combofix Log

ComboFix 10-03-02.02 - Edith 12/02/2007 19:13:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.936 [GMT -5:00]
Running from: c:\users\Edith\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-4120577633-2649792342-2825245976-500
c:\program files\AntiSpywareMaster
c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
c:\program files\RelevantKnowledge
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\mswintmp.dat
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEula.mht
c:\users\Edith\AppData\Local\Microsoft\Windows\Temporary Internet Files\TestBrowser.html
c:\users\lamar\AppData\Roaming\WeatherDPA
c:\users\lamar\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\lamar\AppData\Roaming\Zango
c:\users\NICOLE\AppData\Local\Microsoft\Windows\Temporary Internet Files\937c4897-92de-1bd3-8c0a-f441dea09bce
c:\windows\run.log
c:\windows\System32\56f754e8-d155-878e-b588-ebb344869fc5.exe
c:\windows\System32\689b6240-9f4a-6a50-5ada-aaedb9fe1df3.dll
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\msliksurserv.sys
c:\windows\system32\msliksurcredo.dll
c:\windows\system32\msliksurdns.dll
c:\windows\system32\stacsv.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\Temp\0267401216784796mcinst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_STacSV


((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2010-02-19 05:42 . 2007-11-25 05:01 -------- d-----w- c:\users\Edith\AppData\Local\xcmwms
2010-02-19 05:25 . 2010-02-19 05:25 -------- d-----w- c:\windows\Sun
2010-02-17 03:45 . 2010-02-17 03:45 194416 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-16 15:18 . 2010-02-16 15:18 10600847 ----a-w- c:\users\Edith\SeaMonkey Setup 2.0.2.exe
2010-02-12 03:53 . 2009-12-08 20:54 3467848 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 03:53 . 2009-12-08 20:54 3502168 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 14:26 . 2010-02-09 14:26 2984 ----a-w- c:\users\Edith\AppData\Local\udodepiriqur.dll
2010-02-09 03:51 . 2007-11-24 05:11 -------- d-----w- c:\users\Edith\AppData\Local\ofxixj
2010-02-07 02:49 . 2010-02-13 04:09 120 ----a-w- c:\users\Edith\AppData\Local\Jfuwipokidupap.dat
2010-02-07 02:49 . 2007-11-24 06:30 0 ----a-w- c:\users\Edith\AppData\Local\Ewobofivutamux.bin
2010-02-07 02:49 . 2010-02-07 02:49 -------- d-----w- c:\users\Edith\AppData\Local\{2DC41A6D-270E-43BB-A3E8-7FBA343DCF8E}
2010-02-05 19:01 . 2010-02-05 19:01 -------- d-----w- c:\program files\iPod
2010-02-05 19:01 . 2010-02-05 19:02 -------- d-----w- c:\program files\iTunes
2010-02-05 18:57 . 2010-02-05 18:57 -------- d-----w- c:\program files\QuickTime
2010-01-27 03:43 . 2010-01-27 03:43 -------- d-----w- C:\found.000
2010-01-13 04:08 . 2009-10-19 14:42 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 04:08 . 2009-10-19 14:39 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-13 04:08 . 2009-10-19 14:37 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 04:08 . 2009-10-19 14:37 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-13 04:08 . 2009-10-19 14:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-13 04:08 . 2009-10-19 11:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-04 17:38 . 2010-01-04 17:38 -------- d-----w- C:\AVG9
2009-12-30 14:27 . 2009-12-30 14:26 1529216 ----a-w- c:\users\Edith\GenuineCheck.exe
2009-12-22 03:11 . 2009-12-22 03:11 -------- d-----w- c:\users\Edith\AppData\Roaming\Reallusion
2009-12-22 03:11 . 2009-12-22 03:11 -------- d-----w- c:\users\Edith\AppData\Roaming\tmp
2009-12-22 03:00 . 2009-12-22 03:02 -------- d-----w- c:\users\Edith\AppData\Roaming\ooVoo Details
2009-12-22 03:00 . 2009-12-22 03:00 -------- d-----w- c:\programdata\EmailNotifier
2009-12-22 03:00 . 2009-12-22 03:00 -------- d-----w- c:\program files\oovootb
2009-12-22 03:00 . 2009-12-22 03:00 -------- d-----w- c:\program files\ooVoo
2009-12-09 18:14 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 18:14 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 18:14 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 18:01 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 18:00 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 18:00 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
2009-12-07 04:24 . 2009-06-23 14:23 331776 ----a-w- c:\windows\system32\TwcToolbarIe7.dll
2009-12-07 04:24 . 2008-07-22 18:24 98304 ----a-w- c:\windows\system32\TwcToolbarBho.dll
2009-12-07 04:24 . 2007-12-03 17:36 25600 ----a-w- c:\windows\system32\TwcToolInstDll.dll
2009-12-07 04:23 . 2009-12-07 04:24 -------- d-----w- c:\program files\The Weather Channel Toolbar
2009-12-03 05:42 . 2009-12-03 05:41 8084968 ----a-w- c:\users\Edith\Firefox Setup 3.5.5.exe
2009-11-28 05:23 . 2009-12-07 04:23 -------- d-----w- c:\users\NICOLE\AppData\Local\The Weather Channel
2009-11-27 08:29 . 2009-11-27 08:29 -------- d-----w- c:\program files\Microsoft
2009-11-27 08:29 . 2009-11-27 08:29 -------- d-----w- c:\program files\MSN Toolbar
2009-11-27 08:28 . 2009-11-27 08:30 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-11-27 08:28 . 2009-11-27 08:28 -------- d-----w- c:\program files\The Weather Channel FW
2009-11-27 08:28 . 2009-11-27 08:28 -------- d-----w- c:\users\Edith\AppData\Local\The Weather Channel
2009-11-25 14:45 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 14:37 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 14:37 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 14:37 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-25 14:37 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-19 03:35 . 2009-11-19 03:35 -------- d-----w- c:\users\Edith\AppData\Roaming\Template
2009-11-11 02:02 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 01:52 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 00:00 . 2009-11-07 00:00 -------- d-----w- c:\users\Edith\AppData\Roaming\Creative
2009-11-01 23:02 . 2009-11-01 23:06 -------- d-----w- c:\programdata\NortonInstaller
2009-11-01 23:02 . 2009-11-01 23:02 -------- d-----w- c:\program files\NortonInstaller
2009-11-01 00:15 . 2009-11-01 02:00 -------- d-----w- c:\programdata\PopCap Games
2009-11-01 00:15 . 2009-11-01 02:00 -------- d-----w- c:\program files\PopCap Games
2009-10-28 15:01 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 15:01 . 2009-09-10 17:30 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-28 15:01 . 2009-09-10 17:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-28 15:00 . 2009-09-10 15:14 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-15 16:36 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 16:36 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 16:36 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 16:36 . 2009-08-31 14:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 16:36 . 2009-08-31 14:18 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-10-15 16:33 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 16:32 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-07 04:43 . 1997-04-09 00:08 299520 ----a-w- c:\windows\uninst.exe
2009-10-07 04:28 . 2009-10-07 04:43 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-10-03 05:16 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 22:40 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-09-30 22:40 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-09-30 22:40 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-09-30 22:40 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-09-30 22:39 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-09-30 22:39 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-09-30 22:39 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-09-30 22:39 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-09-30 22:39 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-29 14:33 . 2009-09-29 14:33 680 ----a-w- c:\users\Edith\AppData\Local\d3d9caps.dat
2009-09-20 14:34 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-20 14:34 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-20 14:33 . 2009-09-20 14:34 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-09 03:53 . 2009-08-14 16:40 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 03:53 . 2009-08-14 14:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 03:53 . 2009-08-14 14:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 03:53 . 2009-08-14 14:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 03:53 . 2009-08-14 14:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 03:53 . 2009-08-14 14:25 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 03:53 . 2009-08-14 14:25 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 03:53 . 2009-08-14 14:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 03:53 . 2009-08-14 16:40 15360 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 03:50 . 2009-06-10 12:07 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-09 03:50 . 2009-06-10 12:07 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 03:50 . 2009-06-10 10:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 03:50 . 2009-06-10 10:15 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 03:50 . 2009-06-10 08:50 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-09 03:49 . 2009-07-11 19:24 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 03:49 . 2009-07-11 19:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 03:49 . 2009-07-11 19:24 502784 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 03:49 . 2009-07-11 19:24 299520 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 03:49 . 2009-07-11 19:24 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 03:49 . 2009-07-11 19:24 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-08 14:06 . 2009-09-08 14:06 -------- d-----w- c:\users\Edith\AppData\Roaming\Roxio
2009-09-02 14:23 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-09-02 14:23 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 14:23 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-30 13:15 . 2009-08-30 13:16 -------- d-----w- c:\users\Edith\AppData\Roaming\DealAssistant
2009-08-30 13:15 . 2009-08-30 13:15 532480 ----a-w- c:\windows\system32\win3778.dll
2009-08-23 07:05 . 2009-08-23 18:38 -------- d-----w- c:\programdata\a81897b
2009-08-23 06:34 . 2007-12-02 18:19 -------- d-----w- c:\programdata\WeFi
2009-08-23 06:33 . 2009-08-23 06:34 -------- d-----w- c:\program files\WeFi
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 00:42 . 2009-06-15 15:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 00:42 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 00:42 . 2009-06-15 18:12 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 00:42 . 2009-06-15 15:28 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 00:42 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 00:42 . 2009-06-15 15:23 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 00:42 . 2009-06-15 13:10 7680 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 00:16 . 2009-07-17 14:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 00:16 . 2009-06-10 12:16 156160 ----a-w- c:\windows\system32\wkssvc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 18:43 . 2010-01-03 16:01 7631232 ----a-w- c:\users\NICOLE\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-02-13 14:09 . 2010-02-13 14:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-02-13 04:08 . 2010-02-13 04:08 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb59E6.tmp.exe
2010-02-12 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-09 14:49 . 2010-02-09 14:49 2984 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5DF6.tmp.exe
2010-02-08 04:41 . 2009-12-02 16:19 7631232 ----a-w- c:\users\Edith\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-02-05 18:52 . 2010-02-05 18:52 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-20 18:09 . 2008-09-13 01:34 -------- d-----w- c:\users\Edith\AppData\Roaming\Apple Computer
2009-12-29 00:37 . 2009-12-29 00:37 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5C28.tmp.exe
2009-12-28 12:36 . 2010-02-11 14:52 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:34 . 2010-02-11 14:52 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-11 14:52 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-11 14:52 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-11 14:52 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-11 14:52 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-11 14:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:31 . 2010-02-11 14:52 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:30 . 2010-02-11 14:52 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-11 14:52 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-27 05:02 . 2009-12-27 05:02 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 12:52 . 2010-01-22 15:09 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48 . 2010-01-22 15:09 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48 . 2010-01-22 15:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46 . 2010-01-22 15:09 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18 . 2010-01-22 15:09 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45 . 2010-01-22 15:09 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-11 12:15 . 2010-02-11 14:52 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:15 . 2010-02-11 14:52 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 22:29 . 2010-02-11 14:52 214104 ----a-w- c:\windows\system32\drivers\netio.sys
2009-12-08 20:03 . 2010-02-11 14:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-12-08 19:58 . 2010-02-11 14:52 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-12-08 19:58 . 2010-02-11 14:52 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-12-08 19:56 . 2010-02-11 14:52 317440 ----a-w- c:\windows\system32\BFE.DLL
2009-12-08 17:45 . 2010-02-11 14:52 816640 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:44 . 2010-02-11 14:52 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-12-08 17:44 . 2010-02-11 14:52 85504 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2009-12-04 16:27 . 2010-02-11 14:52 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:27 . 2010-02-11 14:52 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-25 02:24 . 2009-11-25 02:24 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4290.tmp.exe
2009-11-19 03:42 . 2009-11-19 03:35 108 ----a-w- c:\users\Edith\AppData\Roaming\wklnhst.dat
2009-11-11 12:35 . 2009-11-17 03:08 3775256 ----a-w- c:\programdata\Temp\AVG\setup.exe
2009-10-18 03:00 . 2008-03-22 20:23 117304 ----a-w- c:\users\NICOLE\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-30 22:36 . 2008-09-13 01:34 117304 ----a-w- c:\users\Edith\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-30 13:16 . 2009-08-30 13:16 282112 ----a-w- c:\users\Edith\AppData\Roaming\DealAssistant\DAUninstall.exe
2009-08-18 16:30 . 2009-08-18 16:30 564616 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2009-08-18 16:24 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2009-08-04 12:28 . 2009-08-04 12:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-21 02:59 . 2009-07-10 00:27 82041 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\Uninstall.exe
2009-07-21 02:59 . 2009-07-21 02:56 16426552 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe
2009-07-16 21:02 . 2009-07-16 21:02 92192 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\IMVUupdater.exe
2009-07-16 21:02 . 2009-07-16 21:02 49920 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\IMVUClient.exe
2009-07-16 21:02 . 2009-07-16 21:02 18176 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\imvuqualityagent.exe
2009-07-16 21:00 . 2009-07-16 21:00 1245696 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\SceneWindow.dll
2009-07-16 21:00 . 2009-07-16 21:00 14848 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\MemoryHook.dll
2009-07-16 21:00 . 2009-07-16 21:00 289792 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\cal3d.dll
2009-07-16 21:00 . 2009-07-16 21:00 187392 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\boost_python.dll
2009-07-16 21:00 . 2009-07-16 21:00 27648 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\CallStack.dll
2009-07-16 21:00 . 2009-07-16 21:00 256000 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\audiere.dll
2009-07-09 15:49 . 2008-06-07 22:34 196 ----a-w- c:\users\NICOLE\AppData\Roaming\wklnhst.dat
2009-07-08 16:06 . 2009-07-08 16:06 99328 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-07-06 18:12 . 2009-07-06 18:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-20 22:53 . 2009-06-20 22:53 11908691 ----a-w- c:\users\lamar\AppData\Roaming\Astro Gemini Software\Screensaver Manager 2.0\Installed\solarsystem.exe
2009-06-14 01:29 . 2009-06-14 01:29 80967 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\Uninstall.exe
2009-06-12 00:10 . 2009-06-12 00:10 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9B18.tmp.exe
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\ui\plugins\npswf32.dll
2009-06-10 19:39 . 2009-12-22 04:54 554456 ----a-w- c:\users\Edith\AppData\Roaming\Mozilla\Firefox\Profiles\ialtrw4h.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\oovootb.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\users\Edith\AppData\Roaming\IMVUClient\pywintypes25.dll
2009-06-02 21:09 . 2009-06-02 21:09 95584 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\IMVUupdater.exe
2009-06-02 21:09 . 2009-06-02 21:09 49920 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\IMVUClient.exe
2009-06-02 21:09 . 2009-06-02 21:09 18176 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\imvuqualityagent.exe
2009-06-02 21:05 . 2009-06-02 21:05 14848 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\MemoryHook.dll
2009-06-02 21:04 . 2009-06-02 21:04 289792 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\cal3d.dll
2009-06-02 21:04 . 2009-06-02 21:04 25600 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\CallStack.dll
2009-06-02 21:04 . 2009-06-02 21:04 187392 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\boost_python.dll
2009-06-02 21:03 . 2009-06-02 21:03 256000 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\audiere.dll
2009-05-26 23:50 . 2009-06-08 14:22 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-05-18 19:17 . 2009-05-18 19:17 26600 ----a-w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspiWDM.sys
2009-05-16 04:25 . 2009-05-16 04:25 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-03 17:10 . 2009-05-03 17:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-05-03 16:40 . 2009-05-03 16:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-03 16:40 . 2009-05-03 16:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\users\lamar\AppData\Roaming\IMVUClient\pixomatic.dll
2009-03-17 03:16 . 2009-04-16 14:00 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 14:00 25600 ----a-w- c:\windows\system32\amxread.dll
2009-03-03 13:20 . 2009-04-01 22:03 2653255 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-03-03 04:20 . 2009-04-16 14:00 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-03-03 04:20 . 2009-04-16 14:00 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-03-03 04:19 . 2009-04-16 14:00 158720 ----a-w- c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 14:00 549888 ----a-w- c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 14:00 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 14:00 97280 ----a-w- c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 14:00 53248 ----a-w- c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 14:00 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 14:00 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-03-03 02:40 . 2009-04-16 14:00 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-11-01 19:07 . 2009-11-01 19:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{909A5C0B-4AA6-4C3E-B61B-A488EAF159C6}]
2009-08-30 13:15 532480 ----a-w- c:\windows\System32\win3778.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-05-08 19:00 86016 ----a-w- c:\program files\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{909A5C0A-4AA6-4C3E-B61B-A488EAF159C6}"= "c:\windows\system32\win3778.dll" [2009-08-30 532480]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-05-08 86016]

[HKEY_CLASSES_ROOT\clsid\{909a5c0a-4aa6-4c3e-b61b-a488eaf159c6}]
[HKEY_CLASSES_ROOT\TypeLib\{F889BCF6-759F-4FFC-B44C-CF592309DB40}]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{909A5C0A-4AA6-4C3E-B61B-A488EAF159C6}"= "c:\windows\system32\win3778.dll" [2009-08-30 532480]

[HKEY_CLASSES_ROOT\clsid\{909a5c0a-4aa6-4c3e-b61b-a488eaf159c6}]
[HKEY_CLASSES_ROOT\TypeLib\{F889BCF6-759F-4FFC-B44C-CF592309DB40}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-17 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"wefi"="c:\program files\WeFi\WeFi.exe" [2009-07-05 504320]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"ooVoo.exe"="c:\program files\ooVoo\ooVoo.exe" [2009-11-25 18440376]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-06 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-01 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe" [2009-11-18 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-10 139776]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-6 50688]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-25 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-22 805392]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [1/6/2008 8:37 AM 73728]
S2 gupdate1c9864ef8852858;Google Update Service (gupdate1c9864ef8852858);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 5:30 PM 133104]
S3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [7/10/2009 5:03 PM 101936]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/6/2008 9:10 AM 30192]
S3 pcidisk;pcidisk;c:\windows\System32\pcidisk.sys [11/2/2006 4:14 AM 2304]

--- Other Services/Drivers In Memory ---

*Deregistered* - qocbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2007-12-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-06 16:35]

2007-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1c835112eeca47b.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 22:29]

2009-11-01 c:\windows\Tasks\Norton Security Scan for lamar.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Edith\AppData\Roaming\Mozilla\Firefox\Profiles\ialtrw4h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={8278C41E-ECF6-2BD1-181D-8AED2D9BD02C}&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{5e659745-c2e0-bec3-4d8c-ff550118922b}\components\3fd60806-802a-622a-42e5-a411599a29e8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

.
- - - - ORPHANS REMOVED - - - -

BHO-{0f1f22e5-77c1-9ef6-50c7-6231565ff783} - c:\windows\system32\689b6240-9f4a-6a50-5ada-aaedb9fe1df3.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-DealAssistant - c:\users\Edith\AppData\Roaming\DealAssistant\dealassistant.exe
HKCU-Run-Wvulabokogikewej - c:\users\Edith\AppData\Local\NlbipsD.dll
HKCU-Run-Ihudub - c:\users\Edith\AppData\Local\edemepixohayerid.dll
HKCU-Run-icvxbjvj - c:\users\Edith\AppData\Local\ofxixj\iwhxsftav.exe
HKLM-Run-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
HKU-Default-RunOnce-DelayShred - c:\program files\mcafee\mshr\ShrCL.EXE
AddRemove-56f754e8-d155-878e-b588-ebb344869fc5 - c:\windows\system32\56f754e8-d155-878e-b588-ebb344869fc5.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 19:41
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qocbe]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcjcoms.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2007-12-02 19:53:16 - machine was rebooted
ComboFix-quarantined-files.txt 2007-12-03 00:53

Pre-Run: 184,785,207,296 bytes free
Post-Run: 186,411,065,344 bytes free

- - End Of File - - 7D890015A9982384DFD95DA889BD2147

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.