Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

1000s od Pos fules, makeing computer slow and freezing [RESOLVED]


  • This topic is locked This topic is locked

#1
Taco130

Taco130

    Member

  • Member
  • PipPip
  • 54 posts
HI i have Pos tem files on my C drive, it makes it slow and it freezes alot. i also get alot of pop up on I.E
here is my log of HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:42 AM, on 2/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tony Bown\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/l...0001f5e340aRCRD
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\System32\geeby.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [a45da58b] rundll32.exe "C:\WINDOWS\System32\jklyscyy.dll",b
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm027YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...23.9/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlon...2ie06011811.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7865 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Taco130

Please do not make multple topics.

I am closing all of them but this one.
==========================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Sorry about that here is my combofix log

ComboFix 08-02-14.2 - Tony Bown 2008-02-16 8:06:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.228 [GMT -8:00]
Running from: C:\Documents and Settings\Tony Bown\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\xqgcjyrh.dll
C:\Autorun.inf
C:\Documents and Settings\Olivia\Application Data\FunWebProducts
C:\Documents and Settings\Olivia\Application Data\FunWebProducts\Data\Olivia\avatar.dat
C:\Documents and Settings\Olivia\Application Data\FunWebProducts\Data\Olivia\register.dat
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\00040125
C:\Program Files\MyWebSearch\bar\Cache\0006F474
C:\Program Files\MyWebSearch\bar\Cache\00113025.bin
C:\Program Files\MyWebSearch\bar\Cache\0011340D.bin
C:\Program Files\MyWebSearch\bar\Cache\0011366E.bin
C:\Program Files\MyWebSearch\bar\Cache\00113882.bin
C:\Program Files\MyWebSearch\bar\Cache\00113B70.bin
C:\Program Files\MyWebSearch\bar\Cache\001387E0
C:\Program Files\MyWebSearch\bar\Cache\00157A2B
C:\Program Files\MyWebSearch\bar\Cache\00CB83F9.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8801.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8A23.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8C75.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8EE6.bin
C:\Program Files\MyWebSearch\bar\Cache\0116526D.bin
C:\Program Files\MyWebSearch\bar\Cache\0116554B.bin
C:\Program Files\MyWebSearch\bar\Cache\0116578D.bin
C:\Program Files\MyWebSearch\bar\Cache\0116648E
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\xpreload.ocx
C:\WINDOWS\smbols~1
C:\WINDOWS\smbols~1\mshta .exe
C:\WINDOWS\smbols~1\mshta.exe
C:\WINDOWS\smbols~1\s?mbols\
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\b3\timedrdll2.exe
C:\WINDOWS\SYSTEM32\bbsynqbc.ini
C:\WINDOWS\SYSTEM32\cbsdpoht.ini
C:\WINDOWS\SYSTEM32\cbsdpoht.ini2
C:\WINDOWS\SYSTEM32\cbsdpoht.tmp
C:\WINDOWS\system32\cuacfjuy.dll
C:\WINDOWS\system32\e9
C:\WINDOWS\system32\e9\farstadcom2.exe
C:\WINDOWS\SYSTEM32\ehhkj.ini
C:\WINDOWS\SYSTEM32\ehhkj.ini2
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\iifefee.dll
C:\WINDOWS\system32\imxjyroj.dll
C:\WINDOWS\system32\ionteypj.dll
C:\WINDOWS\SYSTEM32\iyeiajvt.ini
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jklyscyy.dll
C:\WINDOWS\system32\kalkmglu.dll
C:\WINDOWS\system32\kkdfprnc.dll
C:\WINDOWS\SYSTEM32\kkvtynew.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\nwwcdruw.ini
C:\WINDOWS\system32\nyubaige.dll
C:\WINDOWS\SYSTEM32\omiewslt.ini
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\phuytunb.ini
C:\WINDOWS\system32\RCX10.tmp
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCX12.tmp
C:\WINDOWS\system32\RCX98.tmp
C:\WINDOWS\system32\RCXA.tmp
C:\WINDOWS\system32\RCXD.tmp
C:\WINDOWS\system32\RCXE.tmp
C:\WINDOWS\system32\RCXF.tmp
C:\WINDOWS\system32\t8
C:\WINDOWS\SYSTEM32\uiyimwyw.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wnsintisv.exe
C:\WINDOWS\system32\wyklujgo.dll
C:\WINDOWS\system32\xqgcjyrh.dll
C:\WINDOWS\system32\xqgcjyrh.dllbox
C:\WINDOWS\SYSTEM32\ymwytcbf.ini
C:\WINDOWS\SYSTEM32\yujfcauc.ini
C:\WINDOWS\SYSTEM32\yycsylkj.ini
C:\Program Files\MyWebSearch

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 17:20 . 2008-02-15 18:00 834 --ahs---- C:\WINDOWS\SYSTEM32\ewujrlkp.ini
2008-02-14 19:20 . 2008-02-15 17:14 714 --ahs---- C:\WINDOWS\SYSTEM32\niykgeum.ini
2008-02-13 17:30 . 2008-02-13 17:30 <DIR> d-------- C:\Program Files\Google
2008-02-12 18:32 . 2008-02-13 18:33 954 --ahs---- C:\WINDOWS\SYSTEM32\amkrkcny.ini
2008-02-12 17:48 . 2008-02-12 17:48 3,584 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-12 17:18 . 2008-02-12 17:18 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Lavasoft
2008-02-11 21:38 . 2008-02-11 21:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 21:37 . 2008-02-11 21:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 21:37 . 2008-02-11 21:37 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-11 16:42 . 2008-02-12 18:20 <DIR> d-------- C:\VundoFix Backups
2008-02-11 15:28 . 2008-02-11 15:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-10 20:21 . 2008-02-09 22:05 8,033 --a------ C:\Copy of posFFBA.tmp
2008-02-10 09:20 . 2008-02-10 09:20 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX81C.tmp
2008-02-09 15:47 . 2008-02-10 16:00 2,058,470 --ahs---- C:\WINDOWS\SYSTEM32\siebwnse.ini
2008-02-08 22:05 . 2008-02-08 22:05 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX81F.tmp
2008-02-08 15:48 . 2008-02-09 14:17 2,135,766 --ahs---- C:\WINDOWS\SYSTEM32\mqrpuqmr.ini
2008-02-08 07:32 . 2008-02-08 07:32 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX7AF.tmp
2008-02-07 16:51 . 2008-02-07 16:51 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXF30F.tmp
2008-02-07 15:47 . 2008-02-08 15:47 2,151,640 --ahs---- C:\WINDOWS\SYSTEM32\lhecngkw.ini
2008-02-07 15:29 . 2008-02-07 15:29 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX2DC.tmp
2008-02-06 17:10 . 2008-02-11 16:11 <DIR> d-------- C:\Program Files\Common Files\ErrClean
2008-02-06 17:10 . 2008-02-06 17:10 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\errclean
2008-02-05 15:44 . 2008-02-05 15:44 90,688 --a------ C:\WINDOWS\SYSTEM32\tlsweimo.dll
2008-02-02 16:34 . 2008-02-02 16:34 <DIR> d-------- C:\Documents and Settings\Olivia\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 19:54 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-29 17:03 . 2004-03-29 17:48 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2008-01-29 17:03 . 2004-03-10 09:59 593,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\xpsp2res.dll
2008-01-29 17:03 . 2004-03-29 17:48 548,352 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2008-01-29 17:03 . 2004-03-29 17:48 439,808 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2008-01-29 17:03 . 2004-03-29 17:48 253,440 --a------ C:\WINDOWS\SYSTEM32\h323.tsp
2008-01-29 17:03 . 2004-03-29 17:48 40,960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\evtgprov.dll
2008-01-29 16:27 . 2008-02-15 18:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 19:08 . 2008-01-28 19:41 24,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\7584C502-07D0-40F9-815D-9CAE81D4C442.cxv
2008-01-28 19:02 . 2008-01-28 19:04 2,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\F829505C-F3B2-477B-8B10-8A550DA3EB78.cxv
2008-01-28 18:58 . 2008-01-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-28 17:21 . 2008-01-28 17:21 <DIR> d---s---- C:\Documents and Settings\Olivia\UserData
2008-01-27 10:02 . 2008-01-27 10:02 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX1B6C.tmp
2008-01-26 12:03 . 2008-01-26 12:03 <DIR> d-------- C:\Program Files\Atari
2008-01-26 09:53 . 2008-01-26 09:53 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXAFE.tmp
2008-01-23 18:27 . 2008-02-14 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 14:51 . 2008-01-20 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-20 14:38 . 2008-01-20 14:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-20 13:58 . 2008-01-20 13:58 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX1427.tmp
2008-01-19 12:07 . 2008-01-19 12:07 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 09:59 . 2005-06-24 17:05 16,958 --a------ C:\WINDOWS\SYSTEM32\evga.ico
2008-01-19 09:58 . 2008-01-19 09:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\EVGA
2008-01-19 09:58 . 2006-04-28 15:47 573,440 --a------ C:\WINDOWS\SYSTEM32\nvhwvid.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcodins.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcod.dll
2008-01-19 09:52 . 2008-01-19 09:52 552 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2008-01-18 21:46 . 2008-01-18 21:46 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX37CA.tmp
2008-01-18 20:52 . 2008-01-28 19:24 <DIR> d-------- C:\Program Files\CCleaner
2008-01-16 19:57 . 2008-01-16 19:57 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX13BF.tmp
2008-01-16 19:03 . 2008-01-16 19:03 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXE51.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 01:48 --------- d-----w C:\Program Files\The Learning Company
2008-02-12 00:10 --------- d-----w C:\Program Files\QuickTime
2008-02-12 00:10 --------- d-----w C:\Program Files\iTunes
2008-02-09 18:21 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-07 23:50 --------- d-----w C:\Program Files\DellSupport
2008-01-29 02:50 90,112 ----a-w C:\WINDOWS\UpdReg .EXE
2008-01-29 02:49 431,104 ----a-w C:\WINDOWS\UpdReg.EXE
2008-01-26 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\Weather Studio
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Weather Studio
2008-01-21 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-20 23:21 90,584 ----a-w C:\Documents and Settings\Tony Bown\Application Data\GDIPFONTCACHEV1.DAT
2008-01-19 17:17 --------- d-----w C:\Program Files\Microsoft Games
2008-01-19 06:09 --------- d-----w C:\Program Files\Electronic Arts
2008-01-19 04:02 --------- d-----w C:\Program Files\Activision
2008-01-18 01:34 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Weather Studio
2008-01-15 23:27 --------- d-----w C:\Program Files\Starcraft
2008-01-15 02:56 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\U3
2008-01-14 20:21 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\MSN6
2008-01-10 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-03 23:34 --------- d-----w C:\Program Files\Bethesda Softworks
2008-01-03 23:28 --------- d--h--r C:\Documents and Settings\Tony Bown\Application Data\SecuROM
2007-12-25 20:21 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Apple Computer
2007-12-25 20:11 --------- d-----w C:\Program Files\iPod
2007-12-25 19:59 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:57 --------- d-----w C:\Documents and Settings\Olivia\Application Data\HP
2007-12-25 19:56 --------- d--h--w C:\Documents and Settings\Olivia\Application Data\GTek
2007-12-25 18:37 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-25 18:37 22,328 ----a-w C:\Documents and Settings\Tony Bown\Application Data\PnkBstrK.sys
2004-04-05 07:10 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2004-04-05 06:19 6,262,872 ----a-w C:\Program Files\psa2se_us.exe
.
[code=auto:0]<pre>
----a-w 368,706 2008-01-29 02:50:44 C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w 787,696 2008-01-28 02:51:52 C:\Program Files\CCleaner\CCleaner .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-11 23:05:24 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:13 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:10 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:07 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:06 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:02 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 135,264 2008-01-29 02:50:32 C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w 460,784 2008-02-07 23:51:00 C:\Program Files\DellSupport\DSAgnt .exe
----a-w 49,152 2008-01-29 02:51:02 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w 45,056 2008-01-29 02:51:00 C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX .exe
----a-w 267,048 2008-02-11 23:04:42 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 513,024 2008-02-02 04:34:49 C:\Program Files\McAfee.com\Agent\MC0D97~1 .EXE
----a-w 513,024 2008-02-02 04:40:47 C:\Program Files\McAfee.com\Agent\MC0D97~2 .EXE
----a-w 513,024 2008-02-02 04:48:13 C:\Program Files\McAfee.com\Agent\MC0D97~3 .EXE
----a-w 513,024 2008-02-02 05:41:09 C:\Program Files\McAfee.com\Agent\MC0D97~4 .EXE
----a-w 513,024 2008-02-01 22:50:41 C:\Program Files\McAfee.com\Agent\MC1795~1 .EXE
----a-w 513,024 2008-02-02 02:57:00 C:\Program Files\McAfee.com\Agent\MC1795~2 .EXE
----a-w 513,024 2008-02-02 04:31:05 C:\Program Files\McAfee.com\Agent\MC1795~3 .EXE
----a-w 513,024 2008-02-02 04:33:33 C:\Program Files\McAfee.com\Agent\MC1795~4 .EXE
----a-w 513,024 2008-01-31 00:22:14 C:\Program Files\McAfee.com\Agent\MC1A3F~1 .EXE
----a-w 513,024 2008-01-31 00:30:14 C:\Program Files\McAfee.com\Agent\MC1A3F~2 .EXE
----a-w 513,024 2008-01-31 16:25:35 C:\Program Files\McAfee.com\Agent\MC1A3F~3 .EXE
----a-w 513,024 2008-02-01 03:44:52 C:\Program Files\McAfee.com\Agent\MC1A3F~4 .EXE
----a-w 513,024 2008-02-07 02:01:08 C:\Program Files\McAfee.com\Agent\MC7024~1 .EXE
----a-w 513,024 2008-02-07 02:58:21 C:\Program Files\McAfee.com\Agent\MC7024~2 .EXE
----a-w 513,024 2008-02-07 05:42:25 C:\Program Files\McAfee.com\Agent\MC7024~3 .EXE
----a-w 513,024 2008-02-07 06:13:35 C:\Program Files\McAfee.com\Agent\MC7024~4 .EXE
----a-w 513,024 2008-02-10 23:57:15 C:\Program Files\McAfee.com\Agent\MC7813~1 .EXE
----a-w 513,024 2008-02-11 03:07:46 C:\Program Files\McAfee.com\Agent\MC7813~2 .EXE
----a-w 513,024 2008-02-11 04:16:11 C:\Program Files\McAfee.com\Agent\MC7813~3 .EXE
----a-w 513,024 2008-02-11 06:54:00 C:\Program Files\McAfee.com\Agent\MC7813~4 .EXE
----a-w 513,024 2008-02-09 18:09:22 C:\Program Files\McAfee.com\Agent\MC8811~1 .EXE
----a-w 513,024 2008-02-10 06:41:44 C:\Program Files\McAfee.com\Agent\MC8811~2 .EXE
----a-w 513,024 2008-02-10 16:14:44 C:\Program Files\McAfee.com\Agent\MC8811~3 .EXE
----a-w 513,024 2008-02-10 17:19:31 C:\Program Files\McAfee.com\Agent\MC8811~4 .EXE
----a-w 513,024 2008-02-02 19:42:41 C:\Program Files\McAfee.com\Agent\MC8C1F~1 .EXE
----a-w 513,024 2008-02-03 20:40:18 C:\Program Files\McAfee.com\Agent\MC8C1F~2 .EXE
----a-w 513,024 2008-02-03 22:23:43 C:\Program Files\McAfee.com\Agent\MC8C1F~3 .EXE
----a-w 513,024 2008-02-03 22:38:33 C:\Program Files\McAfee.com\Agent\MC8C1F~4 .EXE
----a-w 513,024 2008-02-08 15:32:16 C:\Program Files\McAfee.com\Agent\MC8F18~1 .EXE
----a-w 513,024 2008-02-09 03:51:22 C:\Program Files\McAfee.com\Agent\MC8F18~2 .EXE
----a-w 513,024 2008-02-09 04:55:29 C:\Program Files\McAfee.com\Agent\MC8F18~3 .EXE
----a-w 513,024 2008-02-09 06:04:50 C:\Program Files\McAfee.com\Agent\MC8F18~4 .EXE
----a-w 513,024 2008-02-03 23:06:06 C:\Program Files\McAfee.com\Agent\MC9890~1 .EXE
----a-w 513,024 2008-02-04 23:40:00 C:\Program Files\McAfee.com\Agent\MC9890~2 .EXE
----a-w 513,024 2008-02-05 01:54:21 C:\Program Files\McAfee.com\Agent\MC9890~3 .EXE
----a-w 513,024 2008-02-05 23:05:57 C:\Program Files\McAfee.com\Agent\MC9890~4 .EXE
----a-w 192,512 2008-01-29 02:50:22 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 513,024 2008-02-06 19:17:45 C:\Program Files\McAfee.com\Agent\MCF024~1 .EXE
----a-w 513,024 2008-02-06 23:25:08 C:\Program Files\McAfee.com\Agent\MCF024~2 .EXE
----a-w 513,024 2008-02-07 01:51:50 C:\Program Files\McAfee.com\Agent\MCF024~3 .EXE
----a-w 513,024 2008-02-07 01:55:28 C:\Program Files\McAfee.com\Agent\MCF024~4 .EXE
----a-w 513,024 2008-02-11 23:04:19 C:\Program Files\McAfee.com\Agent\MCF71D~1 .EXE
----a-w 513,024 2008-02-12 00:10:58 C:\Program Files\McAfee.com\Agent\MCF71D~2 .EXE
----a-w 513,024 2008-02-07 23:28:55 C:\Program Files\McAfee.com\Agent\MCF814~1 .EXE
----a-w 513,024 2008-02-07 23:50:05 C:\Program Files\McAfee.com\Agent\MCF814~2 .EXE
----a-w 513,024 2008-02-08 00:28:04 C:\Program Files\McAfee.com\Agent\MCF814~3 .EXE
----a-w 513,024 2008-02-08 00:51:02 C:\Program Files\McAfee.com\Agent\MCF814~4 .EXE
----a-w 513,024 2008-01-29 03:06:03 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 513,024 2008-01-30 00:13:44 C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w 513,024 2008-01-30 02:17:05 C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w 513,024 2008-01-30 06:15:36 C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w 513,024 2008-01-30 21:23:54 C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
----a-w 139,264 2008-01-29 02:50:39 C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w 1,670,144 2008-02-11 23:06:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 241,714 2008-01-29 02:50:15 C:\Program Files\Microsoft Money\System\Activation .exe
----a-w 652,288 2008-02-12 00:10:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 23:04:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 06:54:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 04:16:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 03:07:48 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 23:57:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 17:19:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 16:14:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 06:41:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 18:09:24 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 06:04:53 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 04:55:32 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 03:51:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 15:32:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:51:03 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:28:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:50:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:28:56 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 06:13:35 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 05:42:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:58:23 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:01:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:55:30 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:51:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 23:25:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 19:17:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 23:05:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 01:54:22 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 23:06:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:38:36 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:23:44 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 20:40:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 19:42:42 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 05:41:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:48:15 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:40:50&nbs
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you please repost the Combofix log it was cut off
Break it up into 2 posts please.
  • 0

#5
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
here is the combofix one

ComboFix 08-02-14.2 - Tony Bown 2008-02-16 8:06:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.228 [GMT -8:00]
Running from: C:\Documents and Settings\Tony Bown\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\xqgcjyrh.dll
C:\Autorun.inf
C:\Documents and Settings\Olivia\Application Data\FunWebProducts
C:\Documents and Settings\Olivia\Application Data\FunWebProducts\Data\Olivia\avatar.dat
C:\Documents and Settings\Olivia\Application Data\FunWebProducts\Data\Olivia\register.dat
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\00040125
C:\Program Files\MyWebSearch\bar\Cache\0006F474
C:\Program Files\MyWebSearch\bar\Cache\00113025.bin
C:\Program Files\MyWebSearch\bar\Cache\0011340D.bin
C:\Program Files\MyWebSearch\bar\Cache\0011366E.bin
C:\Program Files\MyWebSearch\bar\Cache\00113882.bin
C:\Program Files\MyWebSearch\bar\Cache\00113B70.bin
C:\Program Files\MyWebSearch\bar\Cache\001387E0
C:\Program Files\MyWebSearch\bar\Cache\00157A2B
C:\Program Files\MyWebSearch\bar\Cache\00CB83F9.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8801.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8A23.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8C75.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8EE6.bin
C:\Program Files\MyWebSearch\bar\Cache\0116526D.bin
C:\Program Files\MyWebSearch\bar\Cache\0116554B.bin
C:\Program Files\MyWebSearch\bar\Cache\0116578D.bin
C:\Program Files\MyWebSearch\bar\Cache\0116648E
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\xpreload.ocx
C:\WINDOWS\smbols~1
C:\WINDOWS\smbols~1\mshta .exe
C:\WINDOWS\smbols~1\mshta.exe
C:\WINDOWS\smbols~1\s?mbols\
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\b3\timedrdll2.exe
C:\WINDOWS\SYSTEM32\bbsynqbc.ini
C:\WINDOWS\SYSTEM32\cbsdpoht.ini
C:\WINDOWS\SYSTEM32\cbsdpoht.ini2
C:\WINDOWS\SYSTEM32\cbsdpoht.tmp
C:\WINDOWS\system32\cuacfjuy.dll
C:\WINDOWS\system32\e9
C:\WINDOWS\system32\e9\farstadcom2.exe
C:\WINDOWS\SYSTEM32\ehhkj.ini
C:\WINDOWS\SYSTEM32\ehhkj.ini2
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\iifefee.dll
C:\WINDOWS\system32\imxjyroj.dll
C:\WINDOWS\system32\ionteypj.dll
C:\WINDOWS\SYSTEM32\iyeiajvt.ini
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jklyscyy.dll
C:\WINDOWS\system32\kalkmglu.dll
C:\WINDOWS\system32\kkdfprnc.dll
C:\WINDOWS\SYSTEM32\kkvtynew.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\nwwcdruw.ini
C:\WINDOWS\system32\nyubaige.dll
C:\WINDOWS\SYSTEM32\omiewslt.ini
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\phuytunb.ini
C:\WINDOWS\system32\RCX10.tmp
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCX12.tmp
C:\WINDOWS\system32\RCX98.tmp
C:\WINDOWS\system32\RCXA.tmp
C:\WINDOWS\system32\RCXD.tmp
C:\WINDOWS\system32\RCXE.tmp
C:\WINDOWS\system32\RCXF.tmp
C:\WINDOWS\system32\t8
C:\WINDOWS\SYSTEM32\uiyimwyw.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wnsintisv.exe
C:\WINDOWS\system32\wyklujgo.dll
C:\WINDOWS\system32\xqgcjyrh.dll
C:\WINDOWS\system32\xqgcjyrh.dllbox
C:\WINDOWS\SYSTEM32\ymwytcbf.ini
C:\WINDOWS\SYSTEM32\yujfcauc.ini
C:\WINDOWS\SYSTEM32\yycsylkj.ini
C:\Program Files\MyWebSearch

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 17:20 . 2008-02-15 18:00 834 --ahs---- C:\WINDOWS\SYSTEM32\ewujrlkp.ini
2008-02-14 19:20 . 2008-02-15 17:14 714 --ahs---- C:\WINDOWS\SYSTEM32\niykgeum.ini
2008-02-13 17:30 . 2008-02-13 17:30 <DIR> d-------- C:\Program Files\Google
2008-02-12 18:32 . 2008-02-13 18:33 954 --ahs---- C:\WINDOWS\SYSTEM32\amkrkcny.ini
2008-02-12 17:48 . 2008-02-12 17:48 3,584 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-12 17:18 . 2008-02-12 17:18 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Lavasoft
2008-02-11 21:38 . 2008-02-11 21:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 21:37 . 2008-02-11 21:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 21:37 . 2008-02-11 21:37 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-11 16:42 . 2008-02-12 18:20 <DIR> d-------- C:\VundoFix Backups
2008-02-11 15:28 . 2008-02-11 15:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-10 20:21 . 2008-02-09 22:05 8,033 --a------ C:\Copy of posFFBA.tmp
2008-02-10 09:20 . 2008-02-10 09:20 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX81C.tmp
2008-02-09 15:47 . 2008-02-10 16:00 2,058,470 --ahs---- C:\WINDOWS\SYSTEM32\siebwnse.ini
2008-02-08 22:05 . 2008-02-08 22:05 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX81F.tmp
2008-02-08 15:48 . 2008-02-09 14:17 2,135,766 --ahs---- C:\WINDOWS\SYSTEM32\mqrpuqmr.ini
2008-02-08 07:32 . 2008-02-08 07:32 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX7AF.tmp
2008-02-07 16:51 . 2008-02-07 16:51 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXF30F.tmp
2008-02-07 15:47 . 2008-02-08 15:47 2,151,640 --ahs---- C:\WINDOWS\SYSTEM32\lhecngkw.ini
2008-02-07 15:29 . 2008-02-07 15:29 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX2DC.tmp
2008-02-06 17:10 . 2008-02-11 16:11 <DIR> d-------- C:\Program Files\Common Files\ErrClean
2008-02-06 17:10 . 2008-02-06 17:10 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\errclean
2008-02-05 15:44 . 2008-02-05 15:44 90,688 --a------ C:\WINDOWS\SYSTEM32\tlsweimo.dll
2008-02-02 16:34 . 2008-02-02 16:34 <DIR> d-------- C:\Documents and Settings\Olivia\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 19:54 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-29 17:03 . 2004-03-29 17:48 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2008-01-29 17:03 . 2004-03-10 09:59 593,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\xpsp2res.dll
2008-01-29 17:03 . 2004-03-29 17:48 548,352 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2008-01-29 17:03 . 2004-03-29 17:48 439,808 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2008-01-29 17:03 . 2004-03-29 17:48 253,440 --a------ C:\WINDOWS\SYSTEM32\h323.tsp
2008-01-29 17:03 . 2004-03-29 17:48 40,960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\evtgprov.dll
2008-01-29 16:27 . 2008-02-15 18:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 19:08 . 2008-01-28 19:41 24,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\7584C502-07D0-40F9-815D-9CAE81D4C442.cxv
2008-01-28 19:02 . 2008-01-28 19:04 2,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\F829505C-F3B2-477B-8B10-8A550DA3EB78.cxv
2008-01-28 18:58 . 2008-01-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-28 17:21 . 2008-01-28 17:21 <DIR> d---s---- C:\Documents and Settings\Olivia\UserData
2008-01-27 10:02 . 2008-01-27 10:02 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX1B6C.tmp
2008-01-26 12:03 . 2008-01-26 12:03 <DIR> d-------- C:\Program Files\Atari
2008-01-26 09:53 . 2008-01-26 09:53 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXAFE.tmp
2008-01-23 18:27 . 2008-02-14 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 14:51 . 2008-01-20 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-20 14:38 . 2008-01-20 14:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-20 13:58 . 2008-01-20 13:58 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX1427.tmp
2008-01-19 12:07 . 2008-01-19 12:07 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 09:59 . 2005-06-24 17:05 16,958 --a------ C:\WINDOWS\SYSTEM32\evga.ico
2008-01-19 09:58 . 2008-01-19 09:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\EVGA
2008-01-19 09:58 . 2006-04-28 15:47 573,440 --a------ C:\WINDOWS\SYSTEM32\nvhwvid.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcodins.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcod.dll
2008-01-19 09:52 . 2008-01-19 09:52 552 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2008-01-18 21:46 . 2008-01-18 21:46 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX37CA.tmp
2008-01-18 20:52 . 2008-01-28 19:24 <DIR> d-------- C:\Program Files\CCleaner
2008-01-16 19:57 . 2008-01-16 19:57 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX13BF.tmp
2008-01-16 19:03 . 2008-01-16 19:03 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXE51.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 01:48 --------- d-----w C:\Program Files\The Learning Company
2008-02-12 00:10 --------- d-----w C:\Program Files\QuickTime
2008-02-12 00:10 --------- d-----w C:\Program Files\iTunes
2008-02-09 18:21 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-07 23:50 --------- d-----w C:\Program Files\DellSupport
2008-01-29 02:50 90,112 ----a-w C:\WINDOWS\UpdReg .EXE
2008-01-29 02:49 431,104 ----a-w C:\WINDOWS\UpdReg.EXE
2008-01-26 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\Weather Studio
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Weather Studio
2008-01-21 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-20 23:21 90,584 ----a-w C:\Documents and Settings\Tony Bown\Application Data\GDIPFONTCACHEV1.DAT
2008-01-19 17:17 --------- d-----w C:\Program Files\Microsoft Games
2008-01-19 06:09 --------- d-----w C:\Program Files\Electronic Arts
2008-01-19 04:02 --------- d-----w C:\Program Files\Activision
2008-01-18 01:34 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Weather Studio
2008-01-15 23:27 --------- d-----w C:\Program Files\Starcraft
2008-01-15 02:56 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\U3
2008-01-14 20:21 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\MSN6
2008-01-10 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-03 23:34 --------- d-----w C:\Program Files\Bethesda Softworks
2008-01-03 23:28 --------- d--h--r C:\Documents and Settings\Tony Bown\Application Data\SecuROM
2007-12-25 20:21 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Apple Computer
2007-12-25 20:11 --------- d-----w C:\Program Files\iPod
2007-12-25 19:59 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:57 --------- d-----w C:\Documents and Settings\Olivia\Application Data\HP
2007-12-25 19:56 --------- d--h--w C:\Documents and Settings\Olivia\Application Data\GTek
2007-12-25 18:37 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-25 18:37 22,328 ----a-w C:\Documents and Settings\Tony Bown\Application Data\PnkBstrK.sys
2004-04-05 07:10 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2004-04-05 06:19 6,262,872 ----a-w C:\Program Files\psa2se_us.exe
.
[code=auto:0]<pre>
----a-w 368,706 2008-01-29 02:50:44 C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w 787,696 2008-01-28 02:51:52 C:\Program Files\CCleaner\CCleaner .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-11 23:05:24 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:13 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:10 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:07 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:06 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:02 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 135,264 2008-01-29 02:50:32 C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w 460,784 2008-02-07 23:51:00 C:\Program Files\DellSupport\DSAgnt .exe
----a-w 49,152 2008-01-29 02:51:02 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w 45,056 2008-01-29 02:51:00 C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX .exe
----a-w 267,048 2008-02-11 23:04:42 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 513,024 2008-02-02 04:34:49 C:\Program Files\McAfee.com\Agent\MC0D97~1 .EXE
----a-w 513,024 2008-02-02 04:40:47 C:\Program Files\McAfee.com\Agent\MC0D97~2 .EXE
----a-w 513,024 2008-02-02 04:48:13 C:\Program Files\McAfee.com\Agent\MC0D97~3 .EXE
----a-w 513,024 2008-02-02 05:41:09 C:\Program Files\McAfee.com\Agent\MC0D97~4 .EXE
----a-w 513,024 2008-02-01 22:50:41 C:\Program Files\McAfee.com\Agent\MC1795~1 .EXE
----a-w 513,024 2008-02-02 02:57:00 C:\Program Files\McAfee.com\Agent\MC1795~2 .EXE
----a-w 513,024 2008-02-02 04:31:05 C:\Program Files\McAfee.com\Agent\MC1795~3 .EXE
----a-w 513,024 2008-02-02 04:33:33 C:\Program Files\McAfee.com\Agent\MC1795~4 .EXE
----a-w 513,024 2008-01-31 00:22:14 C:\Program Files\McAfee.com\Agent\MC1A3F~1 .EXE
----a-w 513,024 2008-01-31 00:30:14 C:\Program Files\McAfee.com\Agent\MC1A3F~2 .EXE
----a-w 513,024 2008-01-31 16:25:35 C:\Program Files\McAfee.com\Agent\MC1A3F~3 .EXE
----a-w 513,024 2008-02-01 03:44:52 C:\Program Files\McAfee.com\Agent\MC1A3F~4 .EXE
----a-w 513,024 2008-02-07 02:01:08 C:\Program Files\McAfee.com\Agent\MC7024~1 .EXE
----a-w 513,024 2008-02-07 02:58:21 C:\Program Files\McAfee.com\Agent\MC7024~2 .EXE
----a-w 513,024 2008-02-07 05:42:25 C:\Program Files\McAfee.com\Agent\MC7024~3 .EXE
----a-w 513,024 2008-02-07 06:13:35 C:\Program Files\McAfee.com\Agent\MC7024~4 .EXE
----a-w 513,024 2008-02-10 23:57:15 C:\Program Files\McAfee.com\Agent\MC7813~1 .EXE
----a-w 513,024 2008-02-11 03:07:46 C:\Program Files\McAfee.com\Agent\MC7813~2 .EXE
----a-w 513,024 2008-02-11 04:16:11 C:\Program Files\McAfee.com\Agent\MC7813~3 .EXE
----a-w 513,024 2008-02-11 06:54:00 C:\Program Files\McAfee.com\Agent\MC7813~4 .EXE
----a-w 513,024 2008-02-09 18:09:22 C:\Program Files\McAfee.com\Agent\MC8811~1 .EXE
----a-w 513,024 2008-02-10 06:41:44 C:\Program Files\McAfee.com\Agent\MC8811~2 .EXE
----a-w 513,024 2008-02-10 16:14:44 C:\Program Files\McAfee.com\Agent\MC8811~3 .EXE
----a-w 513,024 2008-02-10 17:19:31 C:\Program Files\McAfee.com\Agent\MC8811~4 .EXE
----a-w 513,024 2008-02-02 19:42:41 C:\Program Files\McAfee.com\Agent\MC8C1F~1 .EXE
----a-w 513,024 2008-02-03 20:40:18 C:\Program Files\McAfee.com\Agent\MC8C1F~2 .EXE
----a-w 513,024 2008-02-03 22:23:43 C:\Program Files\McAfee.com\Agent\MC8C1F~3 .EXE
----a-w 513,024 2008-02-03 22:38:33 C:\Program Files\McAfee.com\Agent\MC8C1F~4 .EXE
----a-w 513,024 2008-02-08 15:32:16 C:\Program Files\McAfee.com\Agent\MC8F18~1 .EXE
----a-w 513,024 2008-02-09 03:51:22 C:\Program Files\McAfee.com\Agent\MC8F18~2 .EXE
----a-w 513,024 2008-02-09 04:55:29 C:\Program Files\McAfee.com\Agent\MC8F18~3 .EXE
----a-w 513,024 2008-02-09 06:04:50 C:\Program Files\McAfee.com\Agent\MC8F18~4 .EXE
----a-w 513,024 2008-02-03 23:06:06 C:\Program Files\McAfee.com\Agent\MC9890~1 .EXE
----a-w 513,024 2008-02-04 23:40:00 C:\Program Files\McAfee.com\Agent\MC9890~2 .EXE
----a-w 513,024 2008-02-05 01:54:21 C:\Program Files\McAfee.com\Agent\MC9890~3 .EXE
----a-w 513,024 2008-02-05 23:05:57 C:\Program Files\McAfee.com\Agent\MC9890~4 .EXE
----a-w 192,512 2008-01-29 02:50:22 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 513,024 2008-02-06 19:17:45 C:\Program Files\McAfee.com\Agent\MCF024~1 .EXE
----a-w 513,024 2008-02-06 23:25:08 C:\Program Files\McAfee.com\Agent\MCF024~2 .EXE
----a-w 513,024 2008-02-07 01:51:50 C:\Program Files\McAfee.com\Agent\MCF024~3 .EXE
----a-w 513,024 2008-02-07 01:55:28 C:\Program Files\McAfee.com\Agent\MCF024~4 .EXE
----a-w 513,024 2008-02-11 23:04:19 C:\Program Files\McAfee.com\Agent\MCF71D~1 .EXE
----a-w 513,024 2008-02-12 00:10:58 C:\Program Files\McAfee.com\Agent\MCF71D~2 .EXE
----a-w 513,024 2008-02-07 23:28:55 C:\Program Files\McAfee.com\Agent\MCF814~1 .EXE
----a-w 513,024 2008-02-07 23:50:05 C:\Program Files\McAfee.com\Agent\MCF814~2 .EXE
----a-w 513,024 2008-02-08 00:28:04 C:\Program Files\McAfee.com\Agent\MCF814~3 .EXE
----a-w 513,024 2008-02-08 00:51:02 C:\Program Files\McAfee.com\Agent\MCF814~4 .EXE
----a-w 513,024 2008-01-29 03:06:03 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 513,024 2008-01-30 00:13:44 C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w 513,024 2008-01-30 02:17:05 C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w 513,024 2008-01-30 06:15:36 C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w 513,024 2008-01-30 21:23:54 C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
----a-w 139,264 2008-01-29 02:50:39 C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w 1,670,144 2008-02-11 23:06:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 241,714 2008-01-29 02:50:15 C:\Program Files\Microsoft Money\System\Activation .exe
----a-w 652,288 2008-02-12 00:10:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 23:04:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 06:54:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 04:16:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 03:07:48 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 23:57:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 17:19:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 16:14:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 06:41:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 18:09:24 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 06:04:53 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 04:55:32 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 03:51:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 15:32:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:51:03 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:28:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:50:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:28:56 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 06:13:35 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 05:42:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:58:23 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:01:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:55:30 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:51:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 23:25:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 19:17:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 23:05:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 01:54:22 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 23:06:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:38:36 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:23:44 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 20:40:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 19:42:42 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 05:41:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:48:15 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:40:50 C:&#
  • 0

#6
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Forget about the one above here is half of combofix log


ComboFix 08-02-14.2 - Tony Bown 2008-02-16 8:06:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.228 [GMT -8:00]
Running from: C:\Documents and Settings\Tony Bown\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\xqgcjyrh.dll
C:\Autorun.inf
C:\Documents and Settings\Olivia\Application Data\FunWebProducts
C:\Documents and Settings\Olivia\Application Data\FunWebProducts\Data\Olivia\avatar.dat
C:\Documents and Settings\Olivia\Application Data\FunWebProducts\Data\Olivia\register.dat
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\00040125
C:\Program Files\MyWebSearch\bar\Cache\0006F474
C:\Program Files\MyWebSearch\bar\Cache\00113025.bin
C:\Program Files\MyWebSearch\bar\Cache\0011340D.bin
C:\Program Files\MyWebSearch\bar\Cache\0011366E.bin
C:\Program Files\MyWebSearch\bar\Cache\00113882.bin
C:\Program Files\MyWebSearch\bar\Cache\00113B70.bin
C:\Program Files\MyWebSearch\bar\Cache\001387E0
C:\Program Files\MyWebSearch\bar\Cache\00157A2B
C:\Program Files\MyWebSearch\bar\Cache\00CB83F9.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8801.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8A23.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8C75.bin
C:\Program Files\MyWebSearch\bar\Cache\00CB8EE6.bin
C:\Program Files\MyWebSearch\bar\Cache\0116526D.bin
C:\Program Files\MyWebSearch\bar\Cache\0116554B.bin
C:\Program Files\MyWebSearch\bar\Cache\0116578D.bin
C:\Program Files\MyWebSearch\bar\Cache\0116648E
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\xpreload.ocx
C:\WINDOWS\smbols~1
C:\WINDOWS\smbols~1\mshta .exe
C:\WINDOWS\smbols~1\mshta.exe
C:\WINDOWS\smbols~1\s?mbols\
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\b3\timedrdll2.exe
C:\WINDOWS\SYSTEM32\bbsynqbc.ini
C:\WINDOWS\SYSTEM32\cbsdpoht.ini
C:\WINDOWS\SYSTEM32\cbsdpoht.ini2
C:\WINDOWS\SYSTEM32\cbsdpoht.tmp
C:\WINDOWS\system32\cuacfjuy.dll
C:\WINDOWS\system32\e9
C:\WINDOWS\system32\e9\farstadcom2.exe
C:\WINDOWS\SYSTEM32\ehhkj.ini
C:\WINDOWS\SYSTEM32\ehhkj.ini2
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\iifefee.dll
C:\WINDOWS\system32\imxjyroj.dll
C:\WINDOWS\system32\ionteypj.dll
C:\WINDOWS\SYSTEM32\iyeiajvt.ini
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jklyscyy.dll
C:\WINDOWS\system32\kalkmglu.dll
C:\WINDOWS\system32\kkdfprnc.dll
C:\WINDOWS\SYSTEM32\kkvtynew.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\nwwcdruw.ini
C:\WINDOWS\system32\nyubaige.dll
C:\WINDOWS\SYSTEM32\omiewslt.ini
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\phuytunb.ini
C:\WINDOWS\system32\RCX10.tmp
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCX12.tmp
C:\WINDOWS\system32\RCX98.tmp
C:\WINDOWS\system32\RCXA.tmp
C:\WINDOWS\system32\RCXD.tmp
C:\WINDOWS\system32\RCXE.tmp
C:\WINDOWS\system32\RCXF.tmp
C:\WINDOWS\system32\t8
C:\WINDOWS\SYSTEM32\uiyimwyw.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wnsintisv.exe
C:\WINDOWS\system32\wyklujgo.dll
C:\WINDOWS\system32\xqgcjyrh.dll
C:\WINDOWS\system32\xqgcjyrh.dllbox
C:\WINDOWS\SYSTEM32\ymwytcbf.ini
C:\WINDOWS\SYSTEM32\yujfcauc.ini
C:\WINDOWS\SYSTEM32\yycsylkj.ini
C:\Program Files\MyWebSearch

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 17:20 . 2008-02-15 18:00 834 --ahs---- C:\WINDOWS\SYSTEM32\ewujrlkp.ini
2008-02-14 19:20 . 2008-02-15 17:14 714 --ahs---- C:\WINDOWS\SYSTEM32\niykgeum.ini
2008-02-13 17:30 . 2008-02-13 17:30 <DIR> d-------- C:\Program Files\Google
2008-02-12 18:32 . 2008-02-13 18:33 954 --ahs---- C:\WINDOWS\SYSTEM32\amkrkcny.ini
2008-02-12 17:48 . 2008-02-12 17:48 3,584 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-12 17:18 . 2008-02-12 17:18 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Lavasoft
2008-02-11 21:38 . 2008-02-11 21:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 21:37 . 2008-02-11 21:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 21:37 . 2008-02-11 21:37 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-11 16:42 . 2008-02-12 18:20 <DIR> d-------- C:\VundoFix Backups
2008-02-11 15:28 . 2008-02-11 15:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-10 20:21 . 2008-02-09 22:05 8,033 --a------ C:\Copy of posFFBA.tmp
2008-02-10 09:20 . 2008-02-10 09:20 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX81C.tmp
2008-02-09 15:47 . 2008-02-10 16:00 2,058,470 --ahs---- C:\WINDOWS\SYSTEM32\siebwnse.ini
2008-02-08 22:05 . 2008-02-08 22:05 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX81F.tmp
2008-02-08 15:48 . 2008-02-09 14:17 2,135,766 --ahs---- C:\WINDOWS\SYSTEM32\mqrpuqmr.ini
2008-02-08 07:32 . 2008-02-08 07:32 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX7AF.tmp
2008-02-07 16:51 . 2008-02-07 16:51 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXF30F.tmp
2008-02-07 15:47 . 2008-02-08 15:47 2,151,640 --ahs---- C:\WINDOWS\SYSTEM32\lhecngkw.ini
2008-02-07 15:29 . 2008-02-07 15:29 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX2DC.tmp
2008-02-06 17:10 . 2008-02-11 16:11 <DIR> d-------- C:\Program Files\Common Files\ErrClean
2008-02-06 17:10 . 2008-02-06 17:10 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\errclean
2008-02-05 15:44 . 2008-02-05 15:44 90,688 --a------ C:\WINDOWS\SYSTEM32\tlsweimo.dll
2008-02-02 16:34 . 2008-02-02 16:34 <DIR> d-------- C:\Documents and Settings\Olivia\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 19:54 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-29 17:03 . 2004-03-29 17:48 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2008-01-29 17:03 . 2004-03-10 09:59 593,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\xpsp2res.dll
2008-01-29 17:03 . 2004-03-29 17:48 548,352 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2008-01-29 17:03 . 2004-03-29 17:48 439,808 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2008-01-29 17:03 . 2004-03-29 17:48 253,440 --a------ C:\WINDOWS\SYSTEM32\h323.tsp
2008-01-29 17:03 . 2004-03-29 17:48 40,960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\evtgprov.dll
2008-01-29 16:27 . 2008-02-15 18:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 19:08 . 2008-01-28 19:41 24,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\7584C502-07D0-40F9-815D-9CAE81D4C442.cxv
2008-01-28 19:02 . 2008-01-28 19:04 2,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\F829505C-F3B2-477B-8B10-8A550DA3EB78.cxv
2008-01-28 18:58 . 2008-01-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-28 17:21 . 2008-01-28 17:21 <DIR> d---s---- C:\Documents and Settings\Olivia\UserData
2008-01-27 10:02 . 2008-01-27 10:02 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX1B6C.tmp
2008-01-26 12:03 . 2008-01-26 12:03 <DIR> d-------- C:\Program Files\Atari
2008-01-26 09:53 . 2008-01-26 09:53 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXAFE.tmp
2008-01-23 18:27 . 2008-02-14 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 14:51 . 2008-01-20 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-20 14:38 . 2008-01-20 14:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-20 13:58 . 2008-01-20 13:58 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX1427.tmp
2008-01-19 12:07 . 2008-01-19 12:07 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 09:59 . 2005-06-24 17:05 16,958 --a------ C:\WINDOWS\SYSTEM32\evga.ico
2008-01-19 09:58 . 2008-01-19 09:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\EVGA
2008-01-19 09:58 . 2006-04-28 15:47 573,440 --a------ C:\WINDOWS\SYSTEM32\nvhwvid.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcodins.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcod.dll
2008-01-19 09:52 . 2008-01-19 09:52 552 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2008-01-18 21:46 . 2008-01-18 21:46 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX37CA.tmp
2008-01-18 20:52 . 2008-01-28 19:24 <DIR> d-------- C:\Program Files\CCleaner
2008-01-16 19:57 . 2008-01-16 19:57 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX13BF.tmp
2008-01-16 19:03 . 2008-01-16 19:03 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXE51.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 01:48 --------- d-----w C:\Program Files\The Learning Company
2008-02-12 00:10 --------- d-----w C:\Program Files\QuickTime
2008-02-12 00:10 --------- d-----w C:\Program Files\iTunes
2008-02-09 18:21 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-07 23:50 --------- d-----w C:\Program Files\DellSupport
2008-01-29 02:50 90,112 ----a-w C:\WINDOWS\UpdReg .EXE
2008-01-29 02:49 431,104 ----a-w C:\WINDOWS\UpdReg.EXE
2008-01-26 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\Weather Studio
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Weather Studio
2008-01-21 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-20 23:21 90,584 ----a-w C:\Documents and Settings\Tony Bown\Application Data\GDIPFONTCACHEV1.DAT
2008-01-19 17:17 --------- d-----w C:\Program Files\Microsoft Games
2008-01-19 06:09 --------- d-----w C:\Program Files\Electronic Arts
2008-01-19 04:02 --------- d-----w C:\Program Files\Activision
2008-01-18 01:34 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Weather Studio
2008-01-15 23:27 --------- d-----w C:\Program Files\Starcraft
2008-01-15 02:56 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\U3
2008-01-14 20:21 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\MSN6
2008-01-10 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-03 23:34 --------- d-----w C:\Program Files\Bethesda Softworks
2008-01-03 23:28 --------- d--h--r C:\Documents and Settings\Tony Bown\Application Data\SecuROM
2007-12-25 20:21 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Apple Computer
2007-12-25 20:11 --------- d-----w C:\Program Files\iPod
2007-12-25 19:59 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:57 --------- d-----w C:\Documents and Settings\Olivia\Application Data\HP
2007-12-25 19:56 --------- d--h--w C:\Documents and Settings\Olivia\Application Data\GTek
2007-12-25 18:37 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-25 18:37 22,328 ----a-w C:\Documents and Settings\Tony Bown\Application Data\PnkBstrK.sys
2004-04-05 07:10 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2004-04-05 06:19 6,262,872 ----a-w C:\Program Files\psa2se_us.exe
  • 0

#7
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
here is the other half

.
[code=auto:0]<pre>
----a-w 368,706 2008-01-29 02:50:44 C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w 787,696 2008-01-28 02:51:52 C:\Program Files\CCleaner\CCleaner .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-11 23:05:24 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:13 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:10 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:07 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:06 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:02 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 135,264 2008-01-29 02:50:32 C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w 460,784 2008-02-07 23:51:00 C:\Program Files\DellSupport\DSAgnt .exe
----a-w 49,152 2008-01-29 02:51:02 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w 45,056 2008-01-29 02:51:00 C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX .exe
----a-w 267,048 2008-02-11 23:04:42 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 513,024 2008-02-02 04:34:49 C:\Program Files\McAfee.com\Agent\MC0D97~1 .EXE
----a-w 513,024 2008-02-02 04:40:47 C:\Program Files\McAfee.com\Agent\MC0D97~2 .EXE
----a-w 513,024 2008-02-02 04:48:13 C:\Program Files\McAfee.com\Agent\MC0D97~3 .EXE
----a-w 513,024 2008-02-02 05:41:09 C:\Program Files\McAfee.com\Agent\MC0D97~4 .EXE
----a-w 513,024 2008-02-01 22:50:41 C:\Program Files\McAfee.com\Agent\MC1795~1 .EXE
----a-w 513,024 2008-02-02 02:57:00 C:\Program Files\McAfee.com\Agent\MC1795~2 .EXE
----a-w 513,024 2008-02-02 04:31:05 C:\Program Files\McAfee.com\Agent\MC1795~3 .EXE
----a-w 513,024 2008-02-02 04:33:33 C:\Program Files\McAfee.com\Agent\MC1795~4 .EXE
----a-w 513,024 2008-01-31 00:22:14 C:\Program Files\McAfee.com\Agent\MC1A3F~1 .EXE
----a-w 513,024 2008-01-31 00:30:14 C:\Program Files\McAfee.com\Agent\MC1A3F~2 .EXE
----a-w 513,024 2008-01-31 16:25:35 C:\Program Files\McAfee.com\Agent\MC1A3F~3 .EXE
----a-w 513,024 2008-02-01 03:44:52 C:\Program Files\McAfee.com\Agent\MC1A3F~4 .EXE
----a-w 513,024 2008-02-07 02:01:08 C:\Program Files\McAfee.com\Agent\MC7024~1 .EXE
----a-w 513,024 2008-02-07 02:58:21 C:\Program Files\McAfee.com\Agent\MC7024~2 .EXE
----a-w 513,024 2008-02-07 05:42:25 C:\Program Files\McAfee.com\Agent\MC7024~3 .EXE
----a-w 513,024 2008-02-07 06:13:35 C:\Program Files\McAfee.com\Agent\MC7024~4 .EXE
----a-w 513,024 2008-02-10 23:57:15 C:\Program Files\McAfee.com\Agent\MC7813~1 .EXE
----a-w 513,024 2008-02-11 03:07:46 C:\Program Files\McAfee.com\Agent\MC7813~2 .EXE
----a-w 513,024 2008-02-11 04:16:11 C:\Program Files\McAfee.com\Agent\MC7813~3 .EXE
----a-w 513,024 2008-02-11 06:54:00 C:\Program Files\McAfee.com\Agent\MC7813~4 .EXE
----a-w 513,024 2008-02-09 18:09:22 C:\Program Files\McAfee.com\Agent\MC8811~1 .EXE
----a-w 513,024 2008-02-10 06:41:44 C:\Program Files\McAfee.com\Agent\MC8811~2 .EXE
----a-w 513,024 2008-02-10 16:14:44 C:\Program Files\McAfee.com\Agent\MC8811~3 .EXE
----a-w 513,024 2008-02-10 17:19:31 C:\Program Files\McAfee.com\Agent\MC8811~4 .EXE
----a-w 513,024 2008-02-02 19:42:41 C:\Program Files\McAfee.com\Agent\MC8C1F~1 .EXE
----a-w 513,024 2008-02-03 20:40:18 C:\Program Files\McAfee.com\Agent\MC8C1F~2 .EXE
----a-w 513,024 2008-02-03 22:23:43 C:\Program Files\McAfee.com\Agent\MC8C1F~3 .EXE
----a-w 513,024 2008-02-03 22:38:33 C:\Program Files\McAfee.com\Agent\MC8C1F~4 .EXE
----a-w 513,024 2008-02-08 15:32:16 C:\Program Files\McAfee.com\Agent\MC8F18~1 .EXE
----a-w 513,024 2008-02-09 03:51:22 C:\Program Files\McAfee.com\Agent\MC8F18~2 .EXE
----a-w 513,024 2008-02-09 04:55:29 C:\Program Files\McAfee.com\Agent\MC8F18~3 .EXE
----a-w 513,024 2008-02-09 06:04:50 C:\Program Files\McAfee.com\Agent\MC8F18~4 .EXE
----a-w 513,024 2008-02-03 23:06:06 C:\Program Files\McAfee.com\Agent\MC9890~1 .EXE
----a-w 513,024 2008-02-04 23:40:00 C:\Program Files\McAfee.com\Agent\MC9890~2 .EXE
----a-w 513,024 2008-02-05 01:54:21 C:\Program Files\McAfee.com\Agent\MC9890~3 .EXE
----a-w 513,024 2008-02-05 23:05:57 C:\Program Files\McAfee.com\Agent\MC9890~4 .EXE
----a-w 192,512 2008-01-29 02:50:22 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 513,024 2008-02-06 19:17:45 C:\Program Files\McAfee.com\Agent\MCF024~1 .EXE
----a-w 513,024 2008-02-06 23:25:08 C:\Program Files\McAfee.com\Agent\MCF024~2 .EXE
----a-w 513,024 2008-02-07 01:51:50 C:\Program Files\McAfee.com\Agent\MCF024~3 .EXE
----a-w 513,024 2008-02-07 01:55:28 C:\Program Files\McAfee.com\Agent\MCF024~4 .EXE
----a-w 513,024 2008-02-11 23:04:19 C:\Program Files\McAfee.com\Agent\MCF71D~1 .EXE
----a-w 513,024 2008-02-12 00:10:58 C:\Program Files\McAfee.com\Agent\MCF71D~2 .EXE
----a-w 513,024 2008-02-07 23:28:55 C:\Program Files\McAfee.com\Agent\MCF814~1 .EXE
----a-w 513,024 2008-02-07 23:50:05 C:\Program Files\McAfee.com\Agent\MCF814~2 .EXE
----a-w 513,024 2008-02-08 00:28:04 C:\Program Files\McAfee.com\Agent\MCF814~3 .EXE
----a-w 513,024 2008-02-08 00:51:02 C:\Program Files\McAfee.com\Agent\MCF814~4 .EXE
----a-w 513,024 2008-01-29 03:06:03 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 513,024 2008-01-30 00:13:44 C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w 513,024 2008-01-30 02:17:05 C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w 513,024 2008-01-30 06:15:36 C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w 513,024 2008-01-30 21:23:54 C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
----a-w 139,264 2008-01-29 02:50:39 C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w 1,670,144 2008-02-11 23:06:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 241,714 2008-01-29 02:50:15 C:\Program Files\Microsoft Money\System\Activation .exe
----a-w 652,288 2008-02-12 00:10:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 23:04:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 06:54:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 04:16:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 03:07:48 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 23:57:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 17:19:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 16:14:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 06:41:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 18:09:24 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 06:04:53 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 04:55:32 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 03:51:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 15:32:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:51:03 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:28:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:50:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:28:56 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 06:13:35 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 05:42:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:58:23 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:01:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:55:30 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:51:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 23:25:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 19:17:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 23:05:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 01:54:22 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 23:06:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:38:36 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:23:44 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 20:40:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 19:42:42 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 05:41:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:48:15 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:40:50 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:34:49 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:33:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:31:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 02:57:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-01 22:50:43 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-01 03:44:54 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 16:25:37 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 00:30:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 00:22:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 21:23:57 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 06:15:38 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 02:17:08 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 00:13:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 03:06:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 02:49:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 01:39:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 01:31:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 02:15:31 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 00:53:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 00:02:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-27 18:02:11 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 18:45:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 17:53:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 05:50:14 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 04:32:19 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 04:07:25 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-25 05:42:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-25 04:42:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 05:22:52 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 05:13:32 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 04:45:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 03:23:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 03:02:31 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 02:19:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-23 01:54:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 16:58:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 15:22:09 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 06:50:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 22:40:00 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 22:19:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 21:59:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 21:44:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 17:31:18 C:\Program Files\QuickTime\qttask &nb
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
After that part is more can you post the rest from the above on please.
  • 0

#9
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
sorry here it is

----a-w 652,288 2008-01-23 01:54:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 16:58:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 15:22:09 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 06:50:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 22:40:00 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 22:19:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 21:59:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 21:44:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 17:31:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 03:27:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 23:32:53 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 22:11:00 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 22:03:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:57:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:19:39 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:14:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:00:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 18:40:11 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 04:54:17 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 20:58:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 20:04:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 18:51:30 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 18:07:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 05:57:22 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 05:45:55 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 04:06:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 03:45:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 03:27:13 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 02:37:43 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 01:09:34 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 15:15:23 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 04:58:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:33:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:25:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:00:56 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 14:50:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 05:02:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 03:57:14 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 03:02:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 01:35:13 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 15:55:40 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 15:18:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 05:50:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 04:48:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 15:23:48 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 07:11:44 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 07:03:16 C:\Program Files\QuickTime\qttask .exe
----a-w 26,112 2008-01-29 02:50:23 C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w 679,936 2008-01-29 02:50:35 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w 380,928 2008-01-29 02:50:50 C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w 57,344 2008-01-29 02:50:48 C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w 90,112 2008-01-29 02:50:10 C:\WINDOWS\UpdReg .EXE
----a-w 145,408 2008-02-07 23:39:06 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 28,672 2008-01-29 02:50:12 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 174,592 2008-01-29 02:49:18 C:\WINDOWS\SYSTEM32\lexpps .exe
----a-w 406,016 2008-01-29 02:50:40 C:\WINDOWS\SYSTEM32\PSDrvCheck .exe
</pre>[/code]


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{785CED62-39E7-412E-900B-671549848F75}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)

R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\System32\drivers\bender.sys [2003-09-25 11:19]
R3 HPFXBULK;HPFXBULK;C:\WINDOWS\System32\drivers\hpfxbulk.sys [2005-09-20 02:22]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 09:30]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 09:29]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 18:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-09-28 03:10:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1064718538.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2003-02-28 04:50:33 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-02-16 16:18:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Alex).job"
- C:\PROGRA~1\McAfee.com\Agent\MCF814~4 .EX
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 16:20:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Olivia).job"
- C:\PROGRA~1\McAfee.com\Agent\MC9890~2 .EX
- C:\PROGRA~1\McAfee.com\Agent.OliviaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-02-16 16:19:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\MCF71D~2 .EX
- C:\PROGRA~1\McAfee.com\Agen
"2008-02-16 16:20:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DD6RTF21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 16:17:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONY-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agen
"2008-02-16 16:18:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Alex).job"
- C:\PROGRA~1\McAfee.com\Agent\MCUPDA~1 .EX
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 16:20:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-bla).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 16:21:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Brennan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 16:17:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Garrett).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 16:20:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Olivia).job"
- C:\PROGRA~1\McAfee.com\Agent\McUpdate .ex
- C:\PROGRA~1\McAfee.com\Agent.OliviaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-02-16 16:19:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\McUpdate .ex
- C:\PROGRA~1\McAfee.com\Agen
"2007-03-07 17:56:26 C:\WINDOWS\Tasks\WebReg ENU.job"
- c:\program files\hewlett-packard\digital imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 08:18:58
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
.
**************************************************************************
.
Completion time: 2008-02-16 8:21:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 16:21:30
.
2008-02-02 04:44:03 --- E O F ---
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::C:\WINDOWS\SYSTEM32\ewujrlkp.iniC:\WINDOWS\SYSTEM32\niykgeum.iniC:\WINDOWS\SYSTEM32\amkrkcny.iniC:\Copy of posFFBA.tmpC:\WINDOWS\SYSTEM32\RCX81C.tmpC:\WINDOWS\SYSTEM32\siebwnse.iniC:\WINDOWS\SYSTEM32\RCX81F.tmpC:\WINDOWS\SYSTEM32\mqrpuqmr.iniC:\WINDOWS\SYSTEM32\RCX7AF.tmpC:\WINDOWS\SYSTEM32\RCXF30F.tmpC:\WINDOWS\SYSTEM32\lhecngkw.iniC:\WINDOWS\SYSTEM32\RCX2DC.tmpC:\WINDOWS\SYSTEM32\tlsweimo.dllC:\WINDOWS\SYSTEM32\DRIVERS\7584C502-07D0-40F9-815D-9CAE81D4C442.cxvC:\WINDOWS\SYSTEM32\DRIVERS\F829505C-F3B2-477B-8B10-8A550DA3EB78.cxvC:\WINDOWS\SYSTEM32\RCX1B6C.tmpC:\WINDOWS\SYSTEM32\RCXAFE.tmpC:\WINDOWS\SYSTEM32\RCX1427.tmpC:\WINDOWS\SYSTEM32\RCX37CA.tmpC:\WINDOWS\SYSTEM32\RCX13BF.tmpC:\WINDOWS\SYSTEM32\RCXE51.tmpFolder::C:\Program Files\Common Files\ErrCleanC:\Documents and Settings\All Users\Application Data\errcleanC:\WINDOWS\System32\windows RenV::C:\Program Files\BroadJump\Client Foundation\CFD .exeC:\Program Files\CCleaner\CCleaner  .exeC:\Program Files\Creative\SBLive\Diagnostics\diagent .exeC:\Program Files\DellSupport\DSAgnt .exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exeC:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX .exeC:\Program Files\iTunes\iTunesHelper .exeC:\Program Files\McAfee.com\Agent\MC0D97~1 .EXEC:\Program Files\McAfee.com\Agent\MC0D97~2 .EXEC:\Program Files\McAfee.com\Agent\MC0D97~3 .EXEC:\Program Files\McAfee.com\Agent\MC0D97~4 .EXEC:\Program Files\McAfee.com\Agent\MC1795~1 .EXEC:\Program Files\McAfee.com\Agent\MC1795~2 .EXEC:\Program Files\McAfee.com\Agent\MC1795~3 .EXEC:\Program Files\McAfee.com\Agent\MC1795~4 .EXEC:\Program Files\McAfee.com\Agent\MC1A3F~1 .EXEC:\Program Files\McAfee.com\Agent\MC1A3F~2 .EXEC:\Program Files\McAfee.com\Agent\MC1A3F~3 .EXEC:\Program Files\McAfee.com\Agent\MC1A3F~4 .EXEC:\Program Files\McAfee.com\Agent\MC7024~1 .EXEC:\Program Files\McAfee.com\Agent\MC7024~2 .EXEC:\Program Files\McAfee.com\Agent\MC7024~3 .EXEC:\Program Files\McAfee.com\Agent\MC7024~4 .EXEC:\Program Files\McAfee.com\Agent\MC7813~1 .EXEC:\Program Files\McAfee.com\Agent\MC7813~2 .EXEC:\Program Files\McAfee.com\Agent\MC7813~3 .EXEC:\Program Files\McAfee.com\Agent\MC7813~4 .EXEC:\Program Files\McAfee.com\Agent\MC8811~1 .EXEC:\Program Files\McAfee.com\Agent\MC8811~2 .EXEC:\Program Files\McAfee.com\Agent\MC8811~3 .EXEC:\Program Files\McAfee.com\Agent\MC8811~4 .EXEC:\Program Files\McAfee.com\Agent\MC8C1F~1 .EXEC:\Program Files\McAfee.com\Agent\MC8C1F~2 .EXEC:\Program Files\McAfee.com\Agent\MC8C1F~3 .EXEC:\Program Files\McAfee.com\Agent\MC8C1F~4 .EXEC:\Program Files\McAfee.com\Agent\MC8F18~1 .EXEC:\Program Files\McAfee.com\Agent\MC8F18~2 .EXEC:\Program Files\McAfee.com\Agent\MC8F18~3 .EXEC:\Program Files\McAfee.com\Agent\MC8F18~4 .EXEC:\Program Files\McAfee.com\Agent\MC9890~1 .EXEC:\Program Files\McAfee.com\Agent\MC9890~2 .EXEC:\Program Files\McAfee.com\Agent\MC9890~3 .EXEC:\Program Files\McAfee.com\Agent\MC9890~4 .EXEC:\Program Files\McAfee.com\Agent\mcagent .exeC:\Program Files\McAfee.com\Agent\MCF024~1 .EXEC:\Program Files\McAfee.com\Agent\MCF024~2 .EXEC:\Program Files\McAfee.com\Agent\MCF024~3 .EXEC:\Program Files\McAfee.com\Agent\MCF024~4 .EXEC:\Program Files\McAfee.com\Agent\MCF71D~1 .EXEC:\Program Files\McAfee.com\Agent\MCF71D~2 .EXEC:\Program Files\McAfee.com\Agent\MCF814~1 .EXEC:\Program Files\McAfee.com\Agent\MCF814~2 .EXEC:\Program Files\McAfee.com\Agent\MCF814~3 .EXEC:\Program Files\McAfee.com\Agent\MCF814~4 .EXEC:\Program Files\McAfee.com\Agent\McUpdate .exeC:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXEC:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXEC:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXEC:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXEC:\Program Files\McAfee.com\VSO\mcvsshld .exeC:\Program Files\Messenger\msmsgs .exeC:\Program Files\Microsoft Money\System\Activation .exeC:\Program Files\QuickTime\qttask                                                                                                                     .exeC:\Program Files\QuickTime\qttask                                                                                                                    .exeC:\Program Files\QuickTime\qttask                                                                                                                   .exeC:\Program Files\QuickTime\qttask                                                                                                                  .exeC:\Program Files\QuickTime\qttask                                                                                                                 .exeC:\Program Files\QuickTime\qttask                                                                                                                .exeC:\Program Files\QuickTime\qttask                                                                                                               .exeC:\Program Files\QuickTime\qttask                                                                                                              .exeC:\Program Files\QuickTime\qttask                                                                                                             .exeC:\Program Files\QuickTime\qttask                                                                                                            .exeC:\Program Files\QuickTime\qttask                                                                                                           .exeC:\Program Files\QuickTime\qttask                                                                                                          .exeC:\Program Files\QuickTime\qttask                                                                                                         .exeC:\Program Files\QuickTime\qttask                                                                                                        .exeC:\Program Files\QuickTime\qttask                                                                                                       .exeC:\Program Files\QuickTime\qttask                                                                                                      .exeC:\Program Files\QuickTime\qttask                                                                                                     .exeC:\Program Files\QuickTime\qttask                                                                                                    .exeC:\Program Files\QuickTime\qttask                                                                                                   .exeC:\Program Files\QuickTime\qttask                                                                                                  .exeC:\Program Files\QuickTime\qttask                                                                                                 .exeC:\Program Files\QuickTime\qttask                                                                                                .exeC:\Program Files\QuickTime\qttask                                                                                               .exeC:\Program Files\QuickTime\qttask                                                                                              .exeC:\Program Files\QuickTime\qttask                                                                                             .exeC:\Program Files\QuickTime\qttask                                                                                            .exeC:\Program Files\QuickTime\qttask                                                                                           .exeC:\Program Files\QuickTime\qttask                                                                                          .exeC:\Program Files\QuickTime\qttask                                                                                         .exeC:\Program Files\QuickTime\qttask                                                                                        .exeC:\Program Files\QuickTime\qttask                                                                                       .exeC:\Program Files\QuickTime\qttask                                                                                      .exeC:\Program Files\QuickTime\qttask                                                                                     .exeC:\Program Files\QuickTime\qttask                                                                                    .exeC:\Program Files\QuickTime\qttask                                                                                   .exeC:\Program Files\QuickTime\qttask                                                                                  .exeC:\Program Files\QuickTime\qttask                                                                                 .exeC:\Program Files\QuickTime\qttask                                                                                .exeC:\Program Files\QuickTime\qttask                                                                               .exeC:\Program Files\QuickTime\qttask                                                                              .exeC:\Program Files\QuickTime\qttask                                                                             .exeC:\Program Files\QuickTime\qttask                                                                            .exeC:\Program Files\QuickTime\qttask                                                                           .exeC:\Program Files\QuickTime\qttask                                                                          .exeC:\Program Files\QuickTime\qttask                                                                         .exeC:\Program Files\QuickTime\qttask                                                                        .exeC:\Program Files\QuickTime\qttask                                                                       .exeC:\Program Files\QuickTime\qttask                                                                      .exeC:\Program Files\QuickTime\qttask                                                                     .exeC:\Program Files\QuickTime\qttask                                                                    .exeC:\Program Files\QuickTime\qttask                                                                   .exeC:\Program Files\QuickTime\qttask                                                                  .exeC:\Program Files\QuickTime\qttask                                                                 .exeC:\Program Files\QuickTime\qttask                                                                .exeC:\Program Files\QuickTime\qttask                                                               .exeC:\Program Files\QuickTime\qttask                                                              .exeC:\Program Files\QuickTime\qttask                                                             .exeC:\Program Files\QuickTime\qttask                                                            .exeC:\Program Files\QuickTime\qttask                                                           .exeC:\Program Files\QuickTime\qttask                                                          .exeC:\Program Files\QuickTime\qttask                                                         .exeC:\Program Files\QuickTime\qttask                                                        .exeC:\Program Files\QuickTime\qttask                                                       .exeC:\Program Files\QuickTime\qttask                                                      .exeC:\Program Files\QuickTime\qttask                                                     .exeC:\Program Files\QuickTime\qttask                                                    .exeC:\Program Files\QuickTime\qttask                                                   .exeC:\Program Files\QuickTime\qttask                                                  .exeC:\Program Files\QuickTime\qttask                                                 .exeC:\Program Files\QuickTime\qttask                                                .exeC:\Program Files\QuickTime\qttask                                               .exeC:\Program Files\QuickTime\qttask                                              .exeC:\Program Files\QuickTime\qttask                                             .exeC:\Program Files\QuickTime\qttask                                            .exeC:\Program Files\QuickTime\qttask                                           .exeC:\Program Files\QuickTime\qttask                                          .exeC:\Program Files\QuickTime\qttask                                         .exeC:\Program Files\QuickTime\qttask                                        .exeC:\Program Files\QuickTime\qttask                                       .exeC:\Program Files\Real\RealPlayer\RealPlay .exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exeC:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exeC:\Program Files\Yahoo!\browser\ybrwicon .exeC:\WINDOWS\UpdReg .EXEC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exeC:\WINDOWS\SYSTEM32\DSentry .exeC:\WINDOWS\SYSTEM32\lexpps .exeC:\WINDOWS\SYSTEM32\PSDrvCheck .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{785CED62-39E7-412E-900B-671549848F75}]Driver::Microsoft cache control


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements


#11
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
here is hiJackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:30 PM, on 2/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tony Bown\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {785CED62-39E7-412E-900B-671549848F75} - \
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm027YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...23.9/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlon...2ie06011811.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7722 bytes
  • 0

#12
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
here is part 1 of combofix

ComboFix 08-02-14.2 - Tony Bown 2008-02-16 12:23:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.285 [GMT -8:00]
Running from: C:\Documents and Settings\Tony Bown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tony Bown\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 17:20 . 2008-02-15 18:00 834 --ahs---- C:\WINDOWS\SYSTEM32\ewujrlkp.ini
2008-02-14 19:20 . 2008-02-15 17:14 714 --ahs---- C:\WINDOWS\SYSTEM32\niykgeum.ini
2008-02-13 17:30 . 2008-02-13 17:30 <DIR> d-------- C:\Program Files\Google
2008-02-12 18:32 . 2008-02-13 18:33 954 --ahs---- C:\WINDOWS\SYSTEM32\amkrkcny.ini
2008-02-12 17:48 . 2008-02-12 17:48 3,584 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-12 17:18 . 2008-02-12 17:18 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Lavasoft
2008-02-11 21:38 . 2008-02-11 21:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 21:37 . 2008-02-11 21:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 21:37 . 2008-02-11 21:37 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-11 16:42 . 2008-02-12 18:20 <DIR> d-------- C:\VundoFix Backups
2008-02-11 15:28 . 2008-02-11 15:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-10 09:20 . 2008-02-10 09:20 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX81C.tmp
2008-02-09 15:47 . 2008-02-10 16:00 2,058,470 --ahs---- C:\WINDOWS\SYSTEM32\siebwnse.ini
2008-02-08 22:05 . 2008-02-08 22:05 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX81F.tmp
2008-02-08 15:48 . 2008-02-09 14:17 2,135,766 --ahs---- C:\WINDOWS\SYSTEM32\mqrpuqmr.ini
2008-02-08 07:32 . 2008-02-08 07:32 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX7AF.tmp
2008-02-07 16:51 . 2008-02-07 16:51 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXF30F.tmp
2008-02-07 15:47 . 2008-02-08 15:47 2,151,640 --ahs---- C:\WINDOWS\SYSTEM32\lhecngkw.ini
2008-02-07 15:29 . 2008-02-07 15:29 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX2DC.tmp
2008-02-06 17:10 . 2008-02-11 16:11 <DIR> d-------- C:\Program Files\Common Files\ErrClean
2008-02-06 17:10 . 2008-02-06 17:10 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\errclean
2008-02-05 15:44 . 2008-02-05 15:44 90,688 --a------ C:\WINDOWS\SYSTEM32\tlsweimo.dll
2008-02-02 16:34 . 2008-02-02 16:34 <DIR> d-------- C:\Documents and Settings\Olivia\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 19:54 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-29 17:03 . 2004-03-29 17:48 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2008-01-29 17:03 . 2004-03-10 09:59 593,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\xpsp2res.dll
2008-01-29 17:03 . 2004-03-29 17:48 548,352 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2008-01-29 17:03 . 2004-03-29 17:48 439,808 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2008-01-29 17:03 . 2004-03-29 17:48 253,440 --a------ C:\WINDOWS\SYSTEM32\h323.tsp
2008-01-29 17:03 . 2004-03-29 17:48 40,960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\evtgprov.dll
2008-01-29 16:27 . 2008-02-15 18:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 19:08 . 2008-01-28 19:41 24,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\7584C502-07D0-40F9-815D-9CAE81D4C442.cxv
2008-01-28 19:02 . 2008-01-28 19:04 2,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\F829505C-F3B2-477B-8B10-8A550DA3EB78.cxv
2008-01-28 18:58 . 2008-01-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-28 17:21 . 2008-01-28 17:21 <DIR> d---s---- C:\Documents and Settings\Olivia\UserData
2008-01-27 10:02 . 2008-01-27 10:02 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX1B6C.tmp
2008-01-26 12:03 . 2008-01-26 12:03 <DIR> d-------- C:\Program Files\Atari
2008-01-26 09:53 . 2008-01-26 09:53 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXAFE.tmp
2008-01-23 18:27 . 2008-02-14 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 14:51 . 2008-01-20 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-20 14:38 . 2008-01-20 14:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-20 13:58 . 2008-01-20 13:58 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX1427.tmp
2008-01-19 12:07 . 2008-01-19 12:07 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 09:59 . 2005-06-24 17:05 16,958 --a------ C:\WINDOWS\SYSTEM32\evga.ico
2008-01-19 09:58 . 2008-01-19 09:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\EVGA
2008-01-19 09:58 . 2006-04-28 15:47 573,440 --a------ C:\WINDOWS\SYSTEM32\nvhwvid.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcodins.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcod.dll
2008-01-19 09:52 . 2008-01-19 09:52 552 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2008-01-18 21:46 . 2008-01-18 21:46 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX37CA.tmp
2008-01-18 20:52 . 2008-01-28 19:24 <DIR> d-------- C:\Program Files\CCleaner
2008-01-16 19:57 . 2008-01-16 19:57 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX13BF.tmp
2008-01-16 19:03 . 2008-01-16 19:03 338,432 --a------ C:\WINDOWS\SYSTEM32\RCXE51.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 01:48 --------- d-----w C:\Program Files\The Learning Company
2008-02-12 00:10 --------- d-----w C:\Program Files\QuickTime
2008-02-12 00:10 --------- d-----w C:\Program Files\iTunes
2008-02-09 18:21 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-07 23:50 --------- d-----w C:\Program Files\DellSupport
2008-02-07 23:39 145,408 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2008-01-29 02:50 90,112 ----a-w C:\WINDOWS\UpdReg .EXE
2008-01-29 02:50 406,016 ----a-w C:\WINDOWS\SYSTEM32\PSDrvCheck .exe
2008-01-29 02:50 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-29 02:49 431,104 ----a-w C:\WINDOWS\UpdReg.EXE
2008-01-29 02:49 174,592 ----a-w C:\WINDOWS\SYSTEM32\lexpps .exe
2008-01-26 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\Weather Studio
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Weather Studio
2008-01-21 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-20 23:21 90,584 ----a-w C:\Documents and Settings\Tony Bown\Application Data\GDIPFONTCACHEV1.DAT
2008-01-19 17:17 --------- d-----w C:\Program Files\Microsoft Games
2008-01-19 06:09 --------- d-----w C:\Program Files\Electronic Arts
2008-01-19 04:02 --------- d-----w C:\Program Files\Activision
2008-01-18 01:34 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Weather Studio
2008-01-15 23:27 --------- d-----w C:\Program Files\Starcraft
2008-01-15 02:56 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\U3
2008-01-14 20:21 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\MSN6
2008-01-10 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-03 23:34 --------- d-----w C:\Program Files\Bethesda Softworks
2008-01-03 23:28 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-01-03 23:28 --------- d--h--r C:\Documents and Settings\Tony Bown\Application Data\SecuROM
2007-12-25 20:21 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Apple Computer
2007-12-25 20:11 --------- d-----w C:\Program Files\iPod
2007-12-25 19:59 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:57 --------- d-----w C:\Documents and Settings\Olivia\Application Data\HP
2007-12-25 19:56 --------- d--h--w C:\Documents and Settings\Olivia\Application Data\GTek
2007-12-25 18:37 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-25 18:37 22,328 ----a-w C:\Documents and Settings\Tony Bown\Application Data\PnkBstrK.sys
2007-12-25 18:37 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-12-25 18:36 66,872 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-12-09 22:10 43,520 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-12-05 10:53 356,352 ----a-w C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvwddi.dll
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvmctray.dll
2007-12-05 09:41 8,523,776 ----a-w C:\WINDOWS\SYSTEM32\nvcpl.dll
2007-12-05 09:41 753,664 ----a-w C:\WINDOWS\SYSTEM32\nvcplui.exe
2007-12-05 09:41 7,435,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\nv4_mini.sys
2007-12-05 09:41 6,901,760 ----a-w C:\WINDOWS\SYSTEM32\nvoglnt.dll
2007-12-05 09:41 6,549,504 ----a-w C:\WINDOWS\SYSTEM32\nvdisps.dll
2007-12-05 09:41 5,773,568 ----a-w C:\WINDOWS\SYSTEM32\nv4_disp.dll
2007-12-05 09:41 385,024 ----a-w C:\WINDOWS\SYSTEM32\nvapi.dll
2007-12-05 09:41 356,352 ----a-w C:\WINDOWS\SYSTEM32\nvudisp.exe
2007-12-05 09:41 307,200 ----a-w C:\WINDOWS\SYSTEM32\nvexpbar.dll
2007-12-05 09:41 3,710,976 ----a-w C:\WINDOWS\SYSTEM32\nvvitvs.dll
2007-12-05 09:41 3,420,160 ----a-w C:\WINDOWS\SYSTEM32\nvgames.dll
2007-12-05 09:41 286,720 ----a-w C:\WINDOWS\SYSTEM32\nvnt4cpl.dll
2007-12-05 09:41 229,376 ----a-w C:\WINDOWS\SYSTEM32\nvmccs.dll
2007-12-05 09:41 2,498,560 ----a-w C:\WINDOWS\SYSTEM32\nvwss.dll
2007-12-05 09:41 188,416 ----a-w C:\WINDOWS\SYSTEM32\nvmccss.dll
2007-12-05 09:41 155,716 ----a-w C:\WINDOWS\SYSTEM32\nvsvc32.exe
2007-12-05 09:41 1,228,800 ----a-w C:\WINDOWS\SYSTEM32\nvmobls.dll
2007-12-05 09:41 1,089,536 ----a-w C:\WINDOWS\SYSTEM32\nvcuda.dll
2004-04-05 07:10 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2004-04-05 06:19 6,262,872 ----a-w C:\Program Files\psa2se_us.exe
.
[code=auto:0]<pre>
----a-w 368,706 2008-01-29 02:50:44 C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w 787,696 2008-01-28 02:51:52 C:\Program Files\CCleaner\CCleaner .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-11 23:05:24 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:14 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:13 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:12 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:10 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:07 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:06 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 812,544 2008-02-12 00:11:02 C:\Program Files\Common Files\ErrClean\strpmon .exe
----a-w 135,264 2008-01-29 02:50:32 C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w 460,784 2008-02-07 23:51:00 C:\Program Files\DellSupport\DSAgnt .exe
----a-w 49,152 2008-01-29 02:51:02 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w 45,056 2008-01-29 02:51:00 C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX .exe
----a-w 267,048 2008-02-11 23:04:42 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 513,024 2008-02-02 04:34:49 C:\Program Files\McAfee.com\Agent\MC0D97~1 .EXE
----a-w 513,024 2008-02-02 04:40:47 C:\Program Files\McAfee.com\Agent\MC0D97~2 .EXE
----a-w 513,024 2008-02-02 04:48:13 C:\Program Files\McAfee.com\Agent\MC0D97~3 .EXE
----a-w 513,024 2008-02-02 05:41:09 C:\Program Files\McAfee.com\Agent\MC0D97~4 .EXE
----a-w 513,024 2008-02-01 22:50:41 C:\Program Files\McAfee.com\Agent\MC1795~1 .EXE
----a-w 513,024 2008-02-02 02:57:00 C:\Program Files\McAfee.com\Agent\MC1795~2 .EXE
----a-w 513,024 2008-02-02 04:31:05 C:\Program Files\McAfee.com\Agent\MC1795~3 .EXE
----a-w 513,024 2008-02-02 04:33:33 C:\Program Files\McAfee.com\Agent\MC1795~4 .EXE
----a-w 513,024 2008-01-31 00:22:14 C:\Program Files\McAfee.com\Agent\MC1A3F~1 .EXE
----a-w 513,024 2008-01-31 00:30:14 C:\Program Files\McAfee.com\Agent\MC1A3F~2 .EXE
----a-w 513,024 2008-01-31 16:25:35 C:\Program Files\McAfee.com\Agent\MC1A3F~3 .EXE
----a-w 513,024 2008-02-01 03:44:52 C:\Program Files\McAfee.com\Agent\MC1A3F~4 .EXE
----a-w 513,024 2008-02-07 02:01:08 C:\Program Files\McAfee.com\Agent\MC7024~1 .EXE
----a-w 513,024 2008-02-07 02:58:21 C:\Program Files\McAfee.com\Agent\MC7024~2 .EXE
----a-w 513,024 2008-02-07 05:42:25 C:\Program Files\McAfee.com\Agent\MC7024~3 .EXE
----a-w 513,024 2008-02-07 06:13:35 C:\Program Files\McAfee.com\Agent\MC7024~4 .EXE
----a-w 513,024 2008-02-10 23:57:15 C:\Program Files\McAfee.com\Agent\MC7813~1 .EXE
----a-w 513,024 2008-02-11 03:07:46 C:\Program Files\McAfee.com\Agent\MC7813~2 .EXE
----a-w 513,024 2008-02-11 04:16:11 C:\Program Files\McAfee.com\Agent\MC7813~3 .EXE
----a-w 513,024 2008-02-11 06:54:00 C:\Program Files\McAfee.com\Agent\MC7813~4 .EXE
----a-w 513,024 2008-02-09 18:09:22 C:\Program Files\McAfee.com\Agent\MC8811~1 .EXE
----a-w 513,024 2008-02-10 06:41:44 C:\Program Files\McAfee.com\Agent\MC8811~2 .EXE
----a-w 513,024 2008-02-10 16:14:44 C:\Program Files\McAfee.com\Agent\MC8811~3 .EXE
----a-w 513,024 2008-02-10 17:19:31 C:\Program Files\McAfee.com\Agent\MC8811~4 .EXE
----a-w 513,024 2008-02-02 19:42:41 C:\Program Files\McAfee.com\Agent\MC8C1F~1 .EXE
----a-w 513,024 2008-02-03 20:40:18 C:\Program Files\McAfee.com\Agent\MC8C1F~2 .EXE
----a-w 513,024 2008-02-03 22:23:43 C:\Program Files\McAfee.com\Agent\MC8C1F~3 .EXE
----a-w 513,024 2008-02-03 22:38:33 C:\Program Files\McAfee.com\Agent\MC8C1F~4 .EXE
----a-w 513,024 2008-02-08 15:32:16 C:\Program Files\McAfee.com\Agent\MC8F18~1 .EXE
----a-w 513,024 2008-02-09 03:51:22 C:\Program Files\McAfee.com\Agent\MC8F18~2 .EXE
----a-w 513,024 2008-02-09 04:55:29 C:\Program Files\McAfee.com\Agent\MC8F18~3 .EXE
----a-w 513,024 2008-02-09 06:04:50 C:\Program Files\McAfee.com\Agent\MC8F18~4 .EXE
----a-w 513,024 2008-02-03 23:06:06 C:\Program Files\McAfee.com\Agent\MC9890~1 .EXE
----a-w 513,024 2008-02-04 23:40:00 C:\Program Files\McAfee.com\Agent\MC9890~2 .EXE
----a-w 513,024 2008-02-05 01:54:21 C:\Program Files\McAfee.com\Agent\MC9890~3 .EXE
----a-w 513,024 2008-02-05 23:05:57 C:\Program Files\McAfee.com\Agent\MC9890~4 .EXE
----a-w 192,512 2008-01-29 02:50:22 C:\Program Files\McAfee.com\Agent\mcagent .exe
  • 0

#13
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
here is part 2

----a-w 513,024 2008-02-06 19:17:45 C:\Program Files\McAfee.com\Agent\MCF024~1 .EXE
----a-w 513,024 2008-02-06 23:25:08 C:\Program Files\McAfee.com\Agent\MCF024~2 .EXE
----a-w 513,024 2008-02-07 01:51:50 C:\Program Files\McAfee.com\Agent\MCF024~3 .EXE
----a-w 513,024 2008-02-07 01:55:28 C:\Program Files\McAfee.com\Agent\MCF024~4 .EXE
----a-w 513,024 2008-02-11 23:04:19 C:\Program Files\McAfee.com\Agent\MCF71D~1 .EXE
----a-w 513,024 2008-02-12 00:10:58 C:\Program Files\McAfee.com\Agent\MCF71D~2 .EXE
----a-w 513,024 2008-02-07 23:28:55 C:\Program Files\McAfee.com\Agent\MCF814~1 .EXE
----a-w 513,024 2008-02-07 23:50:05 C:\Program Files\McAfee.com\Agent\MCF814~2 .EXE
----a-w 513,024 2008-02-08 00:28:04 C:\Program Files\McAfee.com\Agent\MCF814~3 .EXE
----a-w 513,024 2008-02-08 00:51:02 C:\Program Files\McAfee.com\Agent\MCF814~4 .EXE
----a-w 513,024 2008-01-29 03:06:03 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 513,024 2008-01-30 00:13:44 C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w 513,024 2008-01-30 02:17:05 C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w 513,024 2008-01-30 06:15:36 C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w 513,024 2008-01-30 21:23:54 C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
----a-w 139,264 2008-01-29 02:50:39 C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w 1,670,144 2008-02-11 23:06:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 241,714 2008-01-29 02:50:15 C:\Program Files\Microsoft Money\System\Activation .exe
----a-w 652,288 2008-02-12 00:10:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 23:04:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 06:54:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 04:16:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 03:07:48 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 23:57:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 17:19:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 16:14:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 06:41:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 18:09:24 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 06:04:53 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 04:55:32 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 03:51:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 15:32:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:51:03 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:28:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:50:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:28:56 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 06:13:35 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 05:42:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:58:23 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:01:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:55:30 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:51:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 23:25:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 19:17:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 23:05:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 01:54:22 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 23:06:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:38:36 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:23:44 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 20:40:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 19:42:42 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 05:41:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:48:15 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:40:50 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:34:49 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:33:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:31:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 02:57:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-01 22:50:43 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-01 03:44:54 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 16:25:37 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 00:30:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 00:22:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 21:23:57 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 06:15:38 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 02:17:08 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 00:13:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 03:06:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 02:49:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 01:39:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 01:31:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 02:15:31 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 00:53:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 00:02:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-27 18:02:11 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 18:45:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 17:53:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 05:50:14 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 04:32:19 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 04:07:25 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-25 05:42:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-25 04:42:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 05:22:52 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 05:13:32 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 04:45:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 03:23:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 03:02:31 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 02:19:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-23 01:54:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 16:58:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 15:22:09 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 06:50:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 22:40:00 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 22:19:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 21:59:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 21:44:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 17:31:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 03:27:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 23:32:53 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 22:11:00 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 22:03:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:57:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:19:39 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:14:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:00:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 18:40:11 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 04:54:17 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 20:58:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 20:04:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 18:51:30 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 18:07:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 05:57:22 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 05:45:55 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 04:06:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 03:45:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 03:27:13 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 02:37:43 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 01:09:34 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 15:15:23 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 04:58:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:33:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:25:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:00:56 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 14:50:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 05:02:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 03:57:14 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 03:02:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 01:35:13 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 15:55:40 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 15:18:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 05:50:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 04:48:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 15:23:48 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 07:11:44 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 07:03:16 C:\Program Files\QuickTime\qttask .exe
----a-w 26,112 2008-01-29 02:50:23 C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w 679,936 2008-01-29 02:50:35 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w 380,928 2008-01-29 02:50:50 C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w 57,344 2008-01-29 02:50:48 C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w 90,112 2008-01-29 02:50:10 C:\WINDOWS\UpdReg .EXE
----a-w 145,408 2008-02-07 23:39:06 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 28,672 2008-01-29 02:50:12 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 174,592 2008-01-29 02:49:18 C:\WINDOWS\SYSTEM32\lexpps .exe
----a-w 406,016 2008-01-29 02:50:40 C:\WINDOWS\SYSTEM32\PSDrvCheck .exe
</pre>[/code]


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{785CED62-39E7-412E-900B-671549848F75}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)

R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\System32\drivers\bender.sys [2003-09-25 11:19]
R3 HPFXBULK;HPFXBULK;C:\WINDOWS\System32\drivers\hpfxbulk.sys [2005-09-20 02:22]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 09:30]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 09:29]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 18:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-09-28 03:10:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1064718538.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2003-02-28 04:50:33 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-02-16 20:23:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Alex).job"
- C:\PROGRA~1\McAfee.com\Agent\MCF814~4 .EX
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Olivia).job"
- C:\PROGRA~1\McAfee.com\Agent\MC9890~2 .EX
- C:\PROGRA~1\McAfee.com\Agent.OliviaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-02-16 20:24:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\MCF71D~2 .EX
- C:\PROGRA~1\McAfee.com\Agen
"2008-02-16 20:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DD6RTF21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:27:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONY-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agen
"2008-02-16 20:23:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Alex).job"
- C:\PROGRA~1\McAfee.com\Agent\MCUPDA~1 .EX
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-bla).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:26:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Brennan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:27:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Garrett).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Olivia).job"
- C:\PROGRA~1\McAfee.com\Agent\McUpdate .ex
- C:\PROGRA~1\McAfee.com\Agent.OliviaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-02-16 20:24:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\McUpdate .ex
- C:\PROGRA~1\McAfee.com\Agen
"2007-03-07 17:56:26 C:\WINDOWS\Tasks\WebReg ENU.job"
- c:\program files\hewlett-packard\digital imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 12:26:55
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 12:27:48
ComboFix-quarantined-files.txt 2008-02-16 20:27:26
ComboFix2.txt 2008-02-16 16:21:34
.
2008-02-02 04:44:03 --- E O F ---
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
We will have to redo it it did not copy correctly.

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\ewujrlkp.ini
C:\WINDOWS\SYSTEM32\niykgeum.ini
C:\WINDOWS\SYSTEM32\amkrkcny.ini
C:\Copy of posFFBA.tmp
C:\WINDOWS\SYSTEM32\RCX81C.tmp
C:\WINDOWS\SYSTEM32\siebwnse.ini
C:\WINDOWS\SYSTEM32\RCX81F.tmp
C:\WINDOWS\SYSTEM32\mqrpuqmr.ini
C:\WINDOWS\SYSTEM32\RCX7AF.tmp
C:\WINDOWS\SYSTEM32\RCXF30F.tmp
C:\WINDOWS\SYSTEM32\lhecngkw.ini
C:\WINDOWS\SYSTEM32\RCX2DC.tmp
C:\WINDOWS\SYSTEM32\tlsweimo.dll
C:\WINDOWS\SYSTEM32\DRIVERS\7584C502-07D0-40F9-815D-9CAE81D4C442.cxv
C:\WINDOWS\SYSTEM32\DRIVERS\F829505C-F3B2-477B-8B10-8A550DA3EB78.cxv
C:\WINDOWS\SYSTEM32\RCX1B6C.tmp
C:\WINDOWS\SYSTEM32\RCXAFE.tmp
C:\WINDOWS\SYSTEM32\RCX1427.tmp
C:\WINDOWS\SYSTEM32\RCX37CA.tmp
C:\WINDOWS\SYSTEM32\RCX13BF.tmp
C:\WINDOWS\SYSTEM32\RCXE51.tmp
Folder::
C:\Program Files\Common Files\ErrClean
C:\Documents and Settings\All Users\Application Data\errclean
C:\WINDOWS\System32\windows 
RenV::
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\Program Files\CCleaner\CCleaner  .exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\McAfee.com\Agent\MC0D97~1 .EXE
C:\Program Files\McAfee.com\Agent\MC0D97~2 .EXE
C:\Program Files\McAfee.com\Agent\MC0D97~3 .EXE
C:\Program Files\McAfee.com\Agent\MC0D97~4 .EXE
C:\Program Files\McAfee.com\Agent\MC1795~1 .EXE
C:\Program Files\McAfee.com\Agent\MC1795~2 .EXE
C:\Program Files\McAfee.com\Agent\MC1795~3 .EXE
C:\Program Files\McAfee.com\Agent\MC1795~4 .EXE
C:\Program Files\McAfee.com\Agent\MC1A3F~1 .EXE
C:\Program Files\McAfee.com\Agent\MC1A3F~2 .EXE
C:\Program Files\McAfee.com\Agent\MC1A3F~3 .EXE
C:\Program Files\McAfee.com\Agent\MC1A3F~4 .EXE
C:\Program Files\McAfee.com\Agent\MC7024~1 .EXE
C:\Program Files\McAfee.com\Agent\MC7024~2 .EXE
C:\Program Files\McAfee.com\Agent\MC7024~3 .EXE
C:\Program Files\McAfee.com\Agent\MC7024~4 .EXE
C:\Program Files\McAfee.com\Agent\MC7813~1 .EXE
C:\Program Files\McAfee.com\Agent\MC7813~2 .EXE
C:\Program Files\McAfee.com\Agent\MC7813~3 .EXE
C:\Program Files\McAfee.com\Agent\MC7813~4 .EXE
C:\Program Files\McAfee.com\Agent\MC8811~1 .EXE
C:\Program Files\McAfee.com\Agent\MC8811~2 .EXE
C:\Program Files\McAfee.com\Agent\MC8811~3 .EXE
C:\Program Files\McAfee.com\Agent\MC8811~4 .EXE
C:\Program Files\McAfee.com\Agent\MC8C1F~1 .EXE
C:\Program Files\McAfee.com\Agent\MC8C1F~2 .EXE
C:\Program Files\McAfee.com\Agent\MC8C1F~3 .EXE
C:\Program Files\McAfee.com\Agent\MC8C1F~4 .EXE
C:\Program Files\McAfee.com\Agent\MC8F18~1 .EXE
C:\Program Files\McAfee.com\Agent\MC8F18~2 .EXE
C:\Program Files\McAfee.com\Agent\MC8F18~3 .EXE
C:\Program Files\McAfee.com\Agent\MC8F18~4 .EXE
C:\Program Files\McAfee.com\Agent\MC9890~1 .EXE
C:\Program Files\McAfee.com\Agent\MC9890~2 .EXE
C:\Program Files\McAfee.com\Agent\MC9890~3 .EXE
C:\Program Files\McAfee.com\Agent\MC9890~4 .EXE
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\MCF024~1 .EXE
C:\Program Files\McAfee.com\Agent\MCF024~2 .EXE
C:\Program Files\McAfee.com\Agent\MCF024~3 .EXE
C:\Program Files\McAfee.com\Agent\MCF024~4 .EXE
C:\Program Files\McAfee.com\Agent\MCF71D~1 .EXE
C:\Program Files\McAfee.com\Agent\MCF71D~2 .EXE
C:\Program Files\McAfee.com\Agent\MCF814~1 .EXE
C:\Program Files\McAfee.com\Agent\MCF814~2 .EXE
C:\Program Files\McAfee.com\Agent\MCF814~3 .EXE
C:\Program Files\McAfee.com\Agent\MCF814~4 .EXE
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Microsoft Money\System\Activation .exe
C:\Program Files\QuickTime\qttask																													 .exe
C:\Program Files\QuickTime\qttask																													.exe
C:\Program Files\QuickTime\qttask																												   .exe
C:\Program Files\QuickTime\qttask																												  .exe
C:\Program Files\QuickTime\qttask																												 .exe
C:\Program Files\QuickTime\qttask																												.exe
C:\Program Files\QuickTime\qttask																											   .exe
C:\Program Files\QuickTime\qttask																											  .exe
C:\Program Files\QuickTime\qttask																											 .exe
C:\Program Files\QuickTime\qttask																											.exe
C:\Program Files\QuickTime\qttask																										   .exe
C:\Program Files\QuickTime\qttask																										  .exe
C:\Program Files\QuickTime\qttask																										 .exe
C:\Program Files\QuickTime\qttask																										.exe
C:\Program Files\QuickTime\qttask																									   .exe
C:\Program Files\QuickTime\qttask																									  .exe
C:\Program Files\QuickTime\qttask																									 .exe
C:\Program Files\QuickTime\qttask																									.exe
C:\Program Files\QuickTime\qttask																								   .exe
C:\Program Files\QuickTime\qttask																								  .exe
C:\Program Files\QuickTime\qttask																								 .exe
C:\Program Files\QuickTime\qttask																								.exe
C:\Program Files\QuickTime\qttask																							   .exe
C:\Program Files\QuickTime\qttask																							  .exe
C:\Program Files\QuickTime\qttask																							 .exe
C:\Program Files\QuickTime\qttask																							.exe
C:\Program Files\QuickTime\qttask																						   .exe
C:\Program Files\QuickTime\qttask																						  .exe
C:\Program Files\QuickTime\qttask																						 .exe
C:\Program Files\QuickTime\qttask																						.exe
C:\Program Files\QuickTime\qttask																					   .exe
C:\Program Files\QuickTime\qttask																					  .exe
C:\Program Files\QuickTime\qttask																					 .exe
C:\Program Files\QuickTime\qttask																					.exe
C:\Program Files\QuickTime\qttask																				   .exe
C:\Program Files\QuickTime\qttask																				  .exe
C:\Program Files\QuickTime\qttask																				 .exe
C:\Program Files\QuickTime\qttask																				.exe
C:\Program Files\QuickTime\qttask																			   .exe
C:\Program Files\QuickTime\qttask																			  .exe
C:\Program Files\QuickTime\qttask																			 .exe
C:\Program Files\QuickTime\qttask																			.exe
C:\Program Files\QuickTime\qttask																		   .exe
C:\Program Files\QuickTime\qttask																		  .exe
C:\Program Files\QuickTime\qttask																		 .exe
C:\Program Files\QuickTime\qttask																		.exe
C:\Program Files\QuickTime\qttask																	   .exe
C:\Program Files\QuickTime\qttask																	  .exe
C:\Program Files\QuickTime\qttask																	 .exe
C:\Program Files\QuickTime\qttask																	.exe
C:\Program Files\QuickTime\qttask																   .exe
C:\Program Files\QuickTime\qttask																  .exe
C:\Program Files\QuickTime\qttask																 .exe
C:\Program Files\QuickTime\qttask																.exe
C:\Program Files\QuickTime\qttask															   .exe
C:\Program Files\QuickTime\qttask															  .exe
C:\Program Files\QuickTime\qttask															 .exe
C:\Program Files\QuickTime\qttask															.exe
C:\Program Files\QuickTime\qttask														   .exe
C:\Program Files\QuickTime\qttask														  .exe
C:\Program Files\QuickTime\qttask														 .exe
C:\Program Files\QuickTime\qttask														.exe
C:\Program Files\QuickTime\qttask													   .exe
C:\Program Files\QuickTime\qttask													  .exe
C:\Program Files\QuickTime\qttask													 .exe
C:\Program Files\QuickTime\qttask													.exe
C:\Program Files\QuickTime\qttask												   .exe
C:\Program Files\QuickTime\qttask												  .exe
C:\Program Files\QuickTime\qttask												 .exe
C:\Program Files\QuickTime\qttask												.exe
C:\Program Files\QuickTime\qttask											   .exe
C:\Program Files\QuickTime\qttask											  .exe
C:\Program Files\QuickTime\qttask											 .exe
C:\Program Files\QuickTime\qttask											.exe
C:\Program Files\QuickTime\qttask										   .exe
C:\Program Files\QuickTime\qttask										  .exe
C:\Program Files\QuickTime\qttask										 .exe
C:\Program Files\QuickTime\qttask										.exe
C:\Program Files\QuickTime\qttask									   .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
C:\Program Files\Yahoo!\browser\ybrwicon .exe
C:\WINDOWS\UpdReg .EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\SYSTEM32\lexpps .exe
C:\WINDOWS\SYSTEM32\PSDrvCheck .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{785CED62-39E7-412E-900B-671549848F75}]
Driver::
Microsoft cache control


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#15
Taco130

Taco130

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
here is combofix log

ComboFix 08-02-14.2 - Tony Bown 2008-02-16 12:48:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.270 [GMT -8:00]
Running from: C:\Documents and Settings\Tony Bown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tony Bown\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Copy of posFFBA.tmp
C:\WINDOWS\SYSTEM32\amkrkcny.ini
C:\WINDOWS\SYSTEM32\DRIVERS\7584C502-07D0-40F9-815D-9CAE81D4C442.cxv
C:\WINDOWS\SYSTEM32\DRIVERS\F829505C-F3B2-477B-8B10-8A550DA3EB78.cxv
C:\WINDOWS\SYSTEM32\ewujrlkp.ini
C:\WINDOWS\SYSTEM32\lhecngkw.ini
C:\WINDOWS\SYSTEM32\mqrpuqmr.ini
C:\WINDOWS\SYSTEM32\niykgeum.ini
C:\WINDOWS\SYSTEM32\RCX13BF.tmp
C:\WINDOWS\SYSTEM32\RCX1427.tmp
C:\WINDOWS\SYSTEM32\RCX1B6C.tmp
C:\WINDOWS\SYSTEM32\RCX2DC.tmp
C:\WINDOWS\SYSTEM32\RCX37CA.tmp
C:\WINDOWS\SYSTEM32\RCX7AF.tmp
C:\WINDOWS\SYSTEM32\RCX81C.tmp
C:\WINDOWS\SYSTEM32\RCX81F.tmp
C:\WINDOWS\SYSTEM32\RCXAFE.tmp
C:\WINDOWS\SYSTEM32\RCXE51.tmp
C:\WINDOWS\SYSTEM32\RCXF30F.tmp
C:\WINDOWS\SYSTEM32\siebwnse.ini
C:\WINDOWS\SYSTEM32\tlsweimo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\errclean
C:\Documents and Settings\All Users\Application Data\errclean\Data\ac
C:\Documents and Settings\All Users\Application Data\errclean\Data\em
C:\Documents and Settings\All Users\Application Data\errclean\Data\oid
C:\Documents and Settings\All Users\Application Data\errclean\Data\user
C:\Program Files\Common Files\ErrClean
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon .exe
C:\Program Files\Common Files\ErrClean\strpmon.exe
C:\WINDOWS\SYSTEM32\amkrkcny.ini
C:\WINDOWS\SYSTEM32\DRIVERS\7584C502-07D0-40F9-815D-9CAE81D4C442.cxv
C:\WINDOWS\SYSTEM32\DRIVERS\F829505C-F3B2-477B-8B10-8A550DA3EB78.cxv
C:\WINDOWS\SYSTEM32\ewujrlkp.ini
C:\WINDOWS\SYSTEM32\lhecngkw.ini
C:\WINDOWS\SYSTEM32\mqrpuqmr.ini
C:\WINDOWS\SYSTEM32\niykgeum.ini
C:\WINDOWS\SYSTEM32\RCX13BF.tmp
C:\WINDOWS\SYSTEM32\RCX1427.tmp
C:\WINDOWS\SYSTEM32\RCX1B6C.tmp
C:\WINDOWS\SYSTEM32\RCX2DC.tmp
C:\WINDOWS\SYSTEM32\RCX37CA.tmp
C:\WINDOWS\SYSTEM32\RCX7AF.tmp
C:\WINDOWS\SYSTEM32\RCX81C.tmp
C:\WINDOWS\SYSTEM32\RCX81F.tmp
C:\WINDOWS\SYSTEM32\RCXAFE.tmp
C:\WINDOWS\SYSTEM32\RCXE51.tmp
C:\WINDOWS\SYSTEM32\RCXF30F.tmp
C:\WINDOWS\SYSTEM32\siebwnse.ini
C:\WINDOWS\SYSTEM32\tlsweimo.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-13 17:30 . 2008-02-13 17:30 <DIR> d-------- C:\Program Files\Google
2008-02-12 17:48 . 2008-02-12 17:48 3,584 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-12 17:18 . 2008-02-12 17:18 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Lavasoft
2008-02-11 21:38 . 2008-02-11 21:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 21:37 . 2008-02-11 21:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 21:37 . 2008-02-11 21:37 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-11 16:42 . 2008-02-12 18:20 <DIR> d-------- C:\VundoFix Backups
2008-02-11 15:28 . 2008-02-11 15:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-06 17:52 . 2008-02-07 15:39 145,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msconfig.exe
2008-02-02 16:34 . 2008-02-02 16:34 <DIR> d-------- C:\Documents and Settings\Olivia\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 19:54 <DIR> d-------- C:\Documents and Settings\Tony Bown\Application Data\Yahoo!
2008-01-31 19:54 . 2008-01-31 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-29 17:03 . 2004-03-29 17:48 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2008-01-29 17:03 . 2004-03-10 09:59 593,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\xpsp2res.dll
2008-01-29 17:03 . 2004-03-29 17:48 548,352 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2008-01-29 17:03 . 2004-03-29 17:48 439,808 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2008-01-29 17:03 . 2004-03-29 17:48 253,440 --a------ C:\WINDOWS\SYSTEM32\h323.tsp
2008-01-29 17:03 . 2004-03-29 17:48 40,960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\evtgprov.dll
2008-01-29 16:27 . 2008-02-15 18:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 18:58 . 2008-01-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-28 17:21 . 2008-01-28 17:21 <DIR> d---s---- C:\Documents and Settings\Olivia\UserData
2008-01-26 12:03 . 2008-01-26 12:03 <DIR> d-------- C:\Program Files\Atari
2008-01-23 18:27 . 2008-02-14 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 14:51 . 2008-01-20 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-20 14:38 . 2008-01-20 14:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-19 12:07 . 2008-01-19 12:07 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 09:59 . 2005-06-24 17:05 16,958 --a------ C:\WINDOWS\SYSTEM32\evga.ico
2008-01-19 09:58 . 2008-01-19 09:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\EVGA
2008-01-19 09:58 . 2006-04-28 15:47 573,440 --a------ C:\WINDOWS\SYSTEM32\nvhwvid.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcodins.dll
2008-01-19 09:58 . 2006-04-28 15:47 35,840 --a------ C:\WINDOWS\SYSTEM32\nvcod.dll
2008-01-19 09:52 . 2008-01-19 09:52 552 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2008-01-18 20:52 . 2008-02-16 12:46 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 20:48 --------- d-----w C:\Program Files\QuickTime
2008-02-16 20:46 --------- d-----w C:\Program Files\iTunes
2008-02-16 20:46 --------- d-----w C:\Program Files\DellSupport
2008-02-15 01:48 --------- d-----w C:\Program Files\The Learning Company
2008-02-09 18:21 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-07 23:39 145,408 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-29 02:50 90,112 ----a-w C:\WINDOWS\UpdReg.EXE
2008-01-29 02:50 406,016 ----a-w C:\WINDOWS\SYSTEM32\PSDrvCheck.exe
2008-01-29 02:50 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-29 02:49 174,592 ----a-w C:\WINDOWS\SYSTEM32\lexpps.exe
2008-01-26 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\Weather Studio
2008-01-23 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Weather Studio
2008-01-21 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-20 23:21 90,584 ----a-w C:\Documents and Settings\Tony Bown\Application Data\GDIPFONTCACHEV1.DAT
2008-01-19 17:17 --------- d-----w C:\Program Files\Microsoft Games
2008-01-19 06:09 --------- d-----w C:\Program Files\Electronic Arts
2008-01-19 04:02 --------- d-----w C:\Program Files\Activision
2008-01-18 01:34 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Weather Studio
2008-01-15 23:27 --------- d-----w C:\Program Files\Starcraft
2008-01-15 02:56 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\U3
2008-01-14 20:21 --------- d-----w C:\Documents and Settings\Tony Bown\Application Data\MSN6
2008-01-10 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-03 23:34 --------- d-----w C:\Program Files\Bethesda Softworks
2008-01-03 23:28 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-01-03 23:28 --------- d--h--r C:\Documents and Settings\Tony Bown\Application Data\SecuROM
2007-12-25 20:21 --------- d-----w C:\Documents and Settings\Olivia\Application Data\Apple Computer
2007-12-25 20:11 --------- d-----w C:\Program Files\iPod
2007-12-25 19:59 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:57 --------- d-----w C:\Documents and Settings\Olivia\Application Data\HP
2007-12-25 19:56 --------- d--h--w C:\Documents and Settings\Olivia\Application Data\GTek
2007-12-25 18:37 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-25 18:37 22,328 ----a-w C:\Documents and Settings\Tony Bown\Application Data\PnkBstrK.sys
2007-12-25 18:37 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-12-25 18:36 66,872 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-12-09 22:10 43,520 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-12-05 10:53 356,352 ----a-w C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvwddi.dll
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvmctray.dll
2007-12-05 09:41 8,523,776 ----a-w C:\WINDOWS\SYSTEM32\nvcpl.dll
2007-12-05 09:41 753,664 ----a-w C:\WINDOWS\SYSTEM32\nvcplui.exe
2007-12-05 09:41 7,435,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\nv4_mini.sys
2007-12-05 09:41 6,901,760 ----a-w C:\WINDOWS\SYSTEM32\nvoglnt.dll
2007-12-05 09:41 6,549,504 ----a-w C:\WINDOWS\SYSTEM32\nvdisps.dll
2007-12-05 09:41 5,773,568 ----a-w C:\WINDOWS\SYSTEM32\nv4_disp.dll
2007-12-05 09:41 385,024 ----a-w C:\WINDOWS\SYSTEM32\nvapi.dll
2007-12-05 09:41 356,352 ----a-w C:\WINDOWS\SYSTEM32\nvudisp.exe
2007-12-05 09:41 307,200 ----a-w C:\WINDOWS\SYSTEM32\nvexpbar.dll
2007-12-05 09:41 3,710,976 ----a-w C:\WINDOWS\SYSTEM32\nvvitvs.dll
2007-12-05 09:41 3,420,160 ----a-w C:\WINDOWS\SYSTEM32\nvgames.dll
2007-12-05 09:41 286,720 ----a-w C:\WINDOWS\SYSTEM32\nvnt4cpl.dll
2007-12-05 09:41 229,376 ----a-w C:\WINDOWS\SYSTEM32\nvmccs.dll
2007-12-05 09:41 2,498,560 ----a-w C:\WINDOWS\SYSTEM32\nvwss.dll
2007-12-05 09:41 188,416 ----a-w C:\WINDOWS\SYSTEM32\nvmccss.dll
2007-12-05 09:41 155,716 ----a-w C:\WINDOWS\SYSTEM32\nvsvc32.exe
2007-12-05 09:41 1,228,800 ----a-w C:\WINDOWS\SYSTEM32\nvmobls.dll
2007-12-05 09:41 1,089,536 ----a-w C:\WINDOWS\SYSTEM32\nvcuda.dll
2004-04-05 07:10 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2004-04-05 06:19 6,262,872 ----a-w C:\Program Files\psa2se_us.exe
.
<pre>
----a-w		   652,288 2008-01-21 03:27:21  C:\Program Files\QuickTime\qttask									  .exe
----a-w		   652,288 2008-01-20 23:32:53  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   652,288 2008-01-20 22:11:00  C:\Program Files\QuickTime\qttask									.exe
----a-w		   652,288 2008-01-20 22:03:16  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   652,288 2008-01-20 21:57:58  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   652,288 2008-01-20 21:19:39  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   652,288 2008-01-20 21:14:06  C:\Program Files\QuickTime\qttask								.exe
----a-w		   652,288 2008-01-20 21:00:07  C:\Program Files\QuickTime\qttask							   .exe
----a-w		   652,288 2008-01-20 18:40:11  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   652,288 2008-01-20 04:54:17  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   652,288 2008-01-19 20:58:45  C:\Program Files\QuickTime\qttask							.exe
----a-w		   652,288 2008-01-19 20:04:27  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   652,288 2008-01-19 18:51:30  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   652,288 2008-01-19 18:07:45  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   652,288 2008-01-19 05:57:22  C:\Program Files\QuickTime\qttask						.exe
----a-w		   652,288 2008-01-19 05:45:55  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   652,288 2008-01-19 04:06:27  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   652,288 2008-01-19 03:45:51  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   652,288 2008-01-19 03:27:13  C:\Program Files\QuickTime\qttask					.exe
----a-w		   652,288 2008-01-19 02:37:43  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   652,288 2008-01-19 01:09:34  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   652,288 2008-01-18 15:15:23  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   652,288 2008-01-18 04:58:21  C:\Program Files\QuickTime\qttask				.exe
----a-w		   652,288 2008-01-18 01:33:18  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   652,288 2008-01-18 01:25:10  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   652,288 2008-01-18 01:00:56  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   652,288 2008-01-17 14:50:27  C:\Program Files\QuickTime\qttask			.exe
----a-w		   652,288 2008-01-17 05:02:58  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   652,288 2008-01-17 03:57:14  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   652,288 2008-01-17 03:02:58  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   652,288 2008-01-17 01:35:13  C:\Program Files\QuickTime\qttask		.exe
----a-w		   652,288 2008-01-16 15:55:40  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   652,288 2008-01-16 15:18:04  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   652,288 2008-01-16 05:50:33  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   652,288 2008-01-16 04:48:10  C:\Program Files\QuickTime\qttask	.exe
----a-w		   652,288 2008-01-15 15:23:48  C:\Program Files\QuickTime\qttask   .exe
----a-w		   652,288 2008-01-15 07:11:44  C:\Program Files\QuickTime\qttask  .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)

R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\System32\drivers\bender.sys [2003-09-25 11:19]
R3 HPFXBULK;HPFXBULK;C:\WINDOWS\System32\drivers\hpfxbulk.sys [2005-09-20 02:22]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 09:30]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 09:29]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 18:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-09-28 03:10:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1064718538.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2003-02-28 04:50:33 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-02-16 20:48:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Alex).job"
- C:\PROGRA~1\McAfee.com\Agent\MCF814~4 .EX
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:50:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Olivia).job"
- C:\PROGRA~1\McAfee.com\Agent\MC9890~2 .EX
- C:\PROGRA~1\McAfee.com\Agent.OliviaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-02-16 20:49:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\MCF71D~2 .EX
- C:\PROGRA~1\McAfee.com\Agen
"2008-02-16 20:50:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DD6RTF21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:47:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONY-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agen
"2008-02-16 20:48:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Alex).job"
- C:\PROGRA~1\McAfee.com\Agent\MCUPDA~1 .EX
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:50:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-bla).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:46:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Brennan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:47:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Garrett).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:50:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Olivia).job"
- C:\PROGRA~1\McAfee.com\Agent\McUpdate .ex
- C:\PROGRA~1\McAfee.com\Agent.OliviaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-02-16 20:49:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\McUpdate .ex
- C:\PROGRA~1\McAfee.com\Agen
"2007-03-07 17:56:26 C:\WINDOWS\Tasks\WebReg ENU.job"
- c:\program files\hewlett-packard\digital imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 12:50:19
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 12:51:04
ComboFix-quarantined-files.txt 2008-02-16 20:50:41
ComboFix2.txt 2008-02-16 20:27:49
ComboFix3.txt 2008-02-16 16:21:34
.
2008-02-02 04:44:03 --- E O F ---
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP