:\windows\5be3b5ckdoor9154z.dll
c:\windows\5c49sparz5464.cpl
c:\windows\5c6z5ack9oor2284.bin
c:\windows\5c92zir98.cpl
c:\windows\5cd5threat962z5.ocx
c:\windows\5ce1sparse12z59.dll
c:\windows\5d185pywa9e73z.bin
c:\windows\5d1eb9ckdozr2562.exe
c:\windows\5dz8bac9d5or2122.ocx
c:\windows\5e1s9ealz04.dll
c:\windows\5e23backdzor9565.exe
c:\windows\5ebestea539z8.exe
c:\windows\5ef0ste9l2822z.exe
c:\windows\5f9edownl5ader78z.bin
c:\windows\5f9vir1627z.bin
c:\windows\5fzbspar9e18115.ocx
c:\windows\5z38spars55729.bin
c:\windows\5z591spy68d.dll
c:\windows\5za1backdoor2589.exe
c:\windows\5zf7sparse2995.bin
c:\windows\6013dowzlo9der2359.bin
c:\windows\6015wo9m94z.ocx
c:\windows\6065sza9bot350.dll
c:\windows\60a0backdoor1579z.bin
c:\windows\6155ste9l11z.exe
c:\windows\618czown95ader2080.bin
c:\windows\6193thi5f1821z.cpl
c:\windows\6195spyware1z999.cpl
c:\windows\63e0bz9kdoor5745.cpl
c:\windows\6479zpambot65f.exe
c:\windows\655add9arz2288.exe
c:\windows\6579spzrse1145.cpl
c:\windows\6587backdoo596z.dll
c:\windows\65a9downloadez9229.cpl
c:\windows\6695adzware1926.cpl
c:\windows\66a3s5ywzre169.exe
c:\windows\66f9s5eaz851.exe
c:\windows\6799szywa5e590.dll
c:\windows\691d5ackdooz6159.cpl
c:\windows\6926sp5ware1z73.bin
c:\windows\69ccdowzloa5er2891.cpl
c:\windows\6a06vi9995z.dll
c:\windows\6bz8sparse2995.exe
c:\windows\6bzcvir5959.dll
c:\windows\6c59thief16z6.ocx
c:\windows\6dfcth9ez5586.bin
c:\windows\6ef2bz95door1854.ocx
c:\windows\6ez2spa5se9370.exe
c:\windows\6z4cspar9e12845.exe
c:\windows\6z58thief2949.ocx
c:\windows\6z90steal1235.exe
c:\windows\6z95backdoo52186.ocx
c:\windows\6z99thi5f342.cpl
c:\windows\700c9zief32735.exe
c:\windows\700dbzckdoo51498.ocx
c:\windows\7087add5zre496.cpl
c:\windows\72415ddw9re26z9.ocx
c:\windows\72dzs9eal23425.ocx
c:\windows\73zthr95t14820.ocx
c:\windows\7418back9oo5180z.cpl
c:\windows\7422backd95z428.bin
c:\windows\7526addware93z.ocx
c:\windows\7591sparse1358z.bin
c:\windows\75f99dd5are1321z.ocx
c:\windows\771zhac5tool9d.exe
c:\windows\7725st9zl450.ocx
c:\windows\7754dz95loader276.exe
c:\windows\7755adzw9re570.cpl
c:\windows\78eezpars91158.cpl
c:\windows\7953hacktoolz91.cpl
c:\windows\79cdb5ckzoor1090.dll
c:\windows\7c5czownl95der731.exe
c:\windows\7d59z5a9se2372.ocx
c:\windows\7db6virz5849.ocx
c:\windows\7z75s9eal405.dll
c:\windows\7z859hreat23285.dll
c:\windows\7zf2spars926955.dll
c:\windows\829spazbo95aa.exe
c:\windows\83419py6z5.bin
c:\windows\8595spambotz5f.bin
c:\windows\8947nzt-a-9irus385.exe
c:\windows\9129spzrse21995.bin
c:\windows\91549w5rm10z.dll
c:\windows\92169zac5tool44b.ocx
c:\windows\927845zyf8.exe
c:\windows\9300sz9575.dll
c:\windows\9366spyware27z45.cpl
c:\windows\937z2s5y3cf.exe
c:\windows\938cspywa5e7z5.ocx
c:\windows\9391not5a-viruz55d.dll
c:\windows\93z35virus76.cpl
c:\windows\9449tr5j424z.dll
c:\windows\9455spz9ce.bin
c:\windows\94cedownloadez19485.exe
c:\windows\95395pambot2za.bin
c:\windows\95737not-a-viruz37b.dll
c:\windows\95959pamboz227.cpl
c:\windows\95dz5ackdoor278.bin
c:\windows\95espy5a9z890.dll
c:\windows\96154troz5b3.bin
c:\windows\96815azktool6af.exe
c:\windows\9702not5a-zirus9df.cpl
c:\windows\9749v5r9s35dz.exe
c:\windows\9790virzs4595.bin
c:\windows\97927zp5c5.dll
c:\windows\99955not-a-viru57f0z.ocx
c:\windows\9b29d5wnloader1886z.bin
c:\windows\9c6s95wzre337.exe
c:\windows\9de05hiefz211.dll
c:\windows\9fcadow5lozder262.bin
c:\windows\9z23spamb593e5.dll
c:\windows\a2dvz96295.cpl
c:\windows\a39spzwar5990.exe
c:\windows\d30thrz594849.cpl
c:\windows\d65szeal1994.ocx
c:\windows\d9f5pywarz656.ocx
c:\windows\dz5do5nlo9der453.dll
c:\windows\f3fs9e5l25z2.dll
c:\windows\Installer\30fb43f3.msp
c:\windows\system32\1065zspy59.exe
c:\windows\system32\10954s9ambot4b8z.dll
c:\windows\system32\10c5addwar919z05.cpl
c:\windows\system32\10z09hacktoo539d.cpl
c:\windows\system32\11794spamz9t522.ocx
c:\windows\system32\11871zorm3259.bin
c:\windows\system32\1190back5ozr2569.exe
c:\windows\system32\11z97spambot529.bin
c:\windows\system32\12046spz9205.bin
c:\windows\system32\12988t5ozca.dll
c:\windows\system32\1299zvirus2a5.ocx
c:\windows\system32\12z96wo5m52f.exe
c:\windows\system32\13039v5rzs934.bin
c:\windows\system32\1315zv5rus7e9.bin
c:\windows\system32\13559worm359z.exe
c:\windows\system32\13569wzrm749.exe
c:\windows\system32\137athre9t19z45.dll
c:\windows\system32\14440noz-a-viru566c9.cpl
c:\windows\system32\151zspy975.bin
c:\windows\system32\15287zp95cf.exe
c:\windows\system32\152z6hac5tool6919.exe
c:\windows\system32\15469h9ck5oolz51.bin
c:\windows\system32\15790zo9-a5virus25e.exe
c:\windows\system32\16043tz5j79b.dll
c:\windows\system32\16332spa5zot259.ocx
c:\windows\system32\16880spamboz2915.cpl
c:\windows\system32\1693threat15559z.dll
c:\windows\system32\170295roj509z.bin
c:\windows\system32\1755download9r59z.cpl
c:\windows\system32\17569spa5boz551.ocx
c:\windows\system32\17580z9rm45e.dll
c:\windows\system32\17900not-z-v5rus13.cpl
c:\windows\system32\18014s5a9bot5z7.ocx
c:\windows\system32\180fadd5aze609.bin
c:\windows\system32\1819ot-a-5irusz2.ocx
c:\windows\system32\18616zpy5959.ocx
c:\windows\system32\18671s5z986.dll
c:\windows\system32\18761spy6z59.cpl
c:\windows\system32\18862v9rus65az.bin
c:\windows\system32\188c9tea52z11.exe
c:\windows\system32\1895trojz01.cpl
c:\windows\system32\19002sp9mbotzaf5.cpl
c:\windows\system32\192t5ief2461z.cpl
c:\windows\system32\19530haczt9ol57f.exe
c:\windows\system32\195985o9m22z.dll
c:\windows\system32\19961nzt-a-5irus24d.ocx
c:\windows\system32\19a45parsez272.exe
c:\windows\system32\19z50tr9j559.cpl
c:\windows\system32\19z99spam5ot7f1.bin
c:\windows\system32\1af6sparsez4459.dll
c:\windows\system32\1b9s5arse2z65.dll
c:\windows\system32\1c95backdoor2z95.dll
c:\windows\system32\1dcavi9z55.bin
c:\windows\system32\1e82zhief1159.bin
c:\windows\system32\1f5zspyw9re1430.bin
c:\windows\system32\1z359spy4c.cpl
c:\windows\system32\20449dd5arez627.ocx
c:\windows\system32\209215pamboz7bc.exe
c:\windows\system32\209zteal5949.dll
c:\windows\system32\20e15owzloader1944.dll
c:\windows\system32\2157zownloade59055.ocx
c:\windows\system32\21bzthr5a922844.cpl
c:\windows\system32\21z35virus49d.bin
c:\windows\system32\22799hac9too57zd.exe
c:\windows\system32\22z20troj5f59.exe
c:\windows\system32\2335b5ck9oorz709.ocx
c:\windows\system32\23z89vi5us17b.dll
c:\windows\system32\24253not-9-virzs1db.ocx
c:\windows\system32\249z2h5cktool13.exe
c:\windows\system32\24z2sp9rse53.cpl
c:\windows\system32\250259py41fz.bin
c:\windows\system32\2526spa9b5t82z.dll
c:\windows\system32\25539zpam9ot1b5.dll
c:\windows\system32\25585vi9us59z.ocx
c:\windows\system32\25709v9zus4e5.cpl
c:\windows\system32\25829not-z-virus1a5.cpl
c:\windows\system32\2593zir35.ocx
c:\windows\system32\25984tr5z41.ocx
c:\windows\system32\26191wor5z20.dll
c:\windows\system32\2626zs59665.exe
c:\windows\system32\2653steaz3296.bin
c:\windows\system32\26584tro9z67.ocx
c:\windows\system32\27249wzr54f0.bin
c:\windows\system32\2726z59rm332.bin
c:\windows\system32\274z759y486.dll
c:\windows\system32\2783thi9f2565z.dll
c:\windows\system32\27959wo9m48az.exe
c:\windows\system32\2798znot-a-virus650.exe
c:\windows\system32\280ebackdo5r9z51.bin
c:\windows\system32\2824ztro96995.ocx
c:\windows\system32\282959zy775.exe
c:\windows\system32\282woz59e4.cpl
c:\windows\system32\285z2spambo99a.bin
c:\windows\system32\28795not-a5virusb7z.ocx
c:\windows\system32\28983z9am5otfd.bin
c:\windows\system32\289dth5zat11265.cpl
c:\windows\system32\2905hackt5ol4z89.cpl
c:\windows\system32\291835ro9747z.cpl
c:\windows\system32\291fthief20z5.cpl
c:\windows\system32\292z25orm336.bin
c:\windows\system32\29431h9cktooz3e5.cpl
c:\windows\system32\2988zw5rm1c9.bin
c:\windows\system32\299479acktozla5.dll
c:\windows\system32\299z2spy7805.bin
c:\windows\system32\29f0z5reat4059.bin
c:\windows\system32\2d319h5eatz3582.cpl
c:\windows\system32\2f375tzal2395.cpl
c:\windows\system32\2z157v9rus199.ocx
c:\windows\system32\2z197troj25.cpl
c:\windows\system32\2z401sp947c5.cpl
c:\windows\system32\2z501no5-a9virus716.bin
c:\windows\system32\2z629hac59ool9f.ocx
c:\windows\system32\2z69spyw5re2974.cpl
c:\windows\system32\2zabs5ea9229.bin
c:\windows\system32\311z4not-a5v9rus23e.ocx
c:\windows\system32\31657hackt9z5659.exe
c:\windows\system32\31823hac5tool709z.cpl
c:\windows\system32\318749pam5ozc7.ocx
c:\windows\system32\321099rojz1d5.dll
c:\windows\system32\3215backdzor439.cpl
c:\windows\system32\32385spzm5ot479.bin
c:\windows\system32\32549ziru95d5.bin
c:\windows\system32\3342t5i9f30z5.bin
c:\windows\system32\3477s9az5e1731.bin
c:\windows\system32\351as5arse190z9.dll
c:\windows\system32\358279zambot272.bin
c:\windows\system32\3594thiefz458.exe
c:\windows\system32\35970zacktool9d8.ocx
c:\windows\system32\35casp5w9ze2901.exe
c:\windows\system32\3619spa5boz3db.ocx
c:\windows\system32\36a2addwzre15589.bin
c:\windows\system32\374059amboz35e.dll
c:\windows\system32\37559py5z3.dll
c:\windows\system32\37ceszyw5re1259.bin
c:\windows\system32\3919virus354z.cpl
c:\windows\system32\3950thief9935z.dll
c:\windows\system32\39665irus3z.bin
c:\windows\system32\396z5virus51.exe
c:\windows\system32\3a7bzteal9005.exe
c:\windows\system32\3adbste5l2z569.bin
c:\windows\system32\3afspywzr91255.cpl
c:\windows\system32\3ea2th9ez2715.dll
c:\windows\system32\3f05dzwnloader926.cpl
c:\windows\system32\3z09downloa5er3224.cpl
c:\windows\system32\3z143s9ambot745.exe
c:\windows\system32\3z536s5y7829.bin
c:\windows\system32\3z69worm358.dll
c:\windows\system32\4035th9eatz884.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\40azs95al223.dll
c:\windows\system32\41339ro5z9b.dll
c:\windows\system32\4140vi5490z.cpl
c:\windows\system32\4171worm50z9.exe
c:\windows\system32\41bz95eal2564.cpl
c:\windows\system32\4291sp5rse1z71.cpl
c:\windows\system32\4292spzmbo595.exe
c:\windows\system32\434z5t9al1596.dll
c:\windows\system32\4355th9zf2423.dll
c:\windows\system32\4415spyware1z769.exe
c:\windows\system32\452zspambo95b6.bin
c:\windows\system32\455dsp9ware521z.exe
c:\windows\system32\45c8thre9t25z00.bin
c:\windows\system32\45f5b5ck9oor2z95.bin
c:\windows\system32\4655t95ef53z.ocx
c:\windows\system32\47a6st5a98z9.dll
c:\windows\system32\4853virz869.dll
c:\windows\system32\48adzhreat237695.bin
c:\windows\system32\4937ste5z2506.bin
c:\windows\system32\4950addw5re2z59.dll
c:\windows\system32\497zsp5mbot13f.exe
c:\windows\system32\49ccthief5z87.cpl
c:\windows\system32\49z55pambot2b9.ocx
c:\windows\system32\4c3zspy9are2571.exe
c:\windows\system32\4cf095zef2993.bin
c:\windows\system32\4d43downlza5er1392.ocx
c:\windows\system32\4f279pars51711z.ocx
c:\windows\system32\4z05spywa9e2147.ocx
c:\windows\system32\4z1dthief6599.cpl
c:\windows\system32\4z55t9ief2958.bin
c:\windows\system32\4z755ir149.dll
c:\windows\system32\504av9r175z.bin
c:\windows\system32\5059zspy426.bin
c:\windows\system32\5069spywarez728.bin
c:\windows\system32\50b7doznloader31495.bin
c:\windows\system32\50z45virus4e9.bin
c:\windows\system32\5145spar9e2z56.ocx
c:\windows\system32\515839acktool515z.exe
c:\windows\system32\52095ownloadzr534.bin
c:\windows\system32\5289vz9us777.exe
c:\windows\system32\5405dowzl5ad9r1949.bin
c:\windows\system32\545cdown9oade52935z.ocx
c:\windows\system32\552aspa59e3015z.cpl
c:\windows\system32\554aaddwar9z052.exe
c:\windows\system32\55531tzo9589.ocx
c:\windows\system32\5559hzck9ool1fe.dll
c:\windows\system32\556e5ow9loader2z65.cpl
c:\windows\system32\556zacktool17e9.dll
c:\windows\system32\557espywarz1596.dll
c:\windows\system32\55b5sparse296z9.cpl
c:\windows\system32\55d9ownloader98z.cpl
c:\windows\system32\55daspyzare1839.exe
c:\windows\system32\5606spz9b3.exe
c:\windows\system32\563zir1229.dll
c:\windows\system32\56f29hi5fz66.dll
c:\windows\system32\56z45worm9d4.exe
c:\windows\system32\56z86ha9ktool21a.cpl
c:\windows\system32\575ftzrea5107509.bin
c:\windows\system32\57zcspywar92522.dll
c:\windows\system32\585steal9135z.bin
c:\windows\system32\585zspy9bf5.cpl
c:\windows\system32\586cback5ozr991.exe
c:\windows\system32\5887s9y4z5.cpl
c:\windows\system32\5896thzef5917.exe
c:\windows\system32\58z9thief5053.bin
c:\windows\system32\59063hacztool90a.dll
c:\windows\system32\5959zoj656.bin
c:\windows\system32\595zdo9nloader99.cpl
c:\windows\system32\5965worz905.exe
c:\windows\system32\5969spyzare165.dll
c:\windows\system32\5993s5ywaze2035.bin
c:\windows\system32\5995virus2b8z.exe
c:\windows\system32\59995zdware2618.bin
c:\windows\system32\599a5tealz292.cpl
c:\windows\system32\59cbbackdozr37.exe
c:\windows\system32\59czthie51766.bin
c:\windows\system32\59d5t9ief244z.exe
c:\windows\system32\59f4addwaze2165.bin
c:\windows\system32\59z55spy295.exe
c:\windows\system32\59z5w59m5a1.bin
c:\windows\system32\5a45thrzat291285.exe
c:\windows\system32\5c7czte95586.ocx
c:\windows\system32\5cezth9ef2317.cpl
c:\windows\system32\5cz0threat266669.exe
c:\windows\system32\5d39hzef1155.bin
c:\windows\system32\5df9zhr9a529090.dll
c:\windows\system32\5e19a9dz5re655.dll
c:\windows\system32\5fc9zteal2988.bin
c:\windows\system32\5z104virus739.cpl
c:\windows\system32\5z3619orm6fe.cpl
c:\windows\system32\5z53backdoo5196.cpl
c:\windows\system32\5z9b5ir2296.cpl
c:\windows\system32\6038zp5mb9t77f.bin
c:\windows\system32\60d1bac9do5rz31.exe
c:\windows\system32\61d5zir2789.exe
c:\windows\system32\622zbackdoor25259.dll
c:\windows\system32\62c9vzr3252.exe
c:\windows\system32\6321st9z52990.exe
c:\windows\system32\63z5troj79a.cpl
c:\windows\system32\64c8virz0589.ocx
c:\windows\system32\655backdoor1z959.cpl
c:\windows\system32\658e59wnloadez2463.dll
c:\windows\system32\659ethreat2138z.dll
c:\windows\system32\666zt59ef894.dll
c:\windows\system32\6719azdwa5e2904.ocx
c:\windows\system32\6853s9eal12z.ocx
c:\windows\system32\6935sp95z5.bin
c:\windows\system32\6980downloaz5r1782.ocx
c:\windows\system32\69bthr9at1691z5.bin
c:\windows\system32\69f5vir555z.ocx
c:\windows\system32\69ffad5warez301.bin
c:\windows\system32\6a27steal943z5.ocx
c:\windows\system32\6b19ste5l1492z.bin
c:\windows\system32\6b29bzckdo59700.bin
c:\windows\system32\6e90stez52721.dll
c:\windows\system32\6ed9back5ozr1970.exe
c:\windows\system32\6f94st5al237z.bin
c:\windows\system32\6fe95hief1721z.dll
c:\windows\system32\6ff3baczdoo53900.exe
c:\windows\system32\6z8059eal757.cpl
c:\windows\system32\6zbfspars52219.dll
c:\windows\system32\705a9ackdoor156z.dll
c:\windows\system32\70d9zddware1560.bin
c:\windows\system32\72435orm2z9.bin
c:\windows\system32\724esteaz13695.ocx
c:\windows\system32\728cspyw5rez699.exe
c:\windows\system32\7325ha9ktool43dz.ocx
c:\windows\system32\7489z59ktool583.dll
c:\windows\system32\752dthizf2936.exe
c:\windows\system32\755fbzckd9or5700.exe
c:\windows\system32\759ezownlo9der2702.dll
c:\windows\system32\75db9d5waze1989.dll
c:\windows\system32\7687hack9ooz56f.bin
c:\windows\system32\7695addwaz53263.exe
c:\windows\system32\77d9szywa9e542.bin
c:\windows\system32\7a44spzw5re2339.dll
c:\windows\system32\7a995ddware249z.exe
c:\windows\system32\7b49spars91565z.exe
c:\windows\system32\7bd9s5azs9914.cpl
c:\windows\system32\7cecth5e9t480z.bin
c:\windows\system32\7d25dow95oadzr2350.dll
c:\windows\system32\7d59sparse315z.dll
c:\windows\system32\7d9b9ac5door20z0.exe
c:\windows\system32\7e5eaddza9e1077.exe
c:\windows\system32\7e75spa9se25z5.cpl
c:\windows\system32\7e96thzef2065.cpl
c:\windows\system32\7ez95hief1529.cpl
c:\windows\system32\7f32st5a93z27.dll
c:\windows\system32\7fadth9ef2z685.bin
c:\windows\system32\7z46s5y99.exe
c:\windows\system32\7z46thie95008.dll
c:\windows\system32\80sparsz2295.ocx
c:\windows\system32\8320h5c9tool4fz.ocx
c:\windows\system32\8721spazbot2a59.bin
c:\windows\system32\8f15z9ef173.cpl
c:\windows\system32\9021zpy2559.ocx
c:\windows\system32\90713troj5aez.ocx
c:\windows\system32\907ba5kdoorz89.ocx
c:\windows\system32\9081zack5oor428.bin
c:\windows\system32\90955viruszd7.dll
c:\windows\system32\91290troz35f.exe
c:\windows\system32\9153tzreat539.dll
c:\windows\system32\91825pz440.ocx
c:\windows\system32\920sp9m5zt709.exe
c:\windows\system32\92e9b5ckdooz2185.ocx
c:\windows\system32\93399ir5s71z.cpl
c:\windows\system32\9385spyzare2093.exe
c:\windows\system32\9453steaz232.ocx
c:\windows\system32\94543spy7z8.bin
c:\windows\system32\951z3worm1b7.ocx
c:\windows\system32\95849zirus569.cpl
c:\windows\system32\95cspywzre2993.exe
c:\windows\system32\96505vzrus45e.bin
c:\windows\system32\965zste5l3130.dll
c:\windows\system32\978z9hacktoo539b.dll
c:\windows\system32\98657spy4ze.exe
c:\windows\system32\98845hacktool4z3.cpl
c:\windows\system32\991z2spy65a.dll
c:\windows\system32\9929wzr549c.exe
c:\windows\system32\99635zrm581.ocx
c:\windows\system32\99zthrea972135.ocx
c:\windows\system32\9e01vzr656.exe
c:\windows\system32\9fcdthreatz4152.exe
c:\windows\system32\9z40virus45c.dll
c:\windows\system32\9z45ddware3231.dll
c:\windows\system32\a2eadzwar516789.cpl
c:\windows\system32\aeb5owzloade9138.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\c3zv5r8139.bin
c:\windows\system32\cb89dzware2759.ocx
c:\windows\system32\cbzs5ywa9e3173.ocx
c:\windows\system32\d5athief1192z.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\f05vzr1967.exe
c:\windows\system32\f3czhre9t25894.ocx
c:\windows\system32\f59viz1265.cpl
c:\windows\system32\f5zspar951673.exe
c:\windows\system32\fab5hiefz249.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mfc45.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\z038wo9mb5.cpl
c:\windows\system32\z128ha5kt9ol5a6.ocx
c:\windows\system32\z295spyware9453.exe
c:\windows\system32\z424ha9kt5ol5ff.exe
c:\windows\system32\z5074spy5529.bin
c:\windows\system32\z5648hacktoo933c.cpl
c:\windows\system32\z5818tr9j49a.ocx
c:\windows\system32\z6708not5a-9irus314.cpl
c:\windows\system32\z76575ot-a9virus175.exe
c:\windows\system32\z86ebackdo5r1998.cpl
c:\windows\system32\z8997spy57d5.dll
c:\windows\system32\z9420spy95.cpl
c:\windows\system32\z9526virus5875.cpl
c:\windows\system32\z9985sp9550.ocx
c:\windows\system32\zacfsp9ware505.exe
c:\windows\system32\ze9s5eal401.ocx
c:\windows\z0157troj9ec5.ocx
c:\windows\z1231s9y705.exe
c:\windows\z1584worm909.cpl
c:\windows\z1d15parse9644.exe
c:\windows\z29945roj95.dll
c:\windows\z319thre5t4155.ocx
c:\windows\z3784not-a-vir9s359.bin
c:\windows\z3dd5ownload9r2836.cpl
c:\windows\z3hack9o5l761.exe
c:\windows\z5094worm958.exe
c:\windows\z5191spambot5149.cpl
c:\windows\z58esteal21739.exe
c:\windows\z6490t5oj1a9.exe
c:\windows\z7862spy5499.cpl
c:\windows\z892hackto5l457.dll
c:\windows\z89559pambot7dc.exe
c:\windows\z898spamb5tfa9.bin
c:\windows\z95fvir952.cpl
c:\windows\z968spars52504.exe
c:\windows\z9c5s95al2128.dll
c:\windows\z9fthrea531396.dll
c:\windows\za15th9ef2334.ocx
c:\windows\za8ba9kdoor15295.bin
c:\windows\zb57backdoor2905.bin
c:\windows\zc4fvi927125.bin
c:\windows\zf8spywa9e31355.cpl

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 01:02 . 2009-07-29 01:02 -------- d-----w- c:\users\Amy Geno\AppData\Local\temp
2009-07-25 16:35 . 2009-07-25 16:35 -------- d-----w- C:\Click to DVD 2
2009-07-25 06:22 . 2009-07-25 06:22 10517 ----a-w- c:\windows\24358n5z-a-9irus9.exe
2009-07-24 01:43 . 2009-05-25 01:43 32 ----a-r- c:\users\Amy Geno\hash.dat
2009-07-24 01:37 . 2009-07-24 01:37 413696 ----a-w- c:\users\Amy Geno\AppData\Roaming\Three Rings Design\Puzzle Pirates\native\OpenAL32.dll
2009-07-24 01:37 . 2009-07-24 01:37 153600 ----a-w- c:\users\Amy Geno\AppData\Roaming\Three Rings Design\Puzzle Pirates\native\lwjgl.dll
2009-07-24 01:37 . 2009-07-24 01:37 37973 ----a-w- c:\users\Amy Geno\AppData\Roaming\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
2009-07-24 01:37 . 2009-07-24 01:37 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\Three Rings Design
2009-07-23 12:43 . 2009-07-23 12:43 -------- d-----w- c:\program files\Sophos
2009-07-22 06:53 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-22 06:53 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-22 06:53 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-22 06:53 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-22 04:25 . 2009-07-22 04:32 -------- d-----w- c:\users\Amy Geno\DoctorWeb
2009-07-22 03:57 . 2009-07-22 03:57 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\Malwarebytes
2009-07-22 03:55 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 03:55 . 2009-07-22 03:55 -------- d-----w- c:\programdata\Malwarebytes
2009-07-22 03:55 . 2009-07-22 04:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 03:55 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 01:42 . 2009-07-22 01:42 -------- d-----w- c:\windows\Sun
2009-07-03 16:37 . 2009-07-03 16:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-03 16:37 . 2009-07-03 16:37 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-03 16:28 . 2009-07-03 16:28 -------- d-----w- c:\program files\XviD
2009-07-03 16:27 . 2009-07-03 16:27 -------- d-----w- c:\program files\WMV9_VCM
2009-07-03 16:27 . 2009-07-03 16:27 -------- d-----w- c:\program files\VirtualDub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 23:23 . 2008-10-19 20:12 1 ----a-w- c:\users\Amy Geno\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-25 16:35 . 2007-08-19 20:17 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\Sony Corporation
2009-07-24 20:30 . 2009-02-05 00:31 -------- d-----w- c:\program files\CometBird
2009-07-22 08:05 . 2008-09-27 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 06:03 . 2009-02-07 05:54 1356 ----a-w- c:\users\Amy Geno\AppData\Local\d3d9caps.dat
2009-07-22 03:19 . 2009-05-01 00:04 -------- d-----w- c:\program files\Wishpot
2009-07-22 02:38 . 2008-01-20 14:23 1305 ----a-w- c:\users\Amy Geno\AppData\Roaming\iolo\restore.bat
2009-07-22 02:03 . 2007-11-10 00:42 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\iolo
2009-07-22 02:03 . 2007-11-10 00:42 -------- d-----w- c:\programdata\iolo
2009-07-11 12:25 . 2007-08-19 20:17 109192 ----a-w- c:\users\Amy Geno\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-07 00:16 . 2009-04-18 21:30 -------- d-----w- c:\program files\BookSmart
2009-06-24 21:56 . 2009-04-22 02:11 -------- d-----w- c:\program files\Digsby
2009-06-24 21:53 . 2009-03-21 16:19 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\Skype
2009-06-23 08:23 . 2009-05-16 16:41 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-18 05:13 . 2009-06-18 05:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-06-18 05:13 . 2009-06-18 05:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-06-18 05:09 . 2009-06-18 05:08 -------- d-----w- c:\program files\Zune
2009-06-16 21:06 . 2009-07-10 01:53 47852 ----a-w- c:\windows\Fonts\LaPointesRoad.ttf
2009-06-15 08:12 . 2007-04-14 20:19 -------- d-----w- c:\programdata\Microsoft Help
2009-06-15 08:10 . 2007-04-14 20:04 -------- d-----w- c:\program files\Microsoft Works
2009-06-14 06:07 . 2009-06-14 06:07 -------- d-----w- c:\program files\Opera
2009-06-09 01:30 . 2009-06-09 01:30 -------- d-----w- c:\programdata\TomTom
2009-06-09 01:30 . 2009-06-09 01:30 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\TomTom
2009-06-09 01:30 . 2009-06-09 01:30 -------- d-----w- c:\program files\TomTom International B.V
2009-06-09 01:30 . 2009-06-09 01:30 -------- d-----w- c:\program files\TomTom HOME 2
2009-06-09 01:28 . 2009-06-09 01:28 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-06-07 19:51 . 2007-04-02 18:36 -------- d-----w- c:\program files\Java
2009-05-29 20:54 . 2007-12-13 03:53 940896 ----a-w- c:\windows\system32\Incinerator.dll
2009-05-29 18:10 . 2009-07-10 01:53 39916 ----a-w- c:\windows\Fonts\handsean.ttf
2009-05-20 12:40 . 2009-05-20 12:40 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-16 13:40 . 2009-05-16 13:40 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-13 03:48 . 2009-05-13 03:48 691 ----a-w- c:\users\Amy Geno\AppData\Roaming\GetValue.vbs
2009-05-13 03:48 . 2009-05-13 03:48 35 ----a-w- c:\users\Amy Geno\AppData\Roaming\SetValue.bat
2009-05-13 03:48 . 2009-05-13 03:48 35 ----a-w- c:\users\Amy Geno\AppData\Roaming\SetValue.bat
2009-05-09 05:50 . 2009-06-16 14:47 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-16 14:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2007-12-20 04:17 . 2007-12-20 04:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-05-03 17:45 . 2008-05-31 18:19 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-24 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-24 133912]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-08 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-23 321656]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-03-14 2322432]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-13 517768]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-05-21 314224]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Subsonic.lnk - c:\program files\Subsonic\subsonic-agent.exe [2009-2-1 160768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 22:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Amy Geno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Amy Geno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4261193372-3094273795-792597098-1005]
"EnableNotificationsRef"=dword:00000009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E85E7B0-0866-4262-B0FD-F9AE216A3FA7}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{367D59AB-63A3-49AF-B692-2B34CA1A7933}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{6DE0BC07-8BAB-42EA-8B57-0232C14DB221}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EF73B500-AF06-4408-9B7F-119BA2140976}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{81053BF2-A7FD-44D3-8A54-606EAFFD43F0}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B8BA68F9-754C-4D40-912B-A06CEAE5578A}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{BDD45462-5611-4FFF-A9E7-668CB993FBEB}"= UDP:25421:BitComet 25421 TCP
"{4E1219A8-94CC-4709-BE6A-5302F55BC56C}"= TCP:25421:BitComet 25421 UDP
"{725A9782-4C98-480B-9D73-68FE7F8186B6}"= TCP:67:DHCP Discovery Service
"{DB5B5857-EC3D-449D-ABBF-4FD6189DE9C7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1B3CCD17-8AA9-4887-9400-2F8A87C3FC8D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B3314916-E666-4952-8918-91EC91178497}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CC0EE9A6-8DC5-45F0-BD50-962418B4F417}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{00E4A16C-392A-4DBD-AE4B-9ADFB8B40387}"= UDP:25421:BitComet 25421 TCP
"{FD83743A-AC49-4267-ADAA-709BEF66414D}"= TCP:25421:BitComet 25421 UDP
"TCP Query User{D31BE7F5-2D43-4152-B3E1-5062A4AB7D0B}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{954E7140-3266-4B1D-BFBF-AB8A99B28319}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"{91A31384-4EF2-4B4F-A557-FD578124AD4A}"= UDP:c:\program files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{E05B7D8F-C6CD-4DFC-8AD9-FF1DC2651428}"= TCP:c:\program files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{05D32048-72DD-40D9-861B-A2BECE6231AE}"= UDP:c:\program files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{DB103722-29E0-4253-820E-70F7C3B80A60}"= TCP:c:\program files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{2C75ECA5-C645-4A24-BD40-0A90AB3E0005}"= UDP:c:\program files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{61D61296-2085-4F8A-84CB-4301AB593487}"= TCP:c:\program files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{F47B3F7F-AAEA-4CBB-B34D-C8CBA0882453}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 XPacket;iolo Personal Firewall Driver;c:\windows\System32\xpacket.sys [11/9/2007 8:18 PM 39424]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [11/9/2007 8:18 PM 12800]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/23/2008 12:45 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/23/2008 12:45 PM 600944]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [1/3/2007 1:19 PM 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/24/2009 6:57 AM 92008]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [3/30/2007 9:48 PM 74240]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [3/30/2007 9:48 PM 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [3/30/2007 9:38 PM 30976]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [3/30/2007 10:03 PM 807424]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [4/14/2007 3:01 PM 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe [4/14/2007 3:01 PM 67760]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 4:41 PM 42112]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [4/14/2007 3:42 PM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [4/14/2007 3:42 PM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [4/14/2007 3:42 PM 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\User_Feed_Synchronization-{5E60D3F1-B33E-43E6-B6B7-4F483B615DDD}.job
- c:\windows\system32\msfeedssync.exe [2009-06-16 11:31]
.
.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\Sony\Image Converter 3\menu.htm
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
FF - ProfilePath - c:\users\Amy Geno\AppData\Roaming\Mozilla\Firefox\Profiles\ld0xrkyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - The_Pirate_Bay Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\users\Amy Geno\AppData\Roaming\Mozilla\Firefox\Profiles\ld0xrkyg.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 20:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\84F7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4261193372-3094273795-792597098-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71B224D2-8332-FFD1-CC64-07037CCF1D59}*]
"haganmappkhkmbli"=hex:69,61,68,70,67,62,6b,70,6e,6c,67,6e,6c,64,6a,6b,64,68,
00,dc
"iamohhbegghpefkfif"=hex:69,61,68,70,67,62,6b,70,6e,6c,67,6e,6c,64,6a,6b,64,68,
00,dc

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
.
Completion time: 2009-07-29 20:05
ComboFix-quarantined-files.txt 2009-07-29 01:04
ComboFix2.txt 2007-11-11 22:48

Pre-Run: 42,914,463,744 bytes free
Post-Run: 43,663,749,120 bytes free

1057 --- E O F --- 2009-07-22 08:03

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 29 July 2009 - 01:39 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\24358n5z-a-9irus9.exe

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 amolamo1980

amolamo1980
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:05:56 AM

Posted 29 July 2009 - 07:54 AM

ComboFix 09-07-28.04 - Amy Geno 07/29/2009 7:27.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1017 [GMT -5:00]
Running from: c:\users\Amy Geno\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Amy Geno\Desktop\CFScript.txt
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall® *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\24358n5z-a-9irus9.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\24358n5z-a-9irus9.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 12:31 . 2009-07-29 12:44 -------- d-----w- c:\users\Amy Geno\AppData\Local\temp
2009-07-25 16:35 . 2009-07-25 16:35 -------- d-----w- C:\Click to DVD 2
2009-07-24 01:43 . 2009-05-25 01:43 32 ----a-r- c:\users\Amy Geno\hash.dat
2009-07-24 01:37 . 2009-07-24 01:37 413696 ----a-w- c:\users\Amy Geno\AppData\Roaming\Three Rings Design\Puzzle Pirates\native\OpenAL32.dll
2009-07-24 01:37 . 2009-07-24 01:37 153600 ----a-w- c:\users\Amy Geno\AppData\Roaming\Three Rings Design\Puzzle Pirates\native\lwjgl.dll
2009-07-24 01:37 . 2009-07-24 01:37 37973 ----a-w- c:\users\Amy Geno\AppData\Roaming\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
2009-07-24 01:37 . 2009-07-24 01:37 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\Three Rings Design
2009-07-23 12:43 . 2009-07-23 12:43 -------- d-----w- c:\program files\Sophos
2009-07-22 06:53 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-22 06:53 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-22 06:53 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-22 06:53 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-22 04:25 . 2009-07-22 04:32 -------- d-----w- c:\users\Amy Geno\DoctorWeb
2009-07-22 03:57 . 2009-07-22 03:57 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\Malwarebytes
2009-07-22 03:55 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 03:55 . 2009-07-22 03:55 -------- d-----w- c:\programdata\Malwarebytes
2009-07-22 03:55 . 2009-07-22 04:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 03:55 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 01:42 . 2009-07-22 01:42 -------- d-----w- c:\windows\Sun
2009-07-03 16:37 . 2009-07-03 16:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-03 16:37 . 2009-07-03 16:37 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-03 16:28 . 2009-07-03 16:28 -------- d-----w- c:\program files\XviD
2009-07-03 16:27 . 2009-07-03 16:27 -------- d-----w- c:\program files\WMV9_VCM
2009-07-03 16:27 . 2009-07-03 16:27 -------- d-----w- c:\program files\VirtualDub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 02:15 . 2008-10-19 20:12 1 ----a-w- c:\users\Amy Geno\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-25 16:35 . 2007-08-19 20:17 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\Sony Corporation
2009-07-24 20:30 . 2009-02-05 00:31 -------- d-----w- c:\program files\CometBird
2009-07-22 08:05 . 2008-09-27 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 06:03 . 2009-02-07 05:54 1356 ----a-w- c:\users\Amy Geno\AppData\Local\d3d9caps.dat
2009-07-22 03:19 . 2009-05-01 00:04 -------- d-----w- c:\program files\Wishpot
2009-07-22 02:38 . 2008-01-20 14:23 1305 ----a-w- c:\users\Amy Geno\AppData\Roaming\iolo\restore.bat
2009-07-22 02:03 . 2007-11-10 00:42 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\iolo
2009-07-22 02:03 . 2007-11-10 00:42 -------- d-----w- c:\programdata\iolo
2009-07-21 21:52 . 2009-07-29 00:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 00:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 00:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 00:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 12:25 . 2007-08-19 20:17 109192 ----a-w- c:\users\Amy Geno\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-07 00:16 . 2009-04-18 21:30 -------- d-----w- c:\program files\BookSmart
2009-06-24 21:56 . 2009-04-22 02:11 -------- d-----w- c:\program files\Digsby
2009-06-24 21:53 . 2009-03-21 16:19 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\Skype
2009-06-23 08:23 . 2009-05-16 16:41 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-18 05:13 . 2009-06-18 05:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-06-18 05:13 . 2009-06-18 05:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-06-18 05:09 . 2009-06-18 05:08 -------- d-----w- c:\program files\Zune
2009-06-16 21:06 . 2009-07-10 01:53 47852 ----a-w- c:\windows\Fonts\LaPointesRoad.ttf
2009-06-15 08:12 . 2007-04-14 20:19 -------- d-----w- c:\programdata\Microsoft Help
2009-06-15 08:10 . 2007-04-14 20:04 -------- d-----w- c:\program files\Microsoft Works
2009-06-14 06:07 . 2009-06-14 06:07 -------- d-----w- c:\program files\Opera
2009-06-09 01:30 . 2009-06-09 01:30 -------- d-----w- c:\programdata\TomTom
2009-06-09 01:30 . 2009-06-09 01:30 -------- d-----w- c:\users\Amy Geno\AppData\Roaming\TomTom
2009-06-09 01:30 . 2009-06-09 01:30 -------- d-----w- c:\program files\TomTom International B.V
2009-06-09 01:30 . 2009-06-09 01:30 -------- d-----w- c:\program files\TomTom HOME 2
2009-06-09 01:28 . 2009-06-09 01:28 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-06-07 19:51 . 2007-04-02 18:36 -------- d-----w- c:\program files\Java
2009-05-29 20:54 . 2007-12-13 03:53 940896 ----a-w- c:\windows\system32\Incinerator.dll
2009-05-29 18:10 . 2009-07-10 01:53 39916 ----a-w- c:\windows\Fonts\handsean.ttf
2009-05-20 12:40 . 2009-05-20 12:40 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-16 13:40 . 2009-05-16 13:40 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-13 03:48 . 2009-05-13 03:48 691 ----a-w- c:\users\Amy Geno\AppData\Roaming\GetValue.vbs
2009-05-13 03:48 . 2009-05-13 03:48 35 ----a-w- c:\users\Amy Geno\AppData\Roaming\SetValue.bat
2009-05-13 03:48 . 2009-05-13 03:48 35 ----a-w- c:\users\Amy Geno\AppData\Roaming\SetValue.bat
2007-12-20 04:17 . 2007-12-20 04:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-05-03 17:45 . 2008-05-31 18:19 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-29_01.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 08:01 . 2009-07-29 08:01 97280 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
+ 2009-07-29 00:48 . 2009-07-22 05:58 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iesetup.dll
+ 2009-07-29 00:48 . 2009-07-22 05:58 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iernonce.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iesetup.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iernonce.dll
+ 2009-07-29 00:48 . 2009-07-22 04:26 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedssync.exe
+ 2009-07-29 00:48 . 2009-07-22 05:59 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedsbs.dll
+ 2009-07-29 00:48 . 2009-07-21 20:13 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedssync.exe
+ 2009-07-29 00:48 . 2009-07-21 21:48 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedsbs.dll
+ 2009-07-29 00:48 . 2009-07-22 06:03 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\WininetPlugin.dll
+ 2009-07-29 00:48 . 2009-07-22 05:58 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\jsproxy.dll
+ 2009-07-29 00:48 . 2009-07-21 21:52 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\WininetPlugin.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\jsproxy.dll
+ 2009-07-29 00:48 . 2009-07-21 20:13 13312 c:\windows\System32\msfeedssync.exe
- 2009-06-16 14:44 . 2009-03-08 11:31 13312 c:\windows\System32\msfeedssync.exe
- 2009-06-16 14:44 . 2009-03-08 11:31 55296 c:\windows\System32\msfeedsbs.dll
+ 2009-07-29 00:48 . 2009-07-21 21:48 55296 c:\windows\System32\msfeedsbs.dll
- 2009-06-16 14:47 . 2009-05-09 05:50 64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2009-07-29 00:48 . 2009-07-21 21:52 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-06-16 14:47 . 2009-05-09 05:35 25600 c:\windows\System32\jsproxy.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 25600 c:\windows\System32\jsproxy.dll
- 2009-06-16 14:47 . 2009-05-09 05:34 55808 c:\windows\System32\iernonce.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 55808 c:\windows\System32\iernonce.dll
- 2007-08-19 20:14 . 2009-07-29 00:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-19 20:14 . 2009-07-29 12:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-19 20:14 . 2009-07-29 00:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-19 20:14 . 2009-07-29 12:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-19 20:14 . 2009-07-29 00:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-19 20:14 . 2009-07-29 12:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-27 01:00 . 2009-07-28 14:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-29 12:33 . 2009-07-29 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-29 12:33 . 2009-07-29 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-27 01:00 . 2009-07-28 14:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-29 08:01 . 2009-07-29 08:01 159032 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
+ 2009-07-29 00:48 . 2009-07-22 05:58 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieui.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieui.dll
+ 2009-07-29 00:48 . 2009-07-22 05:58 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8\iesysprep.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff\iesysprep.dll
+ 2009-07-29 00:48 . 2009-07-22 04:27 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\ie4uinit.exe
+ 2009-07-29 00:48 . 2009-07-21 20:13 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\ie4uinit.exe
+ 2009-07-29 00:48 . 2009-07-22 06:02 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\sqmapi.dll
+ 2009-07-29 00:48 . 2009-07-21 21:51 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\sqmapi.dll
+ 2009-07-29 00:48 . 2009-07-22 06:01 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_1a9c2981430b3c56\occache.dll
+ 2009-07-29 00:48 . 2009-07-21 21:50 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_1a07bcca29f5b87d\occache.dll
+ 2009-07-29 00:48 . 2009-07-22 06:04 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
+ 2009-07-29 00:48 . 2009-07-22 04:27 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\ieUnatt.exe
+ 2009-07-29 00:48 . 2009-07-21 21:53 638216 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
+ 2009-07-29 00:48 . 2009-07-21 20:13 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\ieUnatt.exe
+ 2009-07-29 00:48 . 2009-07-22 05:58 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978\IEShims.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f\IEShims.dll
+ 2009-07-29 00:48 . 2009-07-22 05:58 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a\ieproxy.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31\ieproxy.dll
+ 2009-07-29 00:48 . 2009-07-22 05:59 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22903_none_435c4ba1695e8b43\msfeeds.dll
+ 2009-07-29 00:48 . 2009-07-21 21:48 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18813_none_42c7deea5049076a\msfeeds.dll
+ 2009-07-29 00:48 . 2009-07-22 05:58 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed\iepeers.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14\iepeers.dll
+ 2009-07-29 00:48 . 2009-07-22 05:58 386048 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22903_none_57c62dce86655952\iedkcs32.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 386048 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18813_none_5731c1176d4fd579\iedkcs32.dll
+ 2009-07-29 00:48 . 2009-07-22 06:03 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\wininet.dll
+ 2009-07-29 00:48 . 2009-07-21 21:52 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\wininet.dll
+ 2008-09-26 01:33 . 2009-07-29 12:17 344862 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-29 00:48 . 2009-07-21 21:50 206848 c:\windows\System32\occache.dll
+ 2009-07-29 00:48 . 2009-07-21 21:48 594432 c:\windows\System32\msfeeds.dll
- 2009-06-16 14:44 . 2009-03-08 11:32 594432 c:\windows\System32\msfeeds.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 164352 c:\windows\System32\ieui.dll
- 2009-06-16 14:47 . 2009-05-09 05:34 164352 c:\windows\System32\ieui.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 184320 c:\windows\System32\iepeers.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 386048 c:\windows\System32\iedkcs32.dll
+ 2009-07-29 00:48 . 2009-07-21 20:13 173056 c:\windows\System32\ie4uinit.exe
- 2009-06-16 14:47 . 2009-05-09 03:36 173056 c:\windows\System32\ie4uinit.exe
+ 2009-06-16 16:13 . 2009-07-29 02:01 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-16 16:13 . 2009-07-03 16:05 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-29 08:01 . 2009-07-29 08:01 195584 c:\windows\Installer\3d7a669.msi
+ 2009-07-29 08:01 . 2009-07-29 08:01 248832 c:\windows\Installer\3d7a664.msi
+ 2009-07-29 00:48 . 2009-07-22 05:58 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\iertutil.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\iertutil.dll
+ 2009-07-29 00:49 . 2009-07-22 05:59 5938176 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1\mshtml.dll
+ 2009-07-29 00:49 . 2009-07-21 21:48 5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8\mshtml.dll
+ 2009-07-29 00:48 . 2009-07-22 06:02 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22903_none_9858d93105b211f8\urlmon.dll
+ 2009-07-29 00:48 . 2009-07-21 21:52 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18813_none_97c46c79ec9c8e1f\urlmon.dll
+ 2009-07-29 00:48 . 2009-07-21 21:52 1208832 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-07-29 12:32 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-07-29 00:47 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-29 00:49 . 2009-07-21 21:48 5937152 c:\windows\System32\mshtml.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 1985536 c:\windows\System32\iertutil.dll
+ 2009-07-29 12:26 . 2009-07-29 12:26 6434816 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2009-07-29 00:52 . 2009-07-29 00:52 6434816 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2009-07-29 00:49 . 2009-07-22 05:58 11068416 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieframe.dll
+ 2009-07-29 00:48 . 2009-07-21 21:47 11067392 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieframe.dll
+ 2009-06-16 08:01 . 2009-07-29 08:01 83942457 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2009-07-29 00:48 . 2009-07-21 21:47 11067392 c:\windows\System32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-24 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-24 133912]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-08 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-23 321656]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-03-14 2322432]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-13 517768]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-05-21 314224]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Subsonic.lnk - c:\program files\Subsonic\subsonic-agent.exe [2009-2-1 160768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 22:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Amy Geno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Amy Geno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4261193372-3094273795-792597098-1005]
"EnableNotificationsRef"=dword:00000009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E85E7B0-0866-4262-B0FD-F9AE216A3FA7}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{367D59AB-63A3-49AF-B692-2B34CA1A7933}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{6DE0BC07-8BAB-42EA-8B57-0232C14DB221}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EF73B500-AF06-4408-9B7F-119BA2140976}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{81053BF2-A7FD-44D3-8A54-606EAFFD43F0}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B8BA68F9-754C-4D40-912B-A06CEAE5578A}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{BDD45462-5611-4FFF-A9E7-668CB993FBEB}"= UDP:25421:BitComet 25421 TCP
"{4E1219A8-94CC-4709-BE6A-5302F55BC56C}"= TCP:25421:BitComet 25421 UDP
"{725A9782-4C98-480B-9D73-68FE7F8186B6}"= TCP:67:DHCP Discovery Service
"{DB5B5857-EC3D-449D-ABBF-4FD6189DE9C7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1B3CCD17-8AA9-4887-9400-2F8A87C3FC8D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B3314916-E666-4952-8918-91EC91178497}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CC0EE9A6-8DC5-45F0-BD50-962418B4F417}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{00E4A16C-392A-4DBD-AE4B-9ADFB8B40387}"= UDP:25421:BitComet 25421 TCP
"{FD83743A-AC49-4267-ADAA-709BEF66414D}"= TCP:25421:BitComet 25421 UDP
"TCP Query User{D31BE7F5-2D43-4152-B3E1-5062A4AB7D0B}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{954E7140-3266-4B1D-BFBF-AB8A99B28319}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"{91A31384-4EF2-4B4F-A557-FD578124AD4A}"= UDP:c:\program files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{E05B7D8F-C6CD-4DFC-8AD9-FF1DC2651428}"= TCP:c:\program files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{05D32048-72DD-40D9-861B-A2BECE6231AE}"= UDP:c:\program files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{DB103722-29E0-4253-820E-70F7C3B80A60}"= TCP:c:\program files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{2C75ECA5-C645-4A24-BD40-0A90AB3E0005}"= UDP:c:\program files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{61D61296-2085-4F8A-84CB-4301AB593487}"= TCP:c:\program files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{F47B3F7F-AAEA-4CBB-B34D-C8CBA0882453}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 XPacket;iolo Personal Firewall Driver;c:\windows\System32\xpacket.sys [11/9/2007 8:18 PM 39424]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [11/9/2007 8:18 PM 12800]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/23/2008 12:45 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/23/2008 12:45 PM 600944]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [1/3/2007 1:19 PM 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/24/2009 6:57 AM 92008]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [3/30/2007 9:48 PM 74240]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [3/30/2007 9:48 PM 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [3/30/2007 9:38 PM 30976]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [3/30/2007 10:03 PM 807424]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [4/14/2007 3:01 PM 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe [4/14/2007 3:01 PM 67760]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 4:41 PM 42112]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [4/14/2007 3:42 PM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [4/14/2007 3:42 PM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [4/14/2007 3:42 PM 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\User_Feed_Synchronization-{5E60D3F1-B33E-43E6-B6B7-4F483B615DDD}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\Sony\Image Converter 3\menu.htm
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
FF - ProfilePath - c:\users\Amy Geno\AppData\Roaming\Mozilla\Firefox\Profiles\ld0xrkyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - The_Pirate_Bay Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\users\Amy Geno\AppData\Roaming\Mozilla\Firefox\Profiles\ld0xrkyg.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 07:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\84F7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4261193372-3094273795-792597098-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71B224D2-8332-FFD1-CC64-07037CCF1D59}*]
"haganmappkhkmbli"=hex:69,61,68,70,67,62,6b,70,6e,6c,67,6e,6c,64,6a,6b,64,68,
00,dc
"iamohhbegghpefkfif"=hex:69,61,68,70,67,62,6b,70,6e,6c,67,6e,6c,64,6a,6b,64,68,
00,dc

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(700)
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll

- - - - - - - > 'Explorer.exe'(6076)
c:\windows\system32\Incinerator.dll
c:\program files\iolo\Common\Lib\LMResource.dll
c:\program files\iolo\Common\Lib\Carina.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Subsonic\subsonic-service.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\ApntEx.exe
.
**************************************************************************
.
Completion time: 2009-07-29 7:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 12:48
ComboFix2.txt 2009-07-29 01:05
ComboFix3.txt 2007-11-11 22:48

Pre-Run: 44,269,555,712 bytes free
Post-Run: 43,932,516,352 bytes free

423 --- E O F --- 2009-07-29 08:02








DDS (Ver_09-06-26.01) - NTFSx86
Run by Amy Geno at 7:52:46.15 on Wed 07/29/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.930 [GMT -5:00]

AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: iolo Personal Firewall® *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Subsonic\subsonic-service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Subsonic\subsonic-agent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
C:\Program Files\CometBird\CometBird.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amy Geno\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWindow Title = Windows Internet Explorer provided by Comcast
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wishpot Button: {9e40f4a8-6896-4b67-91f5-f6f287ecb5d9} - c:\program files\wishpot\ietb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Wishpot Button: {7daaffd0-5a88-447d-96c6-e6ca06af0758} - c:\program files\wishpot\ietb.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\subsonic.lnk - c:\program files\subsonic\subsonic-agent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\common\firewall\iFW_Xfilter.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\amygen~1\appdata\roaming\mozilla\firefox\profiles\ld0xrkyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - The_Pirate_Bay Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\users\amy geno\appdata\roaming\mozilla\firefox\profiles\ld0xrkyg.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2007-11-9 39424]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-11-9 12800]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-23 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-23 600944]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-1-3 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-24 92008]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-3-30 74240]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-3-30 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-3-30 30976]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-3-30 807424]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-4-14 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2007-4-14 67760]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-4-14 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-4-14 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-4-14 1089536]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-29 07:48 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-28 19:51 219,648 a------- c:\windows\PEV.exe
2009-07-28 19:51 161,792 a------- c:\windows\SWREG.exe
2009-07-28 19:51 98,816 a------- c:\windows\sed.exe
2009-07-25 11:35 <DIR> --d----- C:\Click to DVD 2
2009-07-23 20:43 32 a----r-- c:\users\amy geno\hash.dat
2009-07-23 20:37 <DIR> --d----- c:\users\amygen~1\appdata\roaming\Three Rings Design
2009-07-23 07:43 <DIR> --d----- c:\program files\Sophos
2009-07-22 01:53 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-22 01:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-22 01:53 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-22 01:53 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-21 23:25 <DIR> --d----- c:\users\amy geno\DoctorWeb
2009-07-21 22:57 <DIR> --d----- c:\users\amygen~1\appdata\roaming\Malwarebytes
2009-07-21 22:55 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 22:55 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-21 22:55 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-21 22:55 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-21 22:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 11:37 <DIR> --d----- c:\program files\DVDVideoSoft
2009-07-03 11:37 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2009-07-03 11:28 <DIR> --d----- c:\program files\XviD
2009-07-03 11:27 <DIR> --d----- c:\program files\WMV9_VCM
2009-07-03 11:27 <DIR> --d----- c:\program files\VirtualDub

==================== Find3M ====================

2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-18 00:13 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-06-18 00:13 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-06-18 00:08 86,016 a------- c:\windows\inf\infpub.dat
2009-06-18 00:08 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-18 00:08 143,360 a------- c:\windows\inf\infstor.dat
2009-05-29 15:54 940,896 a------- c:\windows\system32\Incinerator.dll
2009-05-12 22:48 691 a------- c:\users\amygen~1\appdata\roaming\GetValue.vbs
2009-05-12 22:48 35 a------- c:\users\amygen~1\appdata\roaming\SetValue.bat
2009-03-22 15:36 122 a------- c:\users\amygen~1\appdata\roaming\wklnhst.dat
2008-12-01 08:52 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-12-01 08:52 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-09-24 14:32 174 a--sh--- c:\program files\desktop.ini
2008-09-24 14:22 665,600 a------- c:\windows\inf\drvindex.dat
2007-12-19 23:17 774,144 a------- c:\program files\RngInterstitial.dll
2007-04-14 15:25 1,132,112 a------- c:\programdata\pswi_preloaded.exe
2007-04-14 15:25 1,132,112 a------- c:\progra~2\pswi_preloaded.exe
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 7:53:03.81 ===============

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 29 July 2009 - 11:34 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 amolamo1980

amolamo1980
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:05:56 AM

Posted 30 July 2009 - 07:42 AM

This is what the log says:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK



Computer is running well!!

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 30 July 2009 - 09:04 AM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 amolamo1980

amolamo1980
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:05:56 AM

Posted 30 July 2009 - 08:05 PM

Everything seems to be working great! Thanks sooooooooooo much!!!! :thumbup2: :) :) :cool:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users