Suspected malware or spyware slowing computer down

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Suspected malware or spyware slowing computer down, HJT, Rooter and Malware Logs are pasted in body

Options

Replies (1 - 9)

emeraldnzl View Member Profile	Jun 28 2009, 05:49 PM Post #2
Trusted Helper Posts: 8,068 OS: XP Pro	Hello Cowboylady, Welcome to Geekstogo. QUOTE Lastly, could you tell me why the email notifications I receive are in spanish? The translator widget on the forum website says spanish, but I do not need it translated to anything and not sure how to change the settings on this. Don't know why that is happening. I will have to investigate. Looking at my own controls I see it says spanish too but I am still getting notifications in English. Now As we will likely be using Notepad please check that word wrap is turned off before you start. To do this, open Notepad, choose Format, then make sure Word Wrap is Un-checked. Word Wrap makes reading your log difficult and may prevent fixes using Notepad from working Next Please download ComboFix from one of these locations: NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable. Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt** in your next reply.

Cowboylady View Member Profile	Jun 29 2009, 12:42 AM Post #3
New Member Posts: 6 From: Byron, GA OS: Windows XP SP3	Attached is combofix.txt. I tried DL the Windows Recovery module and each time it stated unable to download and began the scan anyway. If you know of a way to do differently, please advise. BTW, thanks for the quick response. ComboFix 09-06-28.02 - CHRISTINA 06/29/2009 2:14:08.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.393 [GMT -4:00] Running from: C:\Documents and Settings\CHRISTINA\Desktop\ComboFix.exe AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\patch.exe C:\WINDOWS\system32\ncase.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 ))))))))))))))))))))))))))))))) . 2009-06-26 17:55:04 . 2009-06-26 18:10:58 0 d-----w- C:\Documents and Settings\CHRISTINA\Local Settings\Application Data\Plaxo 2009-06-26 17:54:40 . 2009-06-29 06:25:51 0 d-----w- C:\Program Files\Plaxo 2009-06-24 06:13:40 . 2009-06-24 06:18:19 0 d-----w- C:\Rooter$ 2009-06-24 06:04:14 . 2009-06-24 06:04:14 0 d-----w- C:\Documents and Settings\CHRISTINA\Application Data\Malwarebytes 2009-06-24 06:03:58 . 2009-06-17 15:27:56 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2009-06-24 06:03:56 . 2009-06-24 06:03:56 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-06-24 06:03:56 . 2009-06-17 15:27:44 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2009-06-24 06:03:55 . 2009-06-24 06:04:07 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2009-06-24 05:59:19 . 2009-06-24 05:59:34 0 d-----w- C:\Program Files\ERUNT 2009-06-24 00:09:16 . 2009-06-24 00:09:16 0 d-----w- C:\Documents and Settings\All Users\Application Data\IObit 2009-06-16 18:08:38 . 2009-06-16 18:09:28 0 d-----w- C:\Documents and Settings\CHRISTINA\My videos 2009-06-11 12:07:10 . 2009-04-30 21:22:34 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll 2009-06-11 12:07:10 . 2009-04-30 21:22:31 246272 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll 2009-06-11 02:27:05 . 2009-06-11 02:27:05 2173616 ----a-w- C:\Documents and Settings\CHRISTINA\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.45.0.exe 2009-05-31 22:38:25 . 2009-05-31 22:38:25 0 d-----w- C:\Documents and Settings\CHRISTINA\Application Data\gtk-2.0 2009-05-31 22:34:53 . 2009-05-31 22:35:53 0 d-----w- C:\Documents and Settings\CHRISTINA\.gimp-2.6 2009-05-31 22:34:43 . 2009-05-31 22:34:51 0 d-----w- C:\Documents and Settings\CHRISTINA\.gegl-0.0 2009-05-31 22:33:19 . 2009-05-31 22:33:30 0 d-----w- C:\Program Files\GIMP-2.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 22:29:06 . 2008-11-19 01:55:17 3239 ----a-w- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-06-28 22:21:54 . 2007-04-27 16:31:07 2568 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys 2009-06-28 21:05:32 . 2009-02-22 15:55:20 0 d-----w- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-06-24 00:09:12 . 2007-05-17 14:35:06 0 d-----w- C:\Program Files\IObit 2009-06-23 21:24:44 . 2007-04-22 07:15:31 0 d-----w- C:\Program Files\Google 2009-06-15 05:02:50 . 2007-10-16 16:37:16 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-06-12 16:45:27 . 2009-01-26 17:17:36 0 d-----w- C:\Program Files\Windows Desktop Search 2009-06-03 00:04:08 . 2007-03-23 16:51:35 0 d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2009-05-25 04:24:06 . 2008-05-27 03:18:26 350208 ------w- C:\WINDOWS\system32\mssph.dll 2009-05-19 21:25:44 . 2009-02-19 12:16:10 0 d-----w- C:\Documents and Settings\NetworkService\Application Data\SACore 2009-05-19 15:31:27 . 2009-05-19 14:41:14 0 d-----w- C:\Documents and Settings\CHRISTINA\Application Data\Trondent Development Corp 2009-05-19 15:12:39 . 2008-11-26 18:38:45 0 d-----w- C:\Documents and Settings\CHRISTINA\Application Data\IObit 2009-05-19 14:40:46 . 2004-01-21 21:42:40 0 d--h--w- C:\Program Files\InstallShield Installation Information 2009-05-13 05:15:55 . 2006-06-23 15:33:58 915456 ----a-w- C:\WINDOWS\system32\wininet.dll 2009-05-12 19:12:14 . 2005-05-15 23:53:54 26144 ----a-w- C:\WINDOWS\system32\spupdsvc.exe 2009-05-12 15:20:01 . 2004-01-21 21:34:30 0 d-----w- C:\Program Files\Java 2009-05-12 15:18:12 . 2009-05-11 15:30:02 152576 ----a-w- C:\Documents and Settings\CHRISTINA\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-11 16:19:29 . 2009-05-11 16:19:29 0 d-----w- C:\Documents and Settings\NetworkService\Application Data\MySpace 2009-05-11 16:19:13 . 2009-05-11 16:19:13 0 d-----w- C:\Documents and Settings\NetworkService\Application Data\Yahoo! 2009-05-11 11:13:07 . 2004-01-26 23:01:47 91544 ----a-w- C:\Documents and Settings\CHRISTINA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-11 04:47:57 . 2004-02-25 20:04:25 0 d-----w- C:\Program Files\Microsoft Works 2009-05-07 15:32:35 . 2003-07-16 20:32:09 345600 ----a-w- C:\WINDOWS\system32\localspl.dll 2009-05-07 01:23:19 . 2009-05-07 01:23:19 0 d-----w- C:\Program Files\Coupons 2009-05-06 01:53:49 . 2009-05-06 01:53:51 192512 ----a-w- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll 2009-05-06 01:53:49 . 2008-11-19 16:34:43 861448 ----a-w- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-05-06 01:53:49 . 2008-11-19 16:34:43 38664 ----a-w- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-05-04 02:40:34 . 2007-08-06 22:34:58 0 d-----w- C:\Documents and Settings\CHRISTINA\Application Data\Apple Computer 2009-05-04 01:08:02 . 2007-06-17 17:21:19 0 d-----w- C:\Documents and Settings\CHRISTINA\Application Data\LimeWire 2009-05-01 23:34:40 . 2009-01-24 20:03:48 0 d-----w- C:\Program Files\LimeWire 2009-05-01 21:30:08 . 2009-05-01 21:29:30 0 d-----w- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-01 21:30:08 . 2008-12-29 21:35:41 0 d-----w- C:\Program Files\iTunes 2009-05-01 21:29:35 . 2009-05-01 21:29:35 0 d-----w- C:\Program Files\iPod 2009-05-01 21:29:34 . 2007-08-06 22:30:08 0 d-----w- C:\Program Files\Common Files\Apple 2009-05-01 21:26:50 . 2009-05-01 21:25:46 0 d-----w- C:\Program Files\QuickTime 2009-05-01 21:17:47 . 2009-05-01 21:17:47 75048 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-05-01 21:15:06 . 2008-03-21 17:05:24 0 d-----w- C:\Program Files\Safari 2009-05-01 01:23:53 . 2009-05-01 01:23:54 1893936 ----a-w- C:\Documents and Settings\CHRISTINA\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.5.exe 2009-04-17 12:26:40 . 2003-07-16 20:51:25 1847168 ----a-w- C:\WINDOWS\system32\win32k.sys 2009-04-15 14:51:25 . 2004-03-06 02:16:11 585216 ----a-w- C:\WINDOWS\system32\rpcrt4.dll 2009-04-03 22:28:06 . 2009-04-03 22:28:10 1892856 ----a-w- C:\Documents and Settings\CHRISTINA\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.0.exe 2009-04-03 00:37:02 . 2009-04-14 16:06:47 36864 --s-a-r- C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll 2007-04-26 23:41:30 . 2007-04-26 23:38:01 33032192 ----a-w- C:\Program Files\WP11SP1_EN.msp 2007-04-24 19:34:56 . 2007-04-24 19:30:11 353598016 ----a-w- C:\Program Files\SimpleStartFSEDirect.exe 2007-04-21 02:13:44 . 2007-04-21 02:13:51 774144 ----a-w- C:\Program Files\RngInterstitial.dll 2007-05-04 13:57:08 . 2007-04-27 16:31:07 88 --sh--r- C:\WINDOWS\SYSTEM32\566C526187.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2009-04-01 17:16:19 193472 ------w- C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox2\SRSSSC.exe" [2007-03-16 19:22:00 3153920] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360] "YahooWidgetEngine.exe"="C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe" [2007-07-20 17:57:16 2913584] "PlaxoUpdate"="C:\Program Files\Plaxo\3.20.0.13\PlaxoHelper_en.exe" [2009-05-01 15:30:36 379463] "PlaxoSysTray"="C:\Program Files\Plaxo\3.20.0.13\PlaxoSysTray.exe" [2009-05-01 15:29:20 20480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-01-09 01:30:26 645328] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-01-05 20:18:48 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 05:44:24 435096] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 00:04:18 5562368] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-27 15:24:23 68856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "VF0560Inst"="C:\WINDOWS\system32\V0560Pin.dll" [2008-06-02 01:00:00 40960] C:\Documents and Settings\CHRISTINA\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-24 344064] Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-7-20 2913584] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 02:41:34 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"= "C:\\WINDOWS\\SYSTEM32\\ControlSuite.exe"= "C:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"= "C:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Toolbar.exe"= "C:\\Program Files\\Yahoo!\\Widgets\\YahooWidgetEngine.exe"= "C:\\Program Files\\Sonic\\RecordNow!\\RecordNow.exe"= "C:\\Program Files\\Intel\\NCS\\PROSet\\PROSet.exe"= "C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "C:\\Program Files\\InterActual\\InterActual Player\\iPlayer.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Rhapsody\\WiseUpd2.exe"= "C:\\Program Files\\Flickr Uploadr\\Flickr Uploadr.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Intuit\\QuickBooks 2009\\QBW32SimplestartLimited.exe"= R2 IntuitUpdateService;Intuit Update Service;C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 1:37:02 PM 13088] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2/9/2009 2:48:11 PM 210216] R2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 7:19:58 PM 13592] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\WINDOWS\SYSTEM32\DRIVERS\livecamv.sys [1/17/2009 1:47:27 PM 31616] R3 V0560Afx;Creative Camera VF0560 Audio Effects Driver;C:\WINDOWS\SYSTEM32\DRIVERS\V0560Afx.sys [1/17/2009 1:49:44 PM 160768] R3 V0560Vid;Creative Live! Cam Optia AF Driver;C:\WINDOWS\SYSTEM32\DRIVERS\V0560Vid.sys [1/17/2009 1:49:26 PM 286592] S2 gupdate1c995062274baac;Google Update Service (gupdate1c995062274baac);C:\Program Files\Google\Update\GoogleUpdate.exe [2/22/2009 11:56:31 AM 133104] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys --> C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [?] S3 IS360service;IS360service;C:\Program Files\IObit\IObit Security 360\IS360srv.exe [6/23/2009 8:09:14 PM 224528] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-29 C:\WINDOWS\Tasks\Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-22 07:15:37 . 2009-03-24 17:07:43] 2009-06-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22 15:56:31 . 2009-02-22 15:56:23] 2009-06-15 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-02-09 19:47:53 . 2009-01-09 15:53:12] 2009-06-29 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-02-09 19:47:53 . 2009-01-09 15:53:12] 2009-06-29 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20:06 . 2006-11-03 23:20:06] 2009-06-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5DBDA0A7-2B36-4C06-A598-91EEF296D77A}.job - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 15:58:32 . 2009-03-08 08:31:54] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-AOL Fast Start - C:\Program Files\AOL 9.0a\AOL.EXE . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.aol.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab FF - ProfilePath - C:\Documents and Settings\CHRISTINA\Application Data\Mozilla\Firefox\Profiles\tcsd8sk1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p= FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=chrff-brandt_off&type=000106X001US&p= FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: C:\Program Files\MySpace\Toolbar\1.0.45.0\components\MySpaceFFoxTB.dll FF - plugin: C:\Program Files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: C:\Program Files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npkimi.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 .

emeraldnzl View Member Profile	Jun 29 2009, 01:17 AM Post #4
Trusted Helper Posts: 8,068 OS: XP Pro	Hello Cowboylady, Looks like that Combofix txt go cut off. Please post the rest. Also do you know about this program? IObit Security 360

Cowboylady View Member Profile	Jun 29 2009, 08:41 AM Post #5
New Member Posts: 6 From: Byron, GA OS: Windows XP SP3	QUOTE (emeraldnzl @ Jun 29 2009, 03:17 AM) Hello Cowboylady, Looks like that Combofix txt go cut off. Please post the rest. Also do you know about this program? IObit Security 360 Hi! Sorry about that. It was really late here last night when posted. I have Iobit Security 360. Just downloaded last week, but only have the free version (or beta.) I also have Advanced Windows Care Pro but do not keep it running all the time (as well as Windows Defender) due to conflicts with McAfee which I run at all times. I am not very impressed with WD and it can actually be uninstalled or inactivated to keep from conflict with McAfee but I do like some of the additional features AWS offers so I would like to keep. The other concerns beside malware or other that might be slowing my computer down are processes that run that are not necessary and I do not know how to modify (or recognize them all) so that they do not restart. Here is a brief run down of processes I terminate manually when computer gets slow, but they are set up to restart immediately. I don't know how to determine if they are actually bogging things down or not also so if you can give me a little help with that too I would appreciate. Apple programs: such as Mobile Device helper, Bonjour, and related ( I only use rarely when using my daughter's IPOD to get songs off Itunes some) Quickbooks File Monitoring and related Google Updater: (rarely use Google other than checking an email or searching Windows Defender Desktop indexer and search programs: I do not search from my desktop any other that you determine that can be manually started Thanks, Here is complete log file of Combofix: ComboFix 09-06-28.02 - CHRISTINA 06/29/2009 2:14.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.393 [GMT -4:00] Running from: c:\documents and settings\CHRISTINA\Desktop\ComboFix.exe AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\patch.exe c:\windows\system32\ncase.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 ))))))))))))))))))))))))))))))) . 2009-06-26 17:55 . 2009-06-26 18:10 -------- d-----w- c:\documents and settings\CHRISTINA\Local Settings\Application Data\Plaxo 2009-06-26 17:54 . 2009-06-29 06:25 -------- d-----w- c:\program files\Plaxo 2009-06-24 06:13 . 2009-06-24 06:18 -------- d-----w- C:\Rooter$ 2009-06-24 06:04 . 2009-06-24 06:04 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\Malwarebytes 2009-06-24 06:03 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-24 06:03 . 2009-06-24 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-24 06:03 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-24 06:03 . 2009-06-24 06:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-24 05:59 . 2009-06-24 05:59 -------- d-----w- c:\program files\ERUNT 2009-06-24 00:09 . 2009-06-24 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-06-16 18:08 . 2009-06-16 18:09 -------- d-----w- c:\documents and settings\CHRISTINA\My videos 2009-06-11 12:07 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 12:07 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 02:27 . 2009-06-11 02:27 2173616 ----a-w- c:\documents and settings\CHRISTINA\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.45.0.exe 2009-05-31 22:38 . 2009-05-31 22:38 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\gtk-2.0 2009-05-31 22:34 . 2009-05-31 22:35 -------- d-----w- c:\documents and settings\CHRISTINA\.gimp-2.6 2009-05-31 22:34 . 2009-05-31 22:34 -------- d-----w- c:\documents and settings\CHRISTINA\.gegl-0.0 2009-05-31 22:33 . 2009-05-31 22:33 -------- d-----w- c:\program files\GIMP-2.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 22:29 . 2008-11-19 01:55 3239 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-06-28 22:21 . 2007-04-27 16:31 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-28 21:05 . 2009-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-24 00:09 . 2007-05-17 14:35 -------- d-----w- c:\program files\IObit 2009-06-23 21:24 . 2007-04-22 07:15 -------- d-----w- c:\program files\Google 2009-06-15 05:02 . 2007-10-16 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-12 16:45 . 2009-01-26 17:17 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-03 00:04 . 2007-03-23 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-05-25 04:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-19 21:25 . 2009-02-19 12:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore 2009-05-19 15:31 . 2009-05-19 14:41 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\Trondent Development Corp 2009-05-19 15:12 . 2008-11-26 18:38 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\IObit 2009-05-19 14:40 . 2004-01-21 21:42 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-13 05:15 . 2006-06-23 15:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 19:12 . 2005-05-15 23:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-12 15:20 . 2004-01-21 21:34 -------- d-----w- c:\program files\Java 2009-05-12 15:18 . 2009-05-11 15:30 152576 ----a-w- c:\documents and settings\CHRISTINA\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-11 16:19 . 2009-05-11 16:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\MySpace 2009-05-11 16:19 . 2009-05-11 16:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo! 2009-05-11 11:13 . 2004-01-26 23:01 91544 ----a-w- c:\documents and settings\CHRISTINA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-11 04:47 . 2004-02-25 20:04 -------- d-----w- c:\program files\Microsoft Works 2009-05-07 15:32 . 2003-07-16 20:32 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 01:23 . 2009-05-07 01:23 -------- d-----w- c:\program files\Coupons 2009-05-06 01:53 . 2009-05-06 01:53 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll 2009-05-06 01:53 . 2008-11-19 16:34 861448 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-05-06 01:53 . 2008-11-19 16:34 38664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-05-04 02:40 . 2007-08-06 22:34 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\Apple Computer 2009-05-04 01:08 . 2007-06-17 17:21 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\LimeWire 2009-05-01 23:34 . 2009-01-24 20:03 -------- d-----w- c:\program files\LimeWire 2009-05-01 21:30 . 2009-05-01 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-01 21:30 . 2008-12-29 21:35 -------- d-----w- c:\program files\iTunes 2009-05-01 21:29 . 2009-05-01 21:29 -------- d-----w- c:\program files\iPod 2009-05-01 21:29 . 2007-08-06 22:30 -------- d-----w- c:\program files\Common Files\Apple 2009-05-01 21:26 . 2009-05-01 21:25 -------- d-----w- c:\program files\QuickTime 2009-05-01 21:17 . 2009-05-01 21:17 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-05-01 21:15 . 2008-03-21 17:05 -------- d-----w- c:\program files\Safari 2009-05-01 01:23 . 2009-05-01 01:23 1893936 ----a-w- c:\documents and settings\CHRISTINA\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.5.exe 2009-04-17 12:26 . 2003-07-16 20:51 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-03 22:28 . 2009-04-03 22:28 1892856 ----a-w- c:\documents and settings\CHRISTINA\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.0.exe 2009-04-03 00:37 . 2009-04-14 16:06 36864 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll 2007-04-26 23:41 . 2007-04-26 23:38 33032192 ----a-w- c:\program files\WP11SP1_EN.msp 2007-04-24 19:34 . 2007-04-24 19:30 353598016 ----a-w- c:\program files\SimpleStartFSEDirect.exe 2007-04-21 02:13 . 2007-04-21 02:13 774144 ----a-w- c:\program files\RngInterstitial.dll 2007-05-04 13:57 . 2007-04-27 16:31 88 --sh--r- c:\windows\SYSTEM32\566C526187.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2009-04-01 17:16 193472 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox2\SRSSSC.exe" [2007-03-16 3153920] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "YahooWidgetEngine.exe"="c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe" [2007-07-20 2913584] "PlaxoUpdate"="c:\program files\Plaxo\3.20.0.13\PlaxoHelper_en.exe" [2009-05-01 379463] "PlaxoSysTray"="c:\program files\Plaxo\3.20.0.13\PlaxoSysTray.exe" [2009-05-01 20480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-27 68856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "VF0560Inst"="c:\windows\system32\V0560Pin.dll" [2008-06-02 40960] c:\documents and settings\CHRISTINA\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-24 344064] Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-7-20 2913584] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"= "c:\\WINDOWS\\SYSTEM32\\ControlSuite.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Toolbar.exe"= "c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgetEngine.exe"= "c:\\Program Files\\Sonic\\RecordNow!\\RecordNow.exe"= "c:\\Program Files\\Intel\\NCS\\PROSet\\PROSet.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "c:\\Program Files\\InterActual\\InterActual Player\\iPlayer.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Rhapsody\\WiseUpd2.exe"= "c:\\Program Files\\Flickr Uploadr\\Flickr Uploadr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBW32SimplestartLimited.exe"= R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 1:37 PM 13088] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/9/2009 2:48 PM 210216] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\SYSTEM32\DRIVERS\livecamv.sys [1/17/2009 1:47 PM 31616] R3 V0560Afx;Creative Camera VF0560 Audio Effects Driver;c:\windows\SYSTEM32\DRIVERS\V0560Afx.sys [1/17/2009 1:49 PM 160768] R3 V0560Vid;Creative Live! Cam Optia AF Driver;c:\windows\SYSTEM32\DRIVERS\V0560Vid.sys [1/17/2009 1:49 PM 286592] S2 gupdate1c995062274baac;Google Update Service (gupdate1c995062274baac);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 11:56 AM 133104] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys --> c:\windows\system32\DRIVERS\CtClsFlt.sys [?] S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [6/23/2009 8:09 PM 224528] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-22 17:07] 2009-06-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 15:56] 2009-06-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-09 15:53] 2009-06-29 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-09 15:53] 2009-06-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] 2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{5DBDA0A7-2B36-4C06-A598-91EEF296D77A}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-AOL Fast Start - c:\program files\AOL 9.0a\AOL.EXE . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.aol.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab FF - ProfilePath - c:\documents and settings\CHRISTINA\Application Data\Mozilla\Firefox\Profiles\tcsd8sk1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p= FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=chrff-brandt_off&type=000106X001US&p= FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\MySpace\Toolbar\1.0.45.0\components\MySpaceFFoxTB.dll FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-29 02:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1788) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Plaxo\3.20.0.13\plx_hook.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\windows\SYSTEM32\PSIService.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\SYSTEM32\tcpsvcs.exe c:\windows\SYSTEM32\snmp.exe c:\windows\SYSTEM32\fxssvc.exe c:\windows\SYSTEM32\searchindexer.exe c:\windows\SYSTEM32\wscntfy.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\windows\SYSTEM32\notepad.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\windows\SYSTEM32\searchprotocolhost.exe . ************************************************************************ . Completion time: 2009-06-29 2:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-29 06:35 Pre-Run: 43,616,731,136 bytes free Post-Run: 43,548,700,672 bytes free 298 --- E O F --- 2009-06-23 04:11

emeraldnzl View Member Profile	Jun 29 2009, 05:37 PM Post #6
Trusted Helper Posts: 8,068 OS: XP Pro	Hi Cowboylady, The reason I asked you about the IObit Security 360 was because it is a beta version and in testing mode. Often there can be problems with bugs or conflict with products in beta and I was thinking about the symptoms your machine was experiencing and wondering if there was a connection. QUOTE Advanced Windows Care Pro Personally I am not a fan of any products that include registry cleaners. It is generally not necessary to clean your registry. Registry cleaners are notorious for causing problems on peoples computers. Often the problem doesn't appear until well down the track. A small change to the registry can go unnoticed until one day you call on that function and find it won't work anymore or alternatively an associated utility doesn't work properly. QUOTE Windows Defender It is my understanding that usually your anti-virus will turn off Windows Defender when you first install it. This to ensure there is no conflict. You clearly turn it on and off as you want but just for the record here is how to do it: To disable Windows Defender to prevent it from interfering with our fixes. Go to this link for instructions on how to enable/disable Windows Defender http://windowshelp.microsoft.com/Windows/e...1bf0dc1033.mspx QUOTE other that might be slowing my computer down are processes that run that are not necessary You could try this one: Download and install Startuplite. It is a tool to help you stop some programs not immediately needed from loading when you start your computer. They will begin automatically only when you click on them. Might help a bit. You could also download this: Download and install Auslogics Disk Defrag When it finishes it's defrag it might tell you there are junk files to remove. Take no notice of that...just trying to sell you another product. AFT-Cleaner mentioned next will attend to that for you. Now Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Next You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here. If you no-longer have Malwarebytes please download from Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Finally in this post Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job. Kaspersky works with Internet Explorer and Firefox 3. Go to Kaspersky website and perform an online antivirus scan. Note: you will need to turn off your security programs to allow Kaspersky to do its job. Read through the requirements and privacy statement and click on Accept button. It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Copy and paste that information in your next post. So when you return please post MBAM log Kaspersky scan results and tell me how you machine is performing now

Cowboylady View Member Profile	Jul 2 2009, 03:41 AM Post #7
New Member Posts: 6 From: Byron, GA OS: Windows XP SP3	The logs requested are to follow, however, I have a question about the Kaspersky scan: Did it remove the file that it found from my computer? -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Thursday, July 2, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Thursday, July 02, 2009 03:25:15 Records in database: 2413044 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 124772 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 04:00:23 File name / Threat name / Threats count C:\Documents and Settings\CHRISTINA\Shared\anywhere but here jason aldean.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1 The selected area was scanned. MBAM log: Malwarebytes' Anti-Malware 1.38 Database version: 2357 Windows 5.1.2600 Service Pack 3 7/1/2009 3:06:09 AM mbam-log-2009-07-01 (03-06-09).txt Scan type: Quick Scan Objects scanned: 73922 Time elapsed: 7 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

emeraldnzl View Member Profile	Jul 2 2009, 04:59 AM Post #8
Trusted Helper Posts: 8,068 OS: XP Pro	QUOTE Did it remove the file that it found from my computer? Nope, we didn't want it to remove anything in case there was a false positive. We will remove that one though. Now 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: File:: C:\Documents and Settings\CHRISTINA\Shared\anywhere but here jason aldean.mp3 Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review. So when you come back please post Combofix txt and tell me how your machine is performing now

Cowboylady View Member Profile	Jul 3 2009, 12:19 PM Post #9
New Member Posts: 6 From: Byron, GA OS: Windows XP SP3	QUOTE (emeraldnzl @ Jul 2 2009, 06:59 AM) QUOTE Did it remove the file that it found from my computer? Nope, we didn't want it to remove anything in case there was a false positive. We will remove that one though. Now 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: File:: C:\Documents and Settings\CHRISTINA\Shared\anywhere but here jason aldean.mp3 Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review. So when you come back please post Combofix txt and tell me how your machine is performing now ComboFix 09-07-02.02 - CHRISTINA 07/02/2009 23:27.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.565 [GMT -4:00] Running from: c:\documents and settings\CHRISTINA\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\CHRISTINA\Desktop\CFScript.txt AV: McAfee VirusScan On-access scanning enabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\CHRISTINA\Shared\anywhere but here jason aldean.mp3" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\CHRISTINA\Shared\anywhere but here jason aldean.mp3 c:\windows\Installer\e047e9.msi . ((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))))) . 2009-07-01 16:51 . 2009-07-01 16:51 -------- d-----w- c:\documents and settings\CHRISTINA\Local Settings\Application Data\AOL Email Toolbar 2009-07-01 16:51 . 2009-07-01 16:51 -------- d-----w- c:\program files\Common Files\Software Update Utility 2009-07-01 16:51 . 2009-07-01 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Email Toolbar 2009-07-01 16:51 . 2009-07-01 16:51 -------- d-----w- c:\program files\AOL Email Toolbar 2009-06-30 16:57 . 2009-06-30 16:57 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\Auslogics 2009-06-30 16:56 . 2009-06-30 16:56 -------- d-----w- c:\program files\Auslogics 2009-06-26 17:55 . 2009-06-26 18:10 -------- d-----w- c:\documents and settings\CHRISTINA\Local Settings\Application Data\Plaxo 2009-06-26 17:54 . 2009-07-02 10:59 -------- d-----w- c:\program files\Plaxo 2009-06-24 06:13 . 2009-06-24 06:18 -------- d-----w- C:\Rooter$ 2009-06-24 06:04 . 2009-06-24 06:04 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\Malwarebytes 2009-06-24 06:03 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-24 06:03 . 2009-06-24 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-24 06:03 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-24 06:03 . 2009-06-30 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-24 05:59 . 2009-06-24 05:59 -------- d-----w- c:\program files\ERUNT 2009-06-24 00:09 . 2009-06-24 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-06-16 18:08 . 2009-06-16 18:09 -------- d-----w- c:\documents and settings\CHRISTINA\My videos 2009-06-11 12:07 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 12:07 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 02:27 . 2009-06-11 02:27 2173616 ----a-w- c:\documents and settings\CHRISTINA\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.45.0.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-03 01:09 . 2009-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-01 19:54 . 2008-11-19 01:55 3239 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-06-28 22:21 . 2007-04-27 16:31 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-24 00:09 . 2007-05-17 14:35 -------- d-----w- c:\program files\IObit 2009-06-23 21:24 . 2007-04-22 07:15 -------- d-----w- c:\program files\Google 2009-06-15 05:02 . 2007-10-16 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-12 16:45 . 2009-01-26 17:17 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-03 00:04 . 2007-03-23 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-05-31 22:38 . 2009-05-31 22:38 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\gtk-2.0 2009-05-31 22:33 . 2009-05-31 22:33 -------- d-----w- c:\program files\GIMP-2.0 2009-05-25 04:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-19 21:25 . 2009-02-19 12:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore 2009-05-19 15:31 . 2009-05-19 14:41 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\Trondent Development Corp 2009-05-19 15:12 . 2008-11-26 18:38 -------- d-----w- c:\documents and settings\CHRISTINA\Application Data\IObit 2009-05-19 14:40 . 2004-01-21 21:42 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-13 05:15 . 2006-06-23 15:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 19:12 . 2005-05-15 23:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-12 15:20 . 2004-01-21 21:34 -------- d-----w- c:\program files\Java 2009-05-12 15:18 . 2009-05-11 15:30 152576 ----a-w- c:\documents and settings\CHRISTINA\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-11 16:19 . 2009-05-11 16:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\MySpace 2009-05-11 16:19 . 2009-05-11 16:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo! 2009-05-11 11:13 . 2004-01-26 23:01 91544 ----a-w- c:\documents and settings\CHRISTINA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-11 04:47 . 2004-02-25 20:04 -------- d-----w- c:\program files\Microsoft Works 2009-05-07 15:32 . 2003-07-16 20:32 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 01:23 . 2009-05-07 01:23 -------- d-----w- c:\program files\Coupons 2009-05-06 01:53 . 2009-05-06 01:53 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll 2009-05-06 01:53 . 2008-11-19 16:34 861448 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-05-06 01:53 . 2008-11-19 16:34 38664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-05-05 18:16 . 2009-05-05 18:16 68608 ----a-w- c:\documents and settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\aolmailtbres.dll 2009-05-01 21:17 . 2009-05-01 21:17 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-05-01 01:23 . 2009-05-01 01:23 1893936 ----a-w- c:\documents and settings\CHRISTINA\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.5.exe 2009-04-17 12:26 . 2003-07-16 20:51 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2007-04-26 23:41 . 2007-04-26 23:38 33032192 ----a-w- c:\program files\WP11SP1_EN.msp 2007-04-24 19:34 . 2007-04-24 19:30 353598016 ----a-w- c:\program files\SimpleStartFSEDirect.exe 2007-04-21 02:13 . 2007-04-21 02:13 774144 ----a-w- c:\program files\RngInterstitial.dll 2007-05-04 13:57 . 2007-04-27 16:31 88 --sh--r- c:\windows\SYSTEM32\566C526187.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-29_06.27.15 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-03 03:43 . 2009-07-03 03:43 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_8e0.dat + 2009-07-03 03:43 . 2009-07-03 03:43 16384 c:\windows\Temp\Perflib_Perfdata_794.dat + 2009-07-03 03:43 . 2009-07-03 03:43 16384 c:\windows\Temp\Perflib_Perfdata_718.dat - 2002-09-03 08:08 . 2009-06-29 04:20 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT + 2002-09-03 08:08 . 2009-07-03 05:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - 2002-09-03 08:08 . 2009-06-29 04:20 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2002-09-03 08:08 . 2009-07-03 05:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2002-09-03 08:08 . 2009-06-29 04:20 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2002-09-03 08:08 . 2009-07-03 05:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2009-03-05 07:18 . 2009-03-05 07:18 78848 c:\windows\Installer\f6e0a63.msp + 2009-03-05 07:18 . 2009-03-05 07:18 18944 c:\windows\Installer\f6e0a58.msp + 2009-03-24 22:22 . 2009-03-24 22:22 19456 c:\windows\Installer\e1bf4.msp + 2009-03-20 02:35 . 2009-03-20 02:35 18944 c:\windows\Installer\e1bed.msp + 2009-03-20 02:35 . 2009-03-20 02:35 18944 c:\windows\Installer\e1be7.msp + 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\d456647.msp + 2009-05-11 04:08 . 2009-05-11 04:08 88576 c:\windows\Installer\d3457fb.msi + 2009-05-11 19:10 . 2009-05-11 19:10 24064 c:\windows\Installer\bbb678.msi + 2009-07-01 02:33 . 2009-07-01 02:33 22528 c:\windows\Installer\979689e.msi + 2009-01-26 19:02 . 2009-01-26 19:02 20992 c:\windows\Installer\900c382.msi + 2009-01-26 19:02 . 2009-01-26 19:02 52736 c:\windows\Installer\900c37e.msi + 2009-01-26 19:02 . 2009-01-26 19:02 61440 c:\windows\Installer\900c37a.msi + 2009-01-26 19:01 . 2009-01-26 19:01 32256 c:\windows\Installer\900c376.msi + 2009-01-26 18:58 . 2009-01-26 18:58 22528 c:\windows\Installer\900c36b.msi + 2009-03-25 23:42 . 2009-03-25 23:42 25088 c:\windows\Installer\6b58f92.msi + 2009-03-14 01:14 . 2009-03-14 01:14 20992 c:\windows\Installer\53a1269.msp + 2009-03-14 01:17 . 2009-03-14 01:17 19456 c:\windows\Installer\53a11f2.msp + 2009-03-14 01:17 . 2009-03-14 01:17 18944 c:\windows\Installer\53a11eb.msp + 2009-02-27 05:08 . 2009-02-27 05:08 18944 c:\windows\Installer\1e282012.msp + 2009-02-13 03:09 . 2009-02-13 03:09 75776 c:\windows\Installer\1e28200c.msp + 2009-01-24 03:10 . 2009-01-24 03:10 18944 c:\windows\Installer\1a8fb75d.msp + 2007-10-01 00:37 . 2007-10-01 00:37 42496 c:\windows\Installer\198befe.msi + 2009-03-24 15:13 . 2009-03-24 15:13 51712 c:\windows\Installer\18d6858.msi + 2007-10-16 16:39 . 2007-10-16 16:39 48128 c:\windows\Installer\148b17a1.msi + 2008-09-17 21:00 . 2007-04-02 18:34 366080 c:\windows\ServicePackFiles\i386\digreqex.msi + 2008-09-17 21:00 . 2007-04-02 18:34 863232 c:\windows\ServicePackFiles\i386\digopt.msi + 2009-05-11 04:22 . 2009-05-11 04:22 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi + 2009-02-08 04:30 . 2009-02-08 04:30 446464 c:\windows\Installer\fbe67e5.msi + 2009-03-05 07:16 . 2009-03-05 07:16 858112 c:\windows\Installer\f6e0b8a.msp + 2007-04-18 18:54 . 2007-04-18 18:54 270336 c:\windows\Installer\e22e91.msi + 2009-03-20 02:32 . 2009-03-20 02:32 170496 c:\windows\Installer\e1c73.msp + 2009-03-20 02:33 . 2009-03-20 02:33 428544 c:\windows\Installer\e1c5e.msp + 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\d494908.msp + 2009-05-11 04:23 . 2009-05-11 04:23 648192 c:\windows\Installer\d4948e5.msi + 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\d456650.msp + 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\d45664e.msp + 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\d45664c.msp + 2009-05-11 04:20 . 2009-05-11 04:20 137728 c:\windows\Installer\d456646.msi + 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\d345800.msp + 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\d3457fe.msp + 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\d3457fd.msp + 2007-11-17 16:57 . 2007-11-17 16:57 331264 c:\windows\Installer\c95d9c7.msi + 2007-04-18 18:29 . 2007-04-18 18:29 275968 c:\windows\Installer\c8c310.msi + 2007-04-18 18:26 . 2007-04-18 18:26 660992 c:\windows\Installer\c8c30c.msi + 2004-01-21 21:54 . 2004-01-21 21:54 233472 c:\windows\Installer\b252.msi + 2004-01-21 21:54 . 2004-01-21 21:54 171008 c:\windows\Installer\b24c.msi + 2006-11-23 08:00 . 2006-11-23 08:00 428544 c:\windows\Installer\a4629ad.msi + 2007-04-20 00:40 . 2007-04-20 00:40 804864 c:\windows\Installer\9c470.msi + 2009-01-26 19:03 . 2009-01-26 19:03 201728 c:\windows\Installer\900c386.msi + 2007-04-24 19:52 . 2007-04-24 19:52 906240 c:\windows\Installer\8b4ba2.msi + 2007-04-24 19:38 . 2007-04-24 19:38 390656 c:\windows\Installer\8b4b8f.msi + 2009-06-23 21:25 . 2009-06-23 21:25 315392 c:\windows\Installer\6a4d62.msi + 2004-01-21 21:47 . 2004-01-21 21:47 558592 c:\windows\Installer\5a82b.msi + 2004-01-21 21:44 . 2004-01-21 21:44 456704 c:\windows\Installer\5a818.msi + 2004-01-21 21:44 . 2004-01-21 21:44 532992 c:\windows\Installer\5a80d.msi + 2004-01-21 21:42 . 2004-01-21 21:42 559616 c:\windows\Installer\5a7f4.msi + 2004-01-21 21:34 . 2004-01-21 21:34 616448 c:\windows\Installer\5a7d5.msi + 2009-02-04 17:14 . 2009-02-04 17:14 279040 c:\windows\Installer\4d5526.msi + 2008-09-14 14:11 . 2008-09-14 14:11 147968 c:\windows\Installer\4cb12.msi + 2009-04-01 21:48 . 2009-04-01 21:48 130560 c:\windows\Installer\46e131b.msp + 2007-05-11 20:02 . 2007-05-11 20:02 958976 c:\windows\Installer\3fdbb5f.msi + 2007-08-15 03:04 . 2007-08-15 03:04 871424 c:\windows\Installer\3cb964.msi + 2007-08-15 03:00 . 2007-08-15 03:00 431104 c:\windows\Installer\3cb95e.msi + 2007-04-01 21:58 . 2007-04-01 21:58 189952 c:\windows\Installer\36c7696.msi + 2008-11-12 06:03 . 2008-11-12 06:03 432640 c:\windows\Installer\311ab3e.msi + 2008-12-24 20:27 . 2008-12-24 20:27 164352 c:\windows\Installer\2883a8.msi + 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\2079f4e4.msp + 2007-05-31 02:47 . 2007-05-31 02:47 571904 c:\windows\Installer\1fab4715.msi + 2009-02-27 05:08 . 2009-02-27 05:08 151552 c:\windows\Installer\1e28201d.msp + 2007-05-14 08:33 . 2007-05-14 08:33 174080 c:\windows\Installer\1d4419b.msi + 2007-04-19 19:03 . 2007-04-19 19:03 472576 c:\windows\Installer\1acd29.msi + 2009-01-24 03:09 . 2009-01-24 03:09 143360 c:\windows\Installer\1a8fb757.msp + 2009-01-24 03:08 . 2009-01-24 03:08 464896 c:\windows\Installer\1a8fb6be.msp + 2009-02-04 19:01 . 2009-02-04 19:01 562176 c:\windows\Installer\1a6981.msi + 2007-10-15 03:44 . 2007-10-15 03:44 324608 c:\windows\Installer\168c0fc.msp + 2007-10-15 03:46 . 2007-10-15 03:46 324608 c:\windows\Installer\168c0f6.msp + 2007-10-16 16:40 . 2007-10-16 16:40 501248 c:\windows\Installer\148b17b7.msi + 2007-10-16 16:40 . 2007-10-16 16:40 506880 c:\windows\Installer\148b17b2.msi + 2007-10-16 16:40 . 2007-10-16 16:40 516608 c:\windows\Installer\148b17ac.msi + 2007-10-16 16:40 . 2007-10-16 16:40 513024 c:\windows\Installer\148b17a6.msi + 2007-10-16 16:38 . 2007-10-16 16:38 501248 c:\windows\Installer\148b1789.msi + 2007-10-30 00:13 . 2007-10-30 00:13 501248 c:\windows\Installer\147af710.msi + 2008-11-19 01:29 . 2008-11-19 01:29 316928 c:\windows\Installer\132d6e18.msi + 2008-11-19 00:03 . 2008-11-19 00:03 889344 c:\windows\Installer\132d6de0.msi + 2008-11-19 00:03 . 2008-11-19 00:03 591872 c:\windows\Installer\132d6ddb.msi + 2002-09-03 08:06 . 2002-09-03 08:06 264704 c:\windows\Installer\1128E.MSI + 2009-07-02 10:59 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-2-2009\ERDNT.EXE + 2009-07-01 02:39 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\6-30-2009\ERDNT.EXE + 2003-07-16 20:51 . 2004-07-17 18:35 1326080 c:\windows\SYSTEM32\webfldrs.msi + 2004-01-26 23:00 . 2004-01-21 21:34 9121792 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}\Java 2 Runtime Environment, SE v1.4.2.msi + 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi + 2008-09-17 21:02 . 2007-04-02 18:42 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi + 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp + 2007-01-18 22:14 . 2007-01-18 22:14 3463680 c:\windows\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp + 2009-03-05 07:15 . 2009-03-05 07:15 3058176 c:\windows\Installer\f6e0c82.msp + 2009-03-05 07:17 . 2009-03-05 07:17 1856512 c:\windows\Installer\f6e0bf5.msp + 2009-03-24 22:20 . 2009-03-24 22:20 2630656 c:\windows\Installer\e1ce8.msp + 2009-04-04 21:10 . 2009-04-04 21:10 1282560 c:\windows\Installer\d494ab1.msp + 2009-04-04 21:10 . 2009-04-04 21:10 7888384 c:\windows\Installer\d494aaa.msp + 2009-04-04 21:10 . 2009-04-04 21:10 9926144 c:\windows\Installer\d494aa1.msp + 2009-04-04 14:14 . 2009-04-04 14:14 1094656 c:\windows\Installer\d494913.msp + 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\d4948f3.msp + 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\d45664f.msp + 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\d45664d.msp + 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\d45664b.msp + 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\d45664a.msp + 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\d456649.msp + 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\d456648.msp + 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\d345804.msp + 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\d345803.msp + 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\d345802.msp + 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\d345801.msp + 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\d3457ff.msp + 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\d3457fc.msp + 2009-04-24 16:28 . 2009-04-24 16:28 4450816 c:\windows\Installer\d2b8620.msp + 2008-11-13 07:57 . 2008-11-13 07:57 5099520 c:\windows\Installer\cbd193.msp + 2008-10-20 15:18 . 2008-10-20 15:18 6474240 c:\windows\Installer\cbd17f.msp + 2009-05-22 02:39 . 2009-05-22 02:39 1711616 c:\windows\Installer\cae5814.msp + 2008-04-11 22:48 . 2008-04-11 22:48 6774272 c:\windows\Installer\c95e024.msp + 2008-07-16 23:01 . 2008-07-16 23:01 5110272 c:\windows\Installer\c95e00e.msp + 2007-04-18 18:31 . 2007-04-18 18:31 4410368 c:\windows\Installer\c8c319.msi + 2009-01-08 01:25 . 2009-01-08 01:25 5046784 c:\windows\Installer\c57752d.msp + 2008-01-28 23:09 . 2008-01-28 23:09 5055488 c:\windows\Installer\bf2de81.msp + 2007-10-28 15:53 . 2007-10-28 15:53 5047808 c:\windows\Installer\bae4e61.msp + 2009-05-21 21:44 . 2009-05-21 21:44 1401344 c:\windows\Installer\b9eb7fd.msi + 2009-01-27 06:23 . 2009-01-27 06:23 4192256 c:\windows\Installer\b6f9a9b.msi + 2004-01-21 21:54 . 2004-01-21 21:54 1989632 c:\windows\Installer\b248.msi + 2008-04-11 22:08 . 2008-04-11 22:08 6302720 c:\windows\Installer\a81730.msp + 2008-04-26 00:14 . 2008-04-26 00:14 5052928 c:\windows\Installer\a81718.msp + 2008-04-18 18:56 . 2008-04-18 18:56 6215680 c:\windows\Installer\a81704.msp + 2007-04-11 02:40 . 2007-04-11 02:40 1392128 c:\windows\Installer\984d85.msi + 2007-11-22 23:23 . 2007-11-22 23:23 5051904 c:\windows\Installer\90fb9c.msp + 2009-01-26 19:00 . 2009-01-26 19:00 2231296 c:\windows\Installer\900c372.msi + 2004-10-06 23:10 . 2004-10-06 23:10 2652672 c:\windows\Installer\8c13d6d9.msi + 2009-01-20 18:17 . 2009-01-20 18:17 1659392 c:\windows\Installer\860dc66.msi + 2007-04-18 16:57 . 2007-04-18 16:58 4065280 c:\windows\Installer\76629b.msi + 2008-06-05 17:56 . 2008-06-05 17:56 5111808 c:\windows\Installer\73cffde.msp + 2009-03-25 23:40 . 2009-03-25 23:40 4733440 c:\windows\Installer\679c96d.msp + 2004-01-21 21:45 . 2004-01-21 21:45 2778112 c:\windows\Installer\5a823.msi + 2004-01-21 21:44 . 2004-01-21 21:44 1264128 c:\windows\Installer\5a808.msi + 2004-01-21 21:43 . 2004-01-21 21:43 9017344 c:\windows\Installer\5a801.msi + 2004-01-21 21:43 . 2004-01-21 21:43 2303488 c:\windows\Installer\5a7f8.msi + 2004-01-21 21:42 . 2004-01-21 21:42 5564928 c:\windows\Installer\5a7e7.msi + 2004-01-21 21:40 . 2004-01-21 21:40 3443712 c:\windows\Installer\5a7df.msi + 2004-01-21 21:40 . 2004-01-21 21:40 2120192 c:\windows\Installer\5a7da.msi + 2009-05-01 21:31 . 2009-05-01 21:31 1674752 c:\windows\Installer\5867cfb.msi + 2009-05-01 21:30 . 2009-05-01 21:30 3966976 c:\windows\Installer\5867cc9.msi + 2009-05-01 21:26 . 2009-05-01 21:26 8992256 c:\windows\Installer\58679ab.msi + 2009-05-01 21:22 . 2009-05-01 21:22 3293696 c:\windows\Installer\5867708.msi + 2009-05-01 21:15 . 2009-05-01 21:15 2330624 c:\windows\Installer\58675fc.msi + 2007-04-05 22:31 . 2007-04-05 22:31 1142784 c:\windows\Installer\53c62d.msi + 2009-03-14 01:13 . 2009-03-14 01:13 1677312 c:\windows\Installer\53a12ca.msp + 2009-03-14 01:16 . 2009-03-14 01:16 1672192 c:\windows\Installer\53a125a.msp + 2008-11-20 19:48 . 2008-11-20 19:48 5097472 c:\windows\Installer\51a7021.msp + 2008-08-25 23:08 . 2008-08-25 23:08 1549312 c:\windows\Installer\4636035.msi + 2008-10-20 15:19 . 2008-10-20 15:19 5100032 c:\windows\Installer\311ab65.msp + 2008-02-15 12:54 . 2008-02-15 12:54 9736192 c:\windows\Installer\2c6db0b.msp + 2008-03-17 21:55 . 2008-03-17 21:55 5049344 c:\windows\Installer\2c6dae4.msp + 2007-03-31 02:20 . 2007-03-31 02:20 5800960 c:\windows\Installer\282b318.msp + 2007-03-31 02:21 . 2007-03-31 02:21 3886080 c:\windows\Installer\282b307.msp + 2007-06-01 19:54 . 2007-06-01 19:54 9626624 c:\windows\Installer\282b2d3.msp + 2007-07-21 17:26 . 2007-07-21 17:26 7574016 c:\windows\Installer\282b2c2.msp + 2007-07-30 18:44 . 2007-07-30 18:44 1155072 c:\windows\Installer\267915.msi + 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\2079f538.msp + 2009-05-04 11:47 . 2009-05-04 11:47 9124864 c:\windows\Installer\2079f523.msp + 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\2079f50e.msp + 2009-05-07 13:17 . 2009-05-07 13:17 5026816 c:\windows\Installer\2079f4f8.msp + 2009-04-24 16:29 . 2009-04-24 16:29 9013760 c:\windows\Installer\2079f4d1.msp + 2009-02-27 05:05 . 2009-02-27 05:05 3425792 c:\windows\Installer\1e28230c.msp + 2009-03-02 03:23 . 2009-03-02 03:23 1969152 c:\windows\Installer\1e282243.msp + 2009-02-28 09:55 . 2009-02-28 09:55 2728960 c:\windows\Installer\1e2820b4.msp + 2009-02-25 23:08 . 2009-02-25 23:08 8311808 c:\windows\Installer\1d1c445b.msp + 2009-03-28 13:50 . 2009-03-28 13:50 5025792 c:\windows\Installer\1d1c4448.msp + 2008-09-02 15:42 . 2008-09-02 15:42 5104640 c:\windows\Installer\1c96d6b0.msp + 2008-02-25 19:08 . 2008-02-25 19:08 5050368 c:\windows\Installer\1bcff8e6.msp + 2009-01-24 03:09 . 2009-01-24 03:09 2215424 c:\windows\Installer\1a8fb741.msp + 2009-01-24 03:07 . 2009-01-24 03:07 3441152 c:\windows\Installer\1a8fb667.msp + 2007-06-07 00:50 . 2007-06-07 00:50 4466176 c:\windows\Installer\1a57d93.msi + 2007-07-11 15:17 . 2007-07-11 15:17 6743040 c:\windows\Installer\19fefc94.msp + 2009-01-15 07:35 . 2009-01-15 07:35 4830720 c:\windows\Installer\18d685e.msp + 2007-10-15 03:43 . 2007-10-15 03:43 5749760 c:\windows\Installer\168c0d6.msp + 2007-03-27 20:14 . 2007-03-27 20:14 5566464 c:\windows\Installer\14afb01c.msp + 2007-10-01 01:12 . 2007-10-01 01:12 5052416 c:\windows\Installer\149c2847.msp + 2007-05-29 02:01 . 2007-05-29 02:01 4597760 c:\windows\Installer\149c27f7.msp + 2007-10-16 16:40 . 2007-10-16 16:40 1652736 c:\windows\Installer\148b17bc.msi + 2007-10-16 16:39 . 2007-10-16 16:39 1640960 c:\windows\Installer\148b1798.msi + 2007-10-16 16:39 . 2007-10-16 16:39 1713152 c:\windows\Installer\148b178e.msi + 2007-10-16 16:37 . 2007-10-16 16:37 2397184 c:\windows\Installer\148b1784.msi + 2007-10-30 00:13 . 2007-10-30 00:13 1652736 c:\windows\Installer\147af70b.msi + 2007-10-30 00:13 . 2007-10-30 00:13 1652736 c:\windows\Installer\147af703.msi + 2007-10-30 00:12 . 2007-10-30 00:12 2319872 c:\windows\Installer\147af6f2.msi + 2007-10-30 00:11 . 2007-10-30 00:11 2022912 c:\windows\Installer\147af6e7.msi + 2007-04-05 20:49 . 2007-04-05 20:49 5864960 c:\windows\Installer\117b026.msp + 2007-04-05 20:48 . 2007-04-05 20:48 1422848 c:\windows\Installer\117b01f.msp + 2009-02-07 03:31 . 2009-02-07 03:31 5047808 c:\windows\Installer\10c50a.msp + 2008-08-20 18:37 . 2008-08-20 18:37 5107712 c:\windows\Installer\103a3f78.msp + 2009-07-02 10:59 . 2009-07-02 10:59 1060864 c:\windows\ERDNT\AutoBackup\7-2-2009\Users\00000002\UsrClass.dat + 2009-07-02 10:59 . 2009-07-02 10:59 9928704 c:\windows\ERDNT\AutoBackup\7-2-2009\Users\00000001\ntuser.dat + 2009-07-01 02:39 . 2009-07-01 02:39 1060864 c:\windows\ERDNT\AutoBackup\6-30-2009\Users\00000002\UsrClass.dat + 2009-07-01 02:39 . 2009-07-01 02:39 9928704 c:\windows\ERDNT\AutoBackup\6-30-2009\Users\00000001\ntuser.dat + 2007-06-07 00:48 . 2007-06-07 00:48 9834496 c:\windows\Downloaded Installations\{FE6F1783-A2E5-4CFA-8255-BA2C5299B0BB}\URGE.msi + 2007-08-22 01:32 . 2007-08-22 01:32 5277696 c:\windows\Downloaded Installations\{98A091FD-535E-4DE9-A977-EC43764487FE}\MyFantasyMaker.msi + 2006-10-30 08:05 . 2006-10-30 08:05 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.msi + 2007-12-11 08:02 . 2007-12-11 08:02 24487424 c:\windows\Installer\f75cdab.msp + 2008-10-20 15:22 . 2008-10-20 15:22 11758592 c:\windows\Installer\e2c6c6.msp + 2008-10-20 15:21 . 2008-10-20 15:21 11937280 c:\windows\Installer\e2c6b2.msp + 2009-04-04 21:09 . 2009-04-04 21:09 15190016 c:\windows\Installer\d494933.msp + 2009-04-04 15:36 . 2009-04-04 15:36 21390848 c:\windows\Installer\d494914.msp + 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\d4948fd.msp + 2009-05-04 11:49 . 2009-05-04 11:49 10955776 c:\windows\Installer\ceeb52b.msp + 2008-10-20 15:16 . 2008-10-20 15:16 13211648 c:\windows\Installer\cbd1a8.msp + 2008-07-03 15:36 . 2008-07-03 15:36 11937792 c:\windows\Installer\c95e04c.msp + 2008-07-03 15:37 . 2008-07-03 15:37 11759104 c:\windows\Installer\c95e038.msp + 2004-01-21 21:53 . 2004-01-21 21:53 12298240 c:\windows\Installer\b244.msi + 2009-02-25 23:05 . 2009-02-25 23:05 11840000 c:\windows\Installer\af19922.msp + 2009-02-25 23:07 . 2009-02-25 23:07 11646464 c:\windows\Installer\af1990e.msp + 2008-04-11 22:07 . 2008-04-11 22:07 13257728 c:\windows\Installer\a81746.msp + 2007-04-24 19:47 . 2007-04-24 19:48 67772928 c:\windows\Installer\8b4b97.msi + 2007-04-05 14:45 . 2007-04-05 14:45 10723328 c:\windows\Installer\7f34a9b.msp + 2007-04-05 14:42 . 2007-04-05 14:42 19210240 c:\windows\Installer\7f34a47.msp + 2007-05-01 05:09 . 2007-05-01 05:09 12962816 c:\windows\Installer\6d89db.msp + 2008-11-19 16:34 . 2008-11-19 16:34 34966016 c:\windows\Installer\56eb0f3.msp + 2008-11-19 16:34 . 2008-11-19 16:34 17352192 c:\windows\Installer\56eb0f2.msp + 2008-05-21 05:30 . 2008-05-21 05:30 14308864 c:\windows\Installer\48c02.msp + 2009-02-11 20:47 . 2009-02-11 20:47 20803072 c:\windows\Installer\3a93ea9.msp + 2009-03-30 17:50 . 2009-03-30 17:50 25128448 c:\windows\Installer\3a93ea8.msp + 2008-09-24 17:05 . 2008-09-24 17:05 16381440 c:\windows\Installer\311ab51.msp + 2008-06-28 23:20 . 2008-06-28 23:20 10935296 c:\windows\Installer\2d19049e.msi + 2008-01-28 22:07 . 2008-01-28 22:07 19034624 c:\windows\Installer\2c6daf8.msp + 2007-08-06 16:47 . 2007-08-06 16:47 56805888 c:\windows\Installer\2aeb6b.msp + 2007-03-31 02:19 . 2007-03-31 02:19 10893312 c:\windows\Installer\282b2f5.msp + 2007-06-01 19:53 . 2007-06-01 19:53 10255360 c:\windows\Installer\282b2e4.msp + 2008-05-08 18:03 . 2008-05-08 18:03 22272512 c:\windows\Installer\1c92fc7e.msp + 2008-07-30 03:20 . 2008-07-30 03:20 11767296 c:\windows\Installer\1c86d376.msp + 2008-07-30 03:18 . 2008-07-30 03:18 11933184 c:\windows\Installer\1c86d362.msp + 2008-02-25 19:07 . 2008-02-25 19:07 11772416 c:\windows\Installer\1bcff933.msp + 2008-01-28 22:09 . 2008-01-28 22:09 11896320 c:\windows\Installer\1bcff91f.msp + 2008-01-28 22:10 . 2008-01-28 22:10 14201344 c:\windows\Installer\1bcff90a.msp + 2007-05-06 00:27 . 2007-05-06 00:27 13985280 c:\windows\Installer\1b1c892.msi + 2007-05-06 00:25 . 2007-05-06 00:25 22380032 c:\windows\Installer\1b1c88c.msi + 2007-07-11 15:26 . 2007-07-11 15:26 15256576 c:\windows\Installer\19fefcf2.msp + 2007-10-15 03:43 . 2007-10-15 03:43 12743168 c:\windows\Installer\168c0e7.msp + 2007-10-15 03:43 . 2007-10-15 03:43 21981184 c:\windows\Installer\168c0ad.msp + 2007-04-22 00:16 . 2007-04-22 00:16 12490752 c:\windows\Installer\14afb00a.msp + 2007-06-01 19:55 . 2007-06-01 19:55 10824704 c:\windows\Installer\149c2811.msp + 2007-10-30 00:22 . 2007-10-30 00:22 15830016 c:\windows\Installer\147af716.msi + 2009-01-09 21:37 . 2009-01-09 21:37 26120192 c:\windows\Installer\14079da5.msp + 2009-01-09 21:37 . 2009-01-09 21:37 19272704 c:\windows\Installer\14079da4.msp + 2008-11-19 01:22 . 2008-11-19 01:23 45664256 c:\windows\Installer\132d6e12.msi + 2008-08-11 15:51 . 2008-08-11 15:51 15916544 c:\windows\Installer\103a3f64.msp + 2008-08-11 15:49 . 2008-08-11 15:49 22457344 c:\windows\Installer\103a3f50.msp + 2007-04-18 00:30 . 2007-04-18 00:30 12682240 c:\windows\Downloaded Installations\Yahoo Jukebox\Yahoo! Music Jukebox.msi + 2007-08-25 21:32 . 2007-08-25 21:32 12560896 c:\windows\Downloaded Installations\{CA82323F-95EB-46BC-9FEF-C593133CC34F}\Yahoo! Music Jukebox.msi + 2007-11-27 01:37 . 2007-11-27 01:37 12568576 c:\windows\Downloaded Installations\{885582E4-09F5-4CE2-8234-187CEDE982B8}\Yahoo! Music Jukebox.msi + 2008-02-19 14:34 . 2008-02-19 14:34 12545536 c:\windows\Downloaded Installations\{6FB8D67A-9BAD-4361-9B96-E2970783552D}\Yahoo! Music Jukebox.msi + 2009-04-04 21:08 . 2009-04-04 21:08 343058432 c:\windows\Installer\d494a97.msp + 2007-10-15 03:43 . 2007-10-15 03:43 229852160 c:\windows\Installer\168c0a6.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2009-04-01 17:16 193472 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox2\SRSSSC.exe" [2007-03-16 3153920] "YahooWidgetEngine.exe"="c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe" [2007-07-20 2913584] "PlaxoUpdate"="c:\program files\Plaxo\3.20.0.13\PlaxoHelper_en.exe" [2009-05-01 379463] "PlaxoSysTray"="c:\program files\Plaxo\3.20.0.13\PlaxoSysTray.exe" [2009-05-01 20480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-27 68856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "VF0560Inst"="c:\windows\system32\V0560Pin.dll" [2008-06-02 40960] c:\documents and settings\CHRISTINA\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-24 344064] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"= "c:\\WINDOWS\\SYSTEM32\\ControlSuite.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Toolbar.exe"= "c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgetEngine.exe"= "c:\\Program Files\\Sonic\\RecordNow!\\RecordNow.exe"= "c:\\Program Files\\Intel\\NCS\\PROSet\\PROSet.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "c:\\Program Files\\InterActual\\InterActual Player\\iPlayer.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Rhapsody\\WiseUpd2.exe"= "c:\\Program Files\\Flickr Uploadr\\Flickr Uploadr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBW32SimplestartLimited.exe"= R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 1:37 PM 13088] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/9/2009 2:48 PM 210216] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\SYSTEM32\DRIVERS\livecamv.sys [1/17/2009 1:47 PM 31616] R3 V0560Afx;Creative Camera VF0560 Audio Effects Driver;c:\windows\SYSTEM32\DRIVERS\V0560Afx.sys [1/17/2009 1:49 PM 160768] R3 V0560Vid;Creative Live! Cam Optia AF Driver;c:\windows\SYSTEM32\DRIVERS\V0560Vid.sys [1/17/2009 1:49 PM 286592] S2 gupdate1c995062274baac;Google Update Service (gupdate1c995062274baac);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 11:56 AM 133104] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys --> c:\windows\system32\DRIVERS\CtClsFlt.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-22 17:07] 2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 15:56] 2009-06-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-09 15:53] 2009-06-29 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-09 15:53] 2009-07-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] 2009-07-03 c:\windows\Tasks\User_Feed_Synchronization-{5DBDA0A7-2B36-4C06-A598-91EEF296D77A}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.aol.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: &AOL Email Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab FF - ProfilePath - c:\documents and settings\CHRISTINA\Application Data\Mozilla\Firefox\Profiles\tcsd8sk1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - AOL Search FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-ab-en-us&query= FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\MySpace\Toolbar\1.0.45.0\components\MySpaceFFoxTB.dll FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-03 03:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\TEMP\mcafee_suO0bMjGZygouua 0 bytes scan completed successfully hidden files: 1 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3132) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Plaxo\3.20.0.13\plx_hook.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\windows\SYSTEM32\PSIService.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\SYSTEM32\tcpsvcs.exe c:\windows\SYSTEM32\snmp.exe c:\windows\SYSTEM32\fxssvc.exe c:\windows\SYSTEM32\searchindexer.exe c:\progra~1\McAfee\VIRUSS~1\mcods.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe . ************************************************************************ . Completion time: 2009-07-03 3:49 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-03 07:48 ComboFix2.txt 2009-06-29 06:36 Pre-Run: 42,892,439,552 bytes free Post-Run: 43,087,237,120 bytes free 560 --- E O F --- 2009-07-02 17:34 So far the computer is doing good with no freezeups. I am so thankful for your help and patience...mwahhh.

emeraldnzl View Member Profile	Jul 3 2009, 03:27 PM Post #10
Trusted Helper Posts: 8,068 OS: XP Pro	Hello Cowboylady, Almost there now. Just one that I think we should play on the safe with and remove and one scan to check for another possible infection. Now 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: c:\windows\system32\V0560Pin.dll Registry:: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "VF0560Inst"=- Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review. Next Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet. So when you return please post Combofix.txt Goored.txt

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal I need help to take off A lot of malware or spyware from my computer&#	5 / 953	3rd December 2007 - 05:04 AM flash86 started - last by Kenny94
Virus, Spyware and Trojan Removal malware is slowing computer down and randomly clicking?	0 / 57	26th August 2009 - 04:44 PM UMan01 started - last by UMan01
Virus, Spyware and Trojan Removal My pc slow down maybe Malware or Spyware	0 / 37	8th November 2009 - 04:48 PM Vicadi started - last by Vicadi
Windows XP™, 2000, 2003, NT Malware or Spyware?	4 / 59	12th November 2009 - 02:47 PM woodworks started - last by rshaffer61