[St3phanii351o]

I keep seeing POS files on my document folder and i cant seem to delete them
and i also have a red x where my drive used to be
i need hellllp

by the way im newww so i dont reallyk ow how to use this thing haha

Edited by St3phanii351o, 27 February 2008 - 12:34 AM.

[Advertisements]

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[Rorschach112]

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[St3phanii351o]

ComboFix 08-02-25.3 - MERION 2008-02-28 16:56:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.249 [GMT -8:00]
Running from: C:\Documents and Settings\MERION\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\b122.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\system32\aajqetgg.dll
C:\WINDOWS\system32\anfhoabp.ini
C:\WINDOWS\system32\bjjgbilg.dll
C:\WINDOWS\system32\ggteqjaa.ini
C:\WINDOWS\system32\hblxeckn.ini
C:\WINDOWS\system32\icadbfml.dll
C:\WINDOWS\system32\kgkitkef.dll
C:\WINDOWS\system32\khfdbcb.dll
C:\WINDOWS\system32\lacwxddq.dll
C:\WINDOWS\system32\lklicwjq.dll
C:\WINDOWS\system32\llkmp.ini
C:\WINDOWS\system32\llkmp.ini2
C:\WINDOWS\system32\lmfbdaci.ini
C:\WINDOWS\system32\mdauaqyu.ini
C:\WINDOWS\system32\mywpdyuw.dll
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nGpxx18\nGpxx182328.exe
C:\WINDOWS\system32\nhymiwxb.dll
C:\WINDOWS\system32\oljwuseh.dll
C:\WINDOWS\system32\pbaohfna.dll
C:\WINDOWS\system32\pviiqfcd.dll
C:\WINDOWS\system32\pxwjmtuh.dll
C:\WINDOWS\system32\qmvlaykf.dll
C:\WINDOWS\system32\qpppo.ini
C:\WINDOWS\system32\qpppo.ini2
C:\WINDOWS\system32\skegdcuv.ini
C:\WINDOWS\system32\sknwjiao.dll
C:\WINDOWS\system32\syepytxk.dll
C:\WINDOWS\system32\tgaipupe.ini
C:\WINDOWS\system32\uiyrittd.dll
C:\WINDOWS\system32\zppwbmyx.dllbox
C:\WINDOWS\timessquare1.dat

----- BITS: Possible infected sites -----

hxxp://77.91.228.184
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-27 18:57 . 2008-02-27 18:50 128,625 --a--c--- C:\setup.isn
2008-02-27 18:57 . 2008-02-27 18:50 6,129 --a--c--- C:\0x0409.ini
2008-02-27 18:57 . 2008-02-27 18:50 2,059 --a--c--- C:\Setup.INI
2008-02-27 18:56 . 2008-02-27 18:56 <DIR> d----c--- C:\Program Files\InstallShield Installation Information
2008-02-27 18:56 . 2008-02-27 18:51 14,248,960 --a--c--- C:\veoh.msi
2008-02-27 18:51 . 2008-02-27 18:51 <DIR> d----c--- C:\Program Files\Veoh Networks
2008-02-23 14:03 . 2008-02-23 14:03 <DIR> d----c--- C:\Program Files\Trend Micro
2008-02-20 11:54 . 2008-02-28 13:09 <DIR> d----c--- C:\Program Files\AIM6
2008-02-20 10:33 . 2008-02-20 10:33 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-20 10:14 . 2002-01-05 07:37 344,064 --a--c--- C:\WINDOWS\system32\msvcr70.dll
2008-02-20 10:14 . 2002-01-05 06:18 84,992 --a--c--- C:\WINDOWS\system32\ATL70.DLL
2008-02-20 10:14 . 2001-10-11 11:26 65,536 --a--c--- C:\WINDOWS\system32\YCRWin32.dll
2008-02-08 20:31 . 2008-02-22 12:17 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-08 20:28 . 2008-02-08 20:28 <DIR> d----c--- C:\Program Files\Common Files\iS3
2008-02-08 20:28 . 2008-02-24 15:39 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-08 20:22 . 2008-02-08 20:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-08 13:22 . 2008-02-20 09:29 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-08 11:23 . 2008-02-08 11:23 <DIR> d----c--- C:\Documents and Settings\MERION\Application Data\SiteAdvisor
2008-02-07 23:11 . 2008-02-08 11:23 14,930 --a--c--- C:\WINDOWS\system32\Config.MPF
2008-02-07 09:16 . 2008-02-08 02:23 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 18:52 . 2008-02-06 18:52 <DIR> d----c--- C:\WINDOWS\system32\Sys
2008-02-06 12:09 . 2008-02-06 12:09 147,456 --a--c--- C:\WINDOWS\system32\vbzip10.dll
2008-02-06 12:06 . 2008-02-06 15:24 <DIR> d----c--- C:\Temp
2008-02-06 08:22 . 2008-02-08 11:50 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-06 08:16 . 2008-02-06 08:16 15,544 --a--c--- C:\WINDOWS\system32\drivers\sbhr.sys
2008-02-06 08:15 . 2008-02-06 08:15 <DIR> d----c--- C:\Documents and Settings\MERION\Application Data\Sunbelt Software
2008-02-06 00:21 . 2008-02-20 14:02 <DIR> d----c--- C:\Program Files\LimeWire
2008-02-05 22:41 . 2005-08-27 02:38 1,435,272 --a--c--- C:\WINDOWS\system32\Flash.ocx
2008-02-05 22:41 . 2003-11-19 14:59 512,688 --a--c--- C:\WINDOWS\system32\XceedCry.dll
2008-02-05 22:41 . 2004-05-11 10:56 423,784 --a--c--- C:\WINDOWS\system32\XceedBkp.dll
2008-02-05 22:41 . 2004-02-05 21:53 389,120 --a--c--- C:\WINDOWS\system32\ACTSKN43.OCX
2008-02-05 22:41 . 2004-01-09 11:54 188,416 --a--c--- C:\WINDOWS\system32\actsplash.ocx
2008-02-05 22:41 . 2004-03-09 00:00 131,856 --a--c--- C:\WINDOWS\system32\MSADODC.ocx
2008-02-05 22:41 . 2000-07-15 06:00 101,888 --a--c--- C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-05 22:41 . 2001-03-28 23:02 89,088 --a--c--- C:\WINDOWS\system32\ProgressBar4.ocx
2008-02-05 22:41 . 1999-01-26 19:36 11,012 --a--c--- C:\WINDOWS\system32\threadapi.tlb
2008-02-05 21:20 . 2008-02-05 21:20 <DIR> d----c--- C:\Documents and Settings\MERION\Application Data\MalwareBot
2008-02-04 15:06 . 2008-02-04 15:06 <DIR> d----c--- C:\Documents and Settings\MERION\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 21:09 --------- dc----w C:\Program Files\iTunes
2008-02-27 23:21 --------- dc----w C:\Program Files\Common Files\Adobe
2008-02-25 00:17 --------- dc----w C:\Program Files\Ahead
2008-02-24 23:10 --------- dc----w C:\Documents and Settings\MERION\Application Data\Yahoo!
2008-02-22 08:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-22 03:11 --------- dc----w C:\Program Files\Common Files\AOL
2008-02-20 20:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 20:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-20 18:32 --------- dc----w C:\Program Files\Yahoo!
2008-02-13 09:08 --------- dc----w C:\Documents and Settings\MERION\Application Data\Canon
2008-02-13 08:59 19,576 -c--a-w C:\Documents and Settings\MERION\Application Data\GDIPFONTCACHEV1.DAT
2008-02-08 19:28 --------- dc-h--w C:\Documents and Settings\MERION\Application Data\Move Networks
2008-02-07 05:21 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 03:30 --------- dc----w C:\Program Files\Symantec
2008-02-07 03:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-06 08:04 --------- dc----w C:\Documents and Settings\MERION\Application Data\Aim
2008-02-06 06:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-05 03:37 --------- dc----w C:\Program Files\QuickTime
2008-01-22 02:58 --------- dc----w C:\Program Files\AIM
2008-01-18 08:51 --------- dc----w C:\Program Files\DivX
2008-01-16 07:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-04 21:58 9,464 -c----w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 -c----w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 39,792 2007-10-11 03:51:55 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

-c--a-w 50,736 2006-11-07 15:29:02 C:\Program Files\AIM6\bak\aim6.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\AIM6\aim6.exe

-c--a-w 1,191,936 2006-03-22 01:30:00 C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

-c--a-w 267,064 2007-09-26 21:42:04 C:\Program Files\iTunes\bak\iTunesHelper.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\iTunes\iTunesHelper.exe

-c--a-w 132,496 2007-09-25 08:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

-c--a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Messenger\msmsgs.exe

-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\QuickTime\bak\qttask.exe
-c--a-w 14,860 2008-02-05 03:35:30 C:\Program Files\QuickTime\qttask.exe

-c--a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\bak\bak\qttask.exe
-c--a-w 14,860 2008-02-05 03:35:30 C:\Program Files\QuickTime\qttask.exe

-c--a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\bak\bak\qttask.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\QuickTime\bak\qttask.exe

-c--a-w 3,537,968 2008-02-23 05:42:34 C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

-c--a-w 129,536 2006-07-22 00:19:46 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Yahoo!\browser\ybrwicon.exe

-c--a-w 10 2008-02-12 06:00:57 C:\Program Files\Yahoo!\Messenger\bak\emptygrps.steph_flores510.ini
-c--a-w 10 2008-01-27 05:54:42 C:\Program Files\Yahoo!\Messenger\emptygrps.steph_flores510.ini

----a-w 4,662,776 2006-12-01 05:49:04 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

-c--a-w 3,442 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblemenu.xml

-c--a-w 752 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblerevoked.xml

-c--a-w 10,071 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\content-tabs.xml

-c--a-w 16,563 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\countries.xml

-c--a-w 892 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\default-plugins.xml

-c--a-w 2,793 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\filters.xml

-c--a-w 6,874 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\games.xml

-c--a-w 15,621 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\imvironments.xml

-c--a-w 859 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\logos.xml

-c--a-w 767 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\marketing.xml

-c--a-w 2,256 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\partner.xml

-c--a-w 1,406 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\revoked-plugins.xml

-c--a-w 1,396 2008-02-12 06:01:11 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ab.xml

-c--a-w 3,832 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.chatCategories.xml

-c--a-w 128 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.conversationhistory.xml

-c--a-w 0 2008-02-12 06:00:57 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ProfileMap.dat.tmp

-c--a-w 71 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.slotmgr.ini

-c--a-w 1,230 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\safeobjects.xml

-c--a-w 2,629 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\searchbar.xml

-c--a-w 16,726 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\searchcategories.xml

-c--a-w 4,701 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\sidepanel-plugins.xml

-c--a-w 5,814 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\sms.xml

-c--a-w 1,158 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\system.xml

-c--a-w 827 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\urls.xml

-c--a-w 3,173 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\userfeedback.xml

-c--a-w 854 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\10small_1.png

-c--a-w 407 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\11small_1.png

-c--a-w 3,410 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\1small_1.png

-c--a-w 857 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\2small_1.png

-c--a-w 684 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\9small_1.png

-c--a-w 16,122 2008-02-11 08:54:17 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.swf
-c--a-w 16,053 2007-08-31 00:17:44 C:\Program Files\Yahoo!\Messenger\sb.swf

-c--a-w 1,362 2008-02-11 08:54:17 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.xml
-c--a-w 1,362 2007-08-31 00:17:44 C:\Program Files\Yahoo!\Messenger\sb.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_0.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_1.xml

-c--a-w 440 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_11.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_4.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_5.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_6.xml

-c--a-w 5,289 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_7.xml

-c--a-w 171 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\bg_1.gif

-c--a-w 180 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ch_1.gif

-c--a-w 225 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ck_1.gif

-c--a-w 178 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\do_2.gif

-c--a-w 226 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\lt_1.gif

-c--a-w 1,358 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ph_3.gif

-c--a-w 367 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\pl_1.gif

-c--a-w 354 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ttb_1.gif

-c--a-w 198 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ww_2.gif

-c--a-w 4,726 2008-02-12 06:01:04 C:\Program Files\Yahoo!\Messenger\bak\logs\billing_MERION.log

-c--a-w 45,822 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\logs\client_MERION.log

-c--a-w 20,809 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\logs\GIPS.log

-c--a-w 20,221 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\logs\network_MERION.log

-c--a-w 4,856 2008-02-12 06:10:39 C:\Program Files\Yahoo!\Messenger\bak\logs\p2pce.log

-c--a-w 147,284 2008-02-12 06:10:39 C:\Program Files\Yahoo!\Messenger\bak\logs\voice.log

-c--a-w 492 2008-02-12 06:10:39 C:\Program Files\Yahoo!\Messenger\bak\logs\YSDP.log

-c--a-w 492 2008-02-12 06:10:39 C:\Program Files\Yahoo!\Messenger\bak\logs\YSIP.log

-c--a-w 133 2008-02-12 06:01:12 C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\Index.ini

-c--a-w 19,371 2008-02-12 06:01:12 C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\yptC0.png

----a-w 67,112 2006-08-01 21:35:36 E:\Program Files\AIM\bak\aim.exe
----a-w 14,348 2008-02-28 21:07:13 E:\Program Files\AIM\aim.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B85}]
C:\Program Files\Sotfone\1202165738.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7db9a213-6c0a-4456-8572-ad897f25405b}]
C:\WINDOWS\system32\wyonyyey.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C38DEBB7-8D19-48B6-96F8-D05F56F8A153}]
C:\WINDOWS\system32\pmkll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC6951DC-FE76-4ADA-BF1C-032443E9AD7B}]
C:\WINDOWS\system32\opppq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-28 13:07 14348]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-02-28 13:07 14348]
"AIM"="E:\Program Files\AIM\aim.exe" [2008-02-28 13:07 14348]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-02-28 13:07 14348]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-28 13:07 14348]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 00:33 1581056 C:\WINDOWS\mixer.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2008-02-28 13:07 14348]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-02-28 13:07 14348]
"QuickTime Task"="C:\Program Files\QuickTime\bak\qttask.exe" [2008-02-28 13:07 14348]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-28 13:07 14348]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2008-02-28 13:07 14348]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-28 13:07 14348]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-15 21:35:49 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"E:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\bak\\YahooMessenger.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 14:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 05:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 11:00:00 C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job"
- C:\Program Files\MalwareBot\MalwareBot.exe
- C:\Program Files\MalwareBot
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 17:06:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
.
**************************************************************************
.
Completion time: 2008-02-28 17:12:07 - machine was rebooted [MERION]
ComboFix-quarantined-files.txt 2008-02-29 01:12:04
.
2008-02-13 15:18:05 --- E O F ---

[Rorschach112]

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\wyonyyey.dll
C:\WINDOWS\system32\pmkll.dll
C:\WINDOWS\system32\opppq.dll

Folder::
C:\Documents and Settings\MERION\Application Data\MalwareBot
C:\Program Files\Sotfone

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Download FindAWF.exe from here or here, and save it to your desktop.

• Double-click on the FindAWF.exe file to run it.
• It will open a command prompt and ask you to "Press any key to continue".
• You will be presented with a Menu.
  

  1. Press 1 then Enter to scan for bak folders
  2. Press 2 then Enter to restore files from bak folders
  3. Press 3 then Enter to remove bak folders
  4. Press 4 then Enter to reset domain zones
  5. Press E then Enter to EXIT

• Press 1, then press Enter
• It may take a few minutes to complete so be patient.
• When it is complete, it will open a text file in notepad called AWF.txt.
• Please copy and paste the contents of the AWF.txt file in your next reply.

Also post a new HijackThis log

[St3phanii351o]

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Thu 02/28/2008
The current time is: 17:42:07.65


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

11/07/2006 07:29 AM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 01:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 08:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/28/2008 01:07 PM 14,348 qttask.exe
1 File(s) 14,348 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 05:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\VEOHNE~1\VEOH\BAK

02/22/2008 09:42 PM 3,537,968 VeohClient.exe
1 File(s) 3,537,968 bytes

Directory of C:\PROGRA~1\YAHOO!\BROWSER\BAK

07/21/2006 04:19 PM 129,536 ybrwicon.exe
1 File(s) 129,536 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

02/11/2008 10:00 PM 10 emptygrps.steph_flores510.ini
11/30/2006 09:49 PM 4,662,776 YahooMessenger.exe
2 File(s) 4,662,786 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of E:\PROGRA~1\AIM\BAK

08/01/2006 01:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 28 2008 "C:\Program Files\AIM6\aim6.exe"
50736 Nov 7 2006 "C:\Program Files\AIM6\bak\aim6.exe"
14348 Feb 28 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 29 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 26 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
256576 Oct 30 2006 "E:\Program Files\iTunes\iTunesHelper.exe"
102400 Dec 21 2006 "E:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "E:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
14348 Feb 28 2008 "C:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 3 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
1667584 Aug 3 2004 "E:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "E:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
14860 Feb 4 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Feb 28 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
282624 Oct 25 2006 "E:\Program Files\QuickTime\qttask.exe"
14860 Feb 4 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Feb 28 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
282624 Oct 25 2006 "E:\Program Files\QuickTime\qttask.exe"
14348 Feb 28 2008 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
14860 Feb 4 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Feb 28 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
282624 Oct 25 2006 "E:\Program Files\QuickTime\qttask.exe"
14348 Feb 28 2008 "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"
3537968 Feb 22 2008 "C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe"
14348 Feb 28 2008 "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
10 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\emptygrps.merion_flores510.ini"
10 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\emptygrps.steph_flores510.ini"
10 Dec 23 2006 "E:\Program Files\Yahoo!\Messenger\emptygrps.not_my_go0di3z51o.ini"
14348 Feb 28 2008 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
4621816 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
3442 Dec 25 2007 "C:\Program Files\Yahoo!\Messenger\cache\audiblemenu.xml"
3442 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblemenu.xml"
1675 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\audiblemenu.xml"
2203 Sep 28 2006 "E:\Program Files\Yahoo!\Messenger\cache\audiblemenu.xml"
752 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\audiblerevoked.xml"
752 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblerevoked.xml"
432 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\audiblerevoked.xml"
707 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\audiblerevoked.xml"
10071 Oct 11 2007 "C:\Program Files\Yahoo!\Messenger\cache\content-tabs.xml"
10071 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\content-tabs.xml"
9691 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\content-tabs.xml"
16471 Nov 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\countries.xml"
16563 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\countries.xml"
16275 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\countries.xml"
16386 Dec 1 2006 "E:\Program Files\Yahoo!\Messenger\cache\countries.xml"
892 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\default-plugins.xml"
892 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\default-plugins.xml"
892 Oct 17 2006 "E:\Program Files\Yahoo!\Messenger\cache\default-plugins.xml"
0 Dec 10 2006 "E:\Documents and Settings\stephanie\Local Settings\Temp\Temporary Internet Files\Content.IE5\A3MFAD0H\default_music2[1].xml"
7591 Jul 17 2004 "C:\Program Files\Movie Maker\shared\filters.xml"
2793 Jan 30 2007 "C:\Program Files\Yahoo!\Messenger\cache\filters.xml"
2793 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\filters.xml"
2949 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\filters.xml"
7591 Jul 17 2004 "E:\Program Files\Movie Maker\shared\filters.xml"
2461 Oct 27 2006 "E:\Program Files\Yahoo!\Messenger\cache\filters.xml"
6874 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\games.xml"
6874 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\games.xml"
6874 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\games.xml"
6874 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\games.xml"
15621 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\imvironments.xml"
15621 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\imvironments.xml"
6016 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\imvironments.xml"
5936 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\cache\imvironments.xml"
859 Jan 25 2008 "C:\Program Files\Yahoo!\Messenger\cache\logos.xml"
859 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\logos.xml"
566 May 9 2006 "E:\Program Files\Yahoo!\Messenger\cache\logos.xml"
795 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\marketing.xml"
767 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\marketing.xml"
833 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\cache\marketing.xml"
2256 Jan 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\partner.xml"
2256 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\partner.xml"
2256 Dec 1 2006 "E:\Program Files\Yahoo!\Messenger\cache\partner.xml"
1406 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\revoked-plugins.xml"
1406 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\revoked-plugins.xml"
1406 Oct 4 2006 "E:\Program Files\Yahoo!\Messenger\cache\revoked-plugins.xml"
379 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.slotmgr.ini"
71 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.slotmgr.ini"
0 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.ProfileMap.dat.tmp"
0 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ProfileMap.dat.tmp"
3832 May 3 2007 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.chatCategories.xml"
1396 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ab.xml"
41 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--\S6KP6dCkAbZHWGr2dU6rKQ--_CallLogData.xml"
1715 Jan 22 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.InstalledPlugins.xml"
3832 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.chatCategories.xml"
128 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.conversationhistory.xml"
1230 Jan 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\safeobjects.xml"
1230 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\safeobjects.xml"
1230 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\safeobjects.xml"
2629 Oct 5 2007 "C:\Program Files\Yahoo!\Messenger\cache\searchbar.xml"
2629 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\searchbar.xml"
225 Feb 26 2008 "C:\Documents and Settings\MERION\Application Data\Mozilla\Firefox\Profiles\1xxqk038.default\GoogleToolbarData\searchhistory.xml"
2582 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\searchbar.xml"
16726 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\searchcategories.xml"
16726 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\searchcategories.xml"
16728 Sep 5 2006 "E:\Program Files\Yahoo!\Messenger\cache\searchcategories.xml"
4701 Jun 28 2007 "C:\Program Files\Yahoo!\Messenger\cache\sidepanel-plugins.xml"
4701 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\sidepanel-plugins.xml"
5491 Dec 12 2006 "E:\Program Files\Yahoo!\Messenger\cache\sidepanel-plugins.xml"
5814 Nov 1 2007 "C:\Program Files\Yahoo!\Messenger\cache\sms.xml"
5814 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\sms.xml"
5554 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\sms.xml"
5519 Dec 6 2006 "E:\Program Files\Yahoo!\Messenger\cache\sms.xml"
1158 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\system.xml"
1158 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\system.xml"
790 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\system.xml"
874 Sep 26 2006 "E:\Program Files\Yahoo!\Messenger\cache\system.xml"
827 Jan 14 2008 "C:\Program Files\Yahoo!\Messenger\cache\urls.xml"
827 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\urls.xml"
467 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\urls.xml"
3173 Sep 18 2007 "C:\Program Files\Yahoo!\Messenger\cache\userfeedback.xml"
3173 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\userfeedback.xml"
3194 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\userfeedback.xml"
228602 Feb 27 2008 "C:\Program Files\Yahoo!\Messenger\logs\billing_MERION.log"
4726 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\billing_MERION.log"
174 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\billing_MERION.log"
20999 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\billing_stephanie.log"
4077891 Feb 27 2008 "C:\Program Files\Yahoo!\Messenger\logs\client_MERION.log"
45822 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\client_MERION.log"
166 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\client_MERION.log"
43390 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\client_stephanie.log"
1561405 Feb 22 2008 "C:\Program Files\Yahoo!\Messenger\logs\GIPS.log"
20809 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\GIPS.log"
5242585 Nov 17 2007 "C:\Program Files\Yahoo!\Messenger\logs\network_MERION_1.log"
20221 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\network_MERION.log"
166 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\network_MERION.log"
67265 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\network_stephanie.log"
36073 Feb 22 2008 "C:\Program Files\Yahoo!\Messenger\logs\p2pce.log"
4856 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\p2pce.log"
739 Feb 27 2008 "C:\Program Files\Yahoo!\Messenger\logs\voice.log"
147284 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\voice.log"
184 Feb 2 2008 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\logs\voice.log"
14128 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\logs\YSDP.log"
492 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\YSDP.log"
14130 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\logs\YSIP.log"
492 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\YSIP.log"
854 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\10small_1.png"
854 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\10small_1.png"
407 Jan 25 2008 "C:\Program Files\Yahoo!\Messenger\cache\branding\11small_1.png"
407 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\11small_1.png"
3410 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\1small_1.png"
3410 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\1small_1.png"
857 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\2small_1.png"
857 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\2small_1.png"
684 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\9small_1.png"
684 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\9small_1.png"
16053 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\sb.swf"
16122 Oct 5 2007 "C:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.swf"
16053 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\Media\misc\sb.swf"
16122 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.swf"
14352 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\sb.swf"
16524 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.swf"
14352 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\Media\misc\sb.swf"
1362 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\sb.xml"
1362 Jul 9 2007 "C:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.xml"
1362 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.xml"
243 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\sb.xml"
1317 Apr 15 2005 "E:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_6.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_6.xml"
5289 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_7.xml"
5289 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_7.xml"
440 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_11.xml"
440 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_11.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_0.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_0.xml"
3122 Sep 20 2005 "E:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_11.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_1.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_1.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_4.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_4.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_5.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_5.xml"
171 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\bg_1.gif"
171 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\bg_1.gif"
171 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\bg_1.gif"
171 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\bg_1.gif"
180 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ch_1.gif"
180 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ch_1.gif"
180 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ch_1.gif"
180 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ch_1.gif"
225 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ck_1.gif"
225 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ck_1.gif"
225 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ck_1.gif"
225 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ck_1.gif"
178 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\do_2.gif"
178 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\do_2.gif"
178 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\do_2.gif"
178 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\do_2.gif"
226 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\lt_1.gif"
226 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\lt_1.gif"
226 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\lt_1.gif"
226 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\lt_1.gif"
1358 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ph_3.gif"
1358 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ph_3.gif"
1358 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ph_3.gif"
1358 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ph_3.gif"
367 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\pl_1.gif"
367 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\pl_1.gif"
367 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\pl_1.gif"
367 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\pl_1.gif"
354 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ttb_1.gif"
354 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ttb_1.gif"
354 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ttb_1.gif"
354 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ttb_1.gif"
198 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ww_2.gif"
198 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ww_2.gif"
198 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ww_2.gif"
198 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ww_2.gif"
31 Jul 7 2007 "C:\Program Files\Yahoo!\Messenger\Profiles\neyo510\My Icons\Index.ini"
4914 Jun 25 2007 "C:\Program Files\Yahoo!\Messenger\Profiles\not_my_go0di3z51o\My Icons\Index.ini"
2493 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\Profiles\steph_flores510\My Icons\Index.ini"
133 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\Index.ini"
1219 Jun 28 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\d1z0n3ky00t13p1n41\My Icons\Index.ini"
31 Mar 13 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\merion_flores510\My Icons\Index.ini"
31 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\Profiles\[email protected]\My Icons\Index.ini"
6922 Dec 22 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\not_my_go0di3z51o\My Icons\Index.ini"
31 Sep 19 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\stephanie_flores510\My Icons\Index.ini"
19371 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\yptC0.png"
14348 Feb 28 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
14348 Feb 28 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
36975 Apr 13 2005 "E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
36972 Sep 20 2005 "E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
36975 Nov 10 2005 "E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
14348 Feb 28 2008 "E:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "E:\Program Files\AIM\bak\aim.exe"


end of report

[Rorschach112]

Can you post the ComboFix log

Then do this

• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  "C:\PROGRA~1\AIM6\BAK\aim6.exe"
  "C:\PROGRA~1\ITUNES\BAK\iTunesHelper.exe"
  "C:\PROGRA~1\MESSEN~1\BAK\msmsgs.exe"
  "C:\PROGRA~1\QUICKT~1\BAK\qttask.exe"
  "C:\PROGRA~1\CANON\MYPRIN~1\BAK\BJMyPrt.exe"
  "C:\PROGRA~1\QUICKT~1\BAK\BAK\qttask.exe"
  "C:\PROGRA~1\VEOHNE~1\VEOH\BAK\VeohClient.exe"
  "C:\PROGRA~1\YAHOO!\BROWSER\BAK\ybrwicon.exe"
  "C:\PROGRA~1\YAHOO!\MESSEN~1\BAK\emptygrps.steph_flores510.ini"
  "C:\PROGRA~1\YAHOO!\MESSEN~1\BAK\YahooMessenger.exe"
  "C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK\Reader_sl.exe"
  "C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK\jusched.exe"
  "E:\PROGRA~1\AIM\BAK\aim.exe"
  
  
  
• Double-click on the FindAWF.exe file to run it.
• It will open a command prompt and ask you to "Press any key to continue".
• You will be presented with a Menu.
  

  1. Press 1 then Enter to scan for bak folders
  2. Press 2 then Enter to restore files from bak folders
  3. Press 3 then Enter to remove bak folders
  4. Press 4 then Enter to reset domain zones
  5. Press E then Enter to EXIT

• Press 2, then press Enter.
• Press any key to continue.
• A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
• Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
• The program will proceed to move the legit files and will perform another scan for .bak folder
• It may take a few minutes to complete so be patient.
• When it is complete, it will open a text file in notepad called AWF.txt.
• Please copy and paste the contents of the AWF.txt file in your next reply.

[St3phanii351o]

ComboFix 08-02-25.3 - MERION 2008-02-28 16:56:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.249 [GMT -8:00]
Running from: C:\Documents and Settings\MERION\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\b122.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\system32\aajqetgg.dll
C:\WINDOWS\system32\anfhoabp.ini
C:\WINDOWS\system32\bjjgbilg.dll
C:\WINDOWS\system32\ggteqjaa.ini
C:\WINDOWS\system32\hblxeckn.ini
C:\WINDOWS\system32\icadbfml.dll
C:\WINDOWS\system32\kgkitkef.dll
C:\WINDOWS\system32\khfdbcb.dll
C:\WINDOWS\system32\lacwxddq.dll
C:\WINDOWS\system32\lklicwjq.dll
C:\WINDOWS\system32\llkmp.ini
C:\WINDOWS\system32\llkmp.ini2
C:\WINDOWS\system32\lmfbdaci.ini
C:\WINDOWS\system32\mdauaqyu.ini
C:\WINDOWS\system32\mywpdyuw.dll
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nGpxx18\nGpxx182328.exe
C:\WINDOWS\system32\nhymiwxb.dll
C:\WINDOWS\system32\oljwuseh.dll
C:\WINDOWS\system32\pbaohfna.dll
C:\WINDOWS\system32\pviiqfcd.dll
C:\WINDOWS\system32\pxwjmtuh.dll
C:\WINDOWS\system32\qmvlaykf.dll
C:\WINDOWS\system32\qpppo.ini
C:\WINDOWS\system32\qpppo.ini2
C:\WINDOWS\system32\skegdcuv.ini
C:\WINDOWS\system32\sknwjiao.dll
C:\WINDOWS\system32\syepytxk.dll
C:\WINDOWS\system32\tgaipupe.ini
C:\WINDOWS\system32\uiyrittd.dll
C:\WINDOWS\system32\zppwbmyx.dllbox
C:\WINDOWS\timessquare1.dat

----- BITS: Possible infected sites -----

hxxp://77.91.228.184
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-27 18:57 . 2008-02-27 18:50 128,625 --a--c--- C:\setup.isn
2008-02-27 18:57 . 2008-02-27 18:50 6,129 --a--c--- C:\0x0409.ini
2008-02-27 18:57 . 2008-02-27 18:50 2,059 --a--c--- C:\Setup.INI
2008-02-27 18:56 . 2008-02-27 18:56 <DIR> d----c--- C:\Program Files\InstallShield Installation Information
2008-02-27 18:56 . 2008-02-27 18:51 14,248,960 --a--c--- C:\veoh.msi
2008-02-27 18:51 . 2008-02-27 18:51 <DIR> d----c--- C:\Program Files\Veoh Networks
2008-02-23 14:03 . 2008-02-23 14:03 <DIR> d----c--- C:\Program Files\Trend Micro
2008-02-20 11:54 . 2008-02-28 13:09 <DIR> d----c--- C:\Program Files\AIM6
2008-02-20 10:33 . 2008-02-20 10:33 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-20 10:14 . 2002-01-05 07:37 344,064 --a--c--- C:\WINDOWS\system32\msvcr70.dll
2008-02-20 10:14 . 2002-01-05 06:18 84,992 --a--c--- C:\WINDOWS\system32\ATL70.DLL
2008-02-20 10:14 . 2001-10-11 11:26 65,536 --a--c--- C:\WINDOWS\system32\YCRWin32.dll
2008-02-08 20:31 . 2008-02-22 12:17 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-08 20:28 . 2008-02-08 20:28 <DIR> d----c--- C:\Program Files\Common Files\iS3
2008-02-08 20:28 . 2008-02-24 15:39 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-08 20:22 . 2008-02-08 20:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-08 13:22 . 2008-02-20 09:29 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-08 11:23 . 2008-02-08 11:23 <DIR> d----c--- C:\Documents and Settings\MERION\Application Data\SiteAdvisor
2008-02-07 23:11 . 2008-02-08 11:23 14,930 --a--c--- C:\WINDOWS\system32\Config.MPF
2008-02-07 09:16 . 2008-02-08 02:23 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 18:52 . 2008-02-06 18:52 <DIR> d----c--- C:\WINDOWS\system32\Sys
2008-02-06 12:09 . 2008-02-06 12:09 147,456 --a--c--- C:\WINDOWS\system32\vbzip10.dll
2008-02-06 12:06 . 2008-02-06 15:24 <DIR> d----c--- C:\Temp
2008-02-06 08:22 . 2008-02-08 11:50 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-06 08:16 . 2008-02-06 08:16 15,544 --a--c--- C:\WINDOWS\system32\drivers\sbhr.sys
2008-02-06 08:15 . 2008-02-06 08:15 <DIR> d----c--- C:\Documents and Settings\MERION\Application Data\Sunbelt Software
2008-02-06 00:21 . 2008-02-20 14:02 <DIR> d----c--- C:\Program Files\LimeWire
2008-02-05 22:41 . 2005-08-27 02:38 1,435,272 --a--c--- C:\WINDOWS\system32\Flash.ocx
2008-02-05 22:41 . 2003-11-19 14:59 512,688 --a--c--- C:\WINDOWS\system32\XceedCry.dll
2008-02-05 22:41 . 2004-05-11 10:56 423,784 --a--c--- C:\WINDOWS\system32\XceedBkp.dll
2008-02-05 22:41 . 2004-02-05 21:53 389,120 --a--c--- C:\WINDOWS\system32\ACTSKN43.OCX
2008-02-05 22:41 . 2004-01-09 11:54 188,416 --a--c--- C:\WINDOWS\system32\actsplash.ocx
2008-02-05 22:41 . 2004-03-09 00:00 131,856 --a--c--- C:\WINDOWS\system32\MSADODC.ocx
2008-02-05 22:41 . 2000-07-15 06:00 101,888 --a--c--- C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-05 22:41 . 2001-03-28 23:02 89,088 --a--c--- C:\WINDOWS\system32\ProgressBar4.ocx
2008-02-05 22:41 . 1999-01-26 19:36 11,012 --a--c--- C:\WINDOWS\system32\threadapi.tlb
2008-02-05 21:20 . 2008-02-05 21:20 <DIR> d----c--- C:\Documents and Settings\MERION\Application Data\MalwareBot
2008-02-04 15:06 . 2008-02-04 15:06 <DIR> d----c--- C:\Documents and Settings\MERION\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 21:09 --------- dc----w C:\Program Files\iTunes
2008-02-27 23:21 --------- dc----w C:\Program Files\Common Files\Adobe
2008-02-25 00:17 --------- dc----w C:\Program Files\Ahead
2008-02-24 23:10 --------- dc----w C:\Documents and Settings\MERION\Application Data\Yahoo!
2008-02-22 08:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-22 03:11 --------- dc----w C:\Program Files\Common Files\AOL
2008-02-20 20:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 20:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-20 18:32 --------- dc----w C:\Program Files\Yahoo!
2008-02-13 09:08 --------- dc----w C:\Documents and Settings\MERION\Application Data\Canon
2008-02-13 08:59 19,576 -c--a-w C:\Documents and Settings\MERION\Application Data\GDIPFONTCACHEV1.DAT
2008-02-08 19:28 --------- dc-h--w C:\Documents and Settings\MERION\Application Data\Move Networks
2008-02-07 05:21 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 03:30 --------- dc----w C:\Program Files\Symantec
2008-02-07 03:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-06 08:04 --------- dc----w C:\Documents and Settings\MERION\Application Data\Aim
2008-02-06 06:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-05 03:37 --------- dc----w C:\Program Files\QuickTime
2008-01-22 02:58 --------- dc----w C:\Program Files\AIM
2008-01-18 08:51 --------- dc----w C:\Program Files\DivX
2008-01-16 07:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-04 21:58 9,464 -c----w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 -c----w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 39,792 2007-10-11 03:51:55 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

-c--a-w 50,736 2006-11-07 15:29:02 C:\Program Files\AIM6\bak\aim6.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\AIM6\aim6.exe

-c--a-w 1,191,936 2006-03-22 01:30:00 C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

-c--a-w 267,064 2007-09-26 21:42:04 C:\Program Files\iTunes\bak\iTunesHelper.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\iTunes\iTunesHelper.exe

-c--a-w 132,496 2007-09-25 08:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

-c--a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Messenger\msmsgs.exe

-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\QuickTime\bak\qttask.exe
-c--a-w 14,860 2008-02-05 03:35:30 C:\Program Files\QuickTime\qttask.exe

-c--a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\bak\bak\qttask.exe
-c--a-w 14,860 2008-02-05 03:35:30 C:\Program Files\QuickTime\qttask.exe

-c--a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\bak\bak\qttask.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\QuickTime\bak\qttask.exe

-c--a-w 3,537,968 2008-02-23 05:42:34 C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

-c--a-w 129,536 2006-07-22 00:19:46 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Yahoo!\browser\ybrwicon.exe

-c--a-w 10 2008-02-12 06:00:57 C:\Program Files\Yahoo!\Messenger\bak\emptygrps.steph_flores510.ini
-c--a-w 10 2008-01-27 05:54:42 C:\Program Files\Yahoo!\Messenger\emptygrps.steph_flores510.ini

----a-w 4,662,776 2006-12-01 05:49:04 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
-c--a-w 14,348 2008-02-28 21:07:13 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

-c--a-w 3,442 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblemenu.xml

-c--a-w 752 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblerevoked.xml

-c--a-w 10,071 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\content-tabs.xml

-c--a-w 16,563 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\countries.xml

-c--a-w 892 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\default-plugins.xml

-c--a-w 2,793 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\filters.xml

-c--a-w 6,874 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\games.xml

-c--a-w 15,621 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\imvironments.xml

-c--a-w 859 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\logos.xml

-c--a-w 767 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\marketing.xml

-c--a-w 2,256 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\partner.xml

-c--a-w 1,406 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\revoked-plugins.xml

-c--a-w 1,396 2008-02-12 06:01:11 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ab.xml

-c--a-w 3,832 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.chatCategories.xml

-c--a-w 128 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.conversationhistory.xml

-c--a-w 0 2008-02-12 06:00:57 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ProfileMap.dat.tmp

-c--a-w 71 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.slotmgr.ini

-c--a-w 1,230 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\safeobjects.xml

-c--a-w 2,629 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\searchbar.xml

-c--a-w 16,726 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\searchcategories.xml

-c--a-w 4,701 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\sidepanel-plugins.xml

-c--a-w 5,814 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\sms.xml

-c--a-w 1,158 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\system.xml

-c--a-w 827 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\urls.xml

-c--a-w 3,173 2008-02-11 08:54:16 C:\Program Files\Yahoo!\Messenger\bak\Cache\userfeedback.xml

-c--a-w 854 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\10small_1.png

-c--a-w 407 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\11small_1.png

-c--a-w 3,410 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\1small_1.png

-c--a-w 857 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\2small_1.png

-c--a-w 684 2008-02-11 08:54:19 C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\9small_1.png

-c--a-w 16,122 2008-02-11 08:54:17 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.swf
-c--a-w 16,053 2007-08-31 00:17:44 C:\Program Files\Yahoo!\Messenger\sb.swf

-c--a-w 1,362 2008-02-11 08:54:17 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.xml
-c--a-w 1,362 2007-08-31 00:17:44 C:\Program Files\Yahoo!\Messenger\sb.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_0.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_1.xml

-c--a-w 440 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_11.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_4.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_5.xml

-c--a-w 439 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_6.xml

-c--a-w 5,289 2008-02-11 08:54:20 C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_7.xml

-c--a-w 171 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\bg_1.gif

-c--a-w 180 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ch_1.gif

-c--a-w 225 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ck_1.gif

-c--a-w 178 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\do_2.gif

-c--a-w 226 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\lt_1.gif

-c--a-w 1,358 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ph_3.gif

-c--a-w 367 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\pl_1.gif

-c--a-w 354 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ttb_1.gif

-c--a-w 198 2008-02-11 08:54:18 C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ww_2.gif

-c--a-w 4,726 2008-02-12 06:01:04 C:\Program Files\Yahoo!\Messenger\bak\logs\billing_MERION.log

-c--a-w 45,822 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\logs\client_MERION.log

-c--a-w 20,809 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\logs\GIPS.log

-c--a-w 20,221 2008-02-12 06:10:40 C:\Program Files\Yahoo!\Messenger\bak\logs\network_MERION.log

-c--a-w 4,856 2008-02-12 06:10:39 C:\Program Files\Yahoo!\Messenger\bak\logs\p2pce.log

-c--a-w 147,284 2008-02-12 06:10:39 C:\Program Files\Yahoo!\Messenger\bak\logs\voice.log

-c--a-w 492 2008-02-12 06:10:39 C:\Program Files\Yahoo!\Messenger\bak\logs\YSDP.log

-c--a-w 492 2008-02-12 06:10:39 C:\Program Files\Yahoo!\Messenger\bak\logs\YSIP.log

-c--a-w 133 2008-02-12 06:01:12 C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\Index.ini

-c--a-w 19,371 2008-02-12 06:01:12 C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\yptC0.png

----a-w 67,112 2006-08-01 21:35:36 E:\Program Files\AIM\bak\aim.exe
----a-w 14,348 2008-02-28 21:07:13 E:\Program Files\AIM\aim.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B85}]
C:\Program Files\Sotfone\1202165738.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7db9a213-6c0a-4456-8572-ad897f25405b}]
C:\WINDOWS\system32\wyonyyey.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C38DEBB7-8D19-48B6-96F8-D05F56F8A153}]
C:\WINDOWS\system32\pmkll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC6951DC-FE76-4ADA-BF1C-032443E9AD7B}]
C:\WINDOWS\system32\opppq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-28 13:07 14348]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-02-28 13:07 14348]
"AIM"="E:\Program Files\AIM\aim.exe" [2008-02-28 13:07 14348]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-02-28 13:07 14348]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-28 13:07 14348]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 00:33 1581056 C:\WINDOWS\mixer.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2008-02-28 13:07 14348]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-02-28 13:07 14348]
"QuickTime Task"="C:\Program Files\QuickTime\bak\qttask.exe" [2008-02-28 13:07 14348]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-28 13:07 14348]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2008-02-28 13:07 14348]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-28 13:07 14348]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-15 21:35:49 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"E:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\bak\\YahooMessenger.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 14:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 05:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 11:00:00 C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job"
- C:\Program Files\MalwareBot\MalwareBot.exe
- C:\Program Files\MalwareBot
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 17:06:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
.
**************************************************************************
.
Completion time: 2008-02-28 17:12:07 - machine was rebooted [MERION]
ComboFix-quarantined-files.txt 2008-02-29 01:12:04
.
2008-02-13 15:18:05 --- E O F ---

[St3phanii351o]

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Thu 02/28/2008
The current time is: 17:59:59.46


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

11/07/2006 07:29 AM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 01:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 08:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 05:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\VEOHNE~1\VEOH\BAK

02/22/2008 09:42 PM 3,537,968 VeohClient.exe
1 File(s) 3,537,968 bytes

Directory of C:\PROGRA~1\YAHOO!\BROWSER\BAK

07/21/2006 04:19 PM 129,536 ybrwicon.exe
1 File(s) 129,536 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

02/11/2008 10:00 PM 10 emptygrps.steph_flores510.ini
11/30/2006 09:49 PM 4,662,776 YahooMessenger.exe
2 File(s) 4,662,786 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of E:\PROGRA~1\AIM\BAK

08/01/2006 01:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50736 Nov 7 2006 "C:\Program Files\AIM6\aim6.exe"
50736 Nov 7 2006 "C:\Program Files\AIM6\bak\aim6.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 29 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 26 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
256576 Oct 30 2006 "E:\Program Files\iTunes\iTunesHelper.exe"
102400 Dec 21 2006 "E:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "E:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 3 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
1667584 Aug 3 2004 "E:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "E:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
14348 Feb 28 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
282624 Oct 25 2006 "E:\Program Files\QuickTime\qttask.exe"
14348 Feb 28 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
282624 Oct 25 2006 "E:\Program Files\QuickTime\qttask.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
14348 Feb 28 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
282624 Oct 25 2006 "E:\Program Files\QuickTime\qttask.exe"
3537968 Feb 22 2008 "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"
3537968 Feb 22 2008 "C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
10 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\emptygrps.merion_flores510.ini"
10 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\emptygrps.steph_flores510.ini"
10 Dec 23 2006 "E:\Program Files\Yahoo!\Messenger\emptygrps.not_my_go0di3z51o.ini"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
4621816 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
3442 Dec 25 2007 "C:\Program Files\Yahoo!\Messenger\cache\audiblemenu.xml"
3442 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblemenu.xml"
1675 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\audiblemenu.xml"
2203 Sep 28 2006 "E:\Program Files\Yahoo!\Messenger\cache\audiblemenu.xml"
752 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\audiblerevoked.xml"
752 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblerevoked.xml"
432 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\audiblerevoked.xml"
707 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\audiblerevoked.xml"
10071 Oct 11 2007 "C:\Program Files\Yahoo!\Messenger\cache\content-tabs.xml"
10071 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\content-tabs.xml"
9691 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\content-tabs.xml"
16471 Nov 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\countries.xml"
16563 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\countries.xml"
16275 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\countries.xml"
16386 Dec 1 2006 "E:\Program Files\Yahoo!\Messenger\cache\countries.xml"
892 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\default-plugins.xml"
892 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\default-plugins.xml"
892 Oct 17 2006 "E:\Program Files\Yahoo!\Messenger\cache\default-plugins.xml"
0 Dec 10 2006 "E:\Documents and Settings\stephanie\Local Settings\Temp\Temporary Internet Files\Content.IE5\A3MFAD0H\default_music2[1].xml"
7591 Jul 17 2004 "C:\Program Files\Movie Maker\shared\filters.xml"
2793 Jan 30 2007 "C:\Program Files\Yahoo!\Messenger\cache\filters.xml"
2793 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\filters.xml"
2949 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\filters.xml"
7591 Jul 17 2004 "E:\Program Files\Movie Maker\shared\filters.xml"
2461 Oct 27 2006 "E:\Program Files\Yahoo!\Messenger\cache\filters.xml"
6874 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\games.xml"
6874 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\games.xml"
6874 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\games.xml"
6874 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\games.xml"
15621 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\imvironments.xml"
15621 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\imvironments.xml"
6016 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\imvironments.xml"
5936 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\cache\imvironments.xml"
859 Jan 25 2008 "C:\Program Files\Yahoo!\Messenger\cache\logos.xml"
859 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\logos.xml"
566 May 9 2006 "E:\Program Files\Yahoo!\Messenger\cache\logos.xml"
795 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\marketing.xml"
767 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\marketing.xml"
833 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\cache\marketing.xml"
2256 Jan 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\partner.xml"
2256 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\partner.xml"
2256 Dec 1 2006 "E:\Program Files\Yahoo!\Messenger\cache\partner.xml"
1406 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\revoked-plugins.xml"
1406 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\revoked-plugins.xml"
1406 Oct 4 2006 "E:\Program Files\Yahoo!\Messenger\cache\revoked-plugins.xml"
379 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.slotmgr.ini"
71 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.slotmgr.ini"
0 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.ProfileMap.dat.tmp"
0 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ProfileMap.dat.tmp"
3832 May 3 2007 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.chatCategories.xml"
1396 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ab.xml"
41 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--\S6KP6dCkAbZHWGr2dU6rKQ--_CallLogData.xml"
1715 Jan 22 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.InstalledPlugins.xml"
3832 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.chatCategories.xml"
128 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.conversationhistory.xml"
1230 Jan 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\safeobjects.xml"
1230 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\safeobjects.xml"
1230 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\safeobjects.xml"
2629 Oct 5 2007 "C:\Program Files\Yahoo!\Messenger\cache\searchbar.xml"
2629 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\searchbar.xml"
225 Feb 26 2008 "C:\Documents and Settings\MERION\Application Data\Mozilla\Firefox\Profiles\1xxqk038.default\GoogleToolbarData\searchhistory.xml"
2582 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\searchbar.xml"
16726 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\searchcategories.xml"
16726 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\searchcategories.xml"
16728 Sep 5 2006 "E:\Program Files\Yahoo!\Messenger\cache\searchcategories.xml"
4701 Jun 28 2007 "C:\Program Files\Yahoo!\Messenger\cache\sidepanel-plugins.xml"
4701 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\sidepanel-plugins.xml"
5491 Dec 12 2006 "E:\Program Files\Yahoo!\Messenger\cache\sidepanel-plugins.xml"
5814 Nov 1 2007 "C:\Program Files\Yahoo!\Messenger\cache\sms.xml"
5814 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\sms.xml"
5554 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\sms.xml"
5519 Dec 6 2006 "E:\Program Files\Yahoo!\Messenger\cache\sms.xml"
1158 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\system.xml"
1158 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\system.xml"
790 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\system.xml"
874 Sep 26 2006 "E:\Program Files\Yahoo!\Messenger\cache\system.xml"
827 Jan 14 2008 "C:\Program Files\Yahoo!\Messenger\cache\urls.xml"
827 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\urls.xml"
467 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\urls.xml"
3173 Sep 18 2007 "C:\Program Files\Yahoo!\Messenger\cache\userfeedback.xml"
3173 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\userfeedback.xml"
3194 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\userfeedback.xml"
228602 Feb 27 2008 "C:\Program Files\Yahoo!\Messenger\logs\billing_MERION.log"
4726 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\billing_MERION.log"
174 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\billing_MERION.log"
20999 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\billing_stephanie.log"
4077891 Feb 27 2008 "C:\Program Files\Yahoo!\Messenger\logs\client_MERION.log"
45822 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\client_MERION.log"
166 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\client_MERION.log"
43390 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\client_stephanie.log"
1561405 Feb 22 2008 "C:\Program Files\Yahoo!\Messenger\logs\GIPS.log"
20809 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\GIPS.log"
5242585 Nov 17 2007 "C:\Program Files\Yahoo!\Messenger\logs\network_MERION_1.log"
20221 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\network_MERION.log"
166 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\network_MERION.log"
67265 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\network_stephanie.log"
36073 Feb 22 2008 "C:\Program Files\Yahoo!\Messenger\logs\p2pce.log"
4856 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\p2pce.log"
739 Feb 27 2008 "C:\Program Files\Yahoo!\Messenger\logs\voice.log"
147284 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\voice.log"
184 Feb 2 2008 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\logs\voice.log"
14128 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\logs\YSDP.log"
492 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\YSDP.log"
14130 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\logs\YSIP.log"
492 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\YSIP.log"
854 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\10small_1.png"
854 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\10small_1.png"
407 Jan 25 2008 "C:\Program Files\Yahoo!\Messenger\cache\branding\11small_1.png"
407 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\11small_1.png"
3410 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\1small_1.png"
3410 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\1small_1.png"
857 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\2small_1.png"
857 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\2small_1.png"
684 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\9small_1.png"
684 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\9small_1.png"
16053 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\sb.swf"
16122 Oct 5 2007 "C:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.swf"
16053 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\Media\misc\sb.swf"
16122 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.swf"
14352 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\sb.swf"
16524 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.swf"
14352 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\Media\misc\sb.swf"
1362 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\sb.xml"
1362 Jul 9 2007 "C:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.xml"
1362 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.xml"
243 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\sb.xml"
1317 Apr 15 2005 "E:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_6.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_6.xml"
5289 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_7.xml"
5289 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_7.xml"
440 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_11.xml"
440 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_11.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_0.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_0.xml"
3122 Sep 20 2005 "E:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_11.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_1.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_1.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_4.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_4.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_5.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_5.xml"
171 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\bg_1.gif"
171 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\bg_1.gif"
171 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\bg_1.gif"
171 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\bg_1.gif"
180 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ch_1.gif"
180 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ch_1.gif"
180 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ch_1.gif"
180 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ch_1.gif"
225 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ck_1.gif"
225 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ck_1.gif"
225 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ck_1.gif"
225 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ck_1.gif"
178 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\do_2.gif"
178 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\do_2.gif"
178 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\do_2.gif"
178 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\do_2.gif"
226 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\lt_1.gif"
226 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\lt_1.gif"
226 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\lt_1.gif"
226 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\lt_1.gif"
1358 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ph_3.gif"
1358 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ph_3.gif"
1358 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ph_3.gif"
1358 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ph_3.gif"
367 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\pl_1.gif"
367 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\pl_1.gif"
367 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\pl_1.gif"
367 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\pl_1.gif"
354 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ttb_1.gif"
354 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ttb_1.gif"
354 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ttb_1.gif"
354 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ttb_1.gif"
198 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ww_2.gif"
198 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ww_2.gif"
198 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ww_2.gif"
198 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ww_2.gif"
31 Jul 7 2007 "C:\Program Files\Yahoo!\Messenger\Profiles\neyo510\My Icons\Index.ini"
4914 Jun 25 2007 "C:\Program Files\Yahoo!\Messenger\Profiles\not_my_go0di3z51o\My Icons\Index.ini"
2493 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\Profiles\steph_flores510\My Icons\Index.ini"
133 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\Index.ini"
1219 Jun 28 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\d1z0n3ky00t13p1n41\My Icons\Index.ini"
31 Mar 13 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\merion_flores510\My Icons\Index.ini"
31 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\Profiles\[email protected]\My Icons\Index.ini"
6922 Dec 22 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\not_my_go0di3z51o\My Icons\Index.ini"
31 Sep 19 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\stephanie_flores510\My Icons\Index.ini"
19371 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\yptC0.png"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
36975 Apr 13 2005 "E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
36972 Sep 20 2005 "E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
36975 Nov 10 2005 "E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
67112 Aug 1 2006 "E:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "E:\Program Files\AIM\bak\aim.exe"


end of report

[Rorschach112]

Hello

• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\Program Files\AIM6\bak
  C:\Program Files\iTunes\bak
  C:\Program Files\Messenger\bak
  C:\Program Files\QuickTime\bak
  C:\Program Files\Canon\MyPrinter\bak
  C:\Program Files\Veoh Networks\Veoh\bak
  C:\Program Files\Yahoo!\browser\bak
  C:\Program Files\Yahoo!\Messenger\bak
  C:\Program Files\Adobe\Reader 8.0\Reader\bak
  C:\Program Files\Java\jre1.6.0_03\bin\bak
  E:\Program Files\AIM\bak
  
  
  
• Double-click on the FindAWF.exe file to run it.
• It will open a command prompt and ask you to "Press any key to continue".
• You will be presented with a Menu.
  

  1. Press 1 then Enter to scan for bak folders
  2. Press 2 then Enter to restore files from bak folders
  3. Press 3 then Enter to remove bak folders
  4. Press 4 then Enter to reset domain zones
  5. Press E then Enter to EXIT

• Press 3, then press Enter.
• Press any key to continue.
• A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
• Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
• The program will proceed to remove the bad folders and will perform another scan for .bak folder
• It may take a few minutes to complete so be patient.
• When it is complete, it will open a text file in notepad called AWF.txt.
• Please copy and paste the contents of the AWF.txt file in your next reply.

[St3phanii351o]

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Fri 02/29/2008
The current time is: 14:00:36.32


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\QUICKT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 28 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
282624 Oct 25 2006 "E:\Program Files\QuickTime\qttask.exe"
14348 Feb 28 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
282624 Oct 25 2006 "E:\Program Files\QuickTime\qttask.exe"
3442 Dec 25 2007 "C:\Program Files\Yahoo!\Messenger\cache\audiblemenu.xml"
3442 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblemenu.xml"
1675 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\audiblemenu.xml"
2203 Sep 28 2006 "E:\Program Files\Yahoo!\Messenger\cache\audiblemenu.xml"
752 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\audiblerevoked.xml"
752 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\audiblerevoked.xml"
432 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\audiblerevoked.xml"
707 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\audiblerevoked.xml"
10071 Oct 11 2007 "C:\Program Files\Yahoo!\Messenger\cache\content-tabs.xml"
10071 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\content-tabs.xml"
9691 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\content-tabs.xml"
16471 Nov 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\countries.xml"
16563 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\countries.xml"
16275 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\countries.xml"
16386 Dec 1 2006 "E:\Program Files\Yahoo!\Messenger\cache\countries.xml"
892 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\default-plugins.xml"
892 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\default-plugins.xml"
892 Oct 17 2006 "E:\Program Files\Yahoo!\Messenger\cache\default-plugins.xml"
0 Dec 10 2006 "E:\Documents and Settings\stephanie\Local Settings\Temp\Temporary Internet Files\Content.IE5\A3MFAD0H\default_music2[1].xml"
7591 Jul 17 2004 "C:\Program Files\Movie Maker\shared\filters.xml"
2793 Jan 30 2007 "C:\Program Files\Yahoo!\Messenger\cache\filters.xml"
2793 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\filters.xml"
2949 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\filters.xml"
7591 Jul 17 2004 "E:\Program Files\Movie Maker\shared\filters.xml"
2461 Oct 27 2006 "E:\Program Files\Yahoo!\Messenger\cache\filters.xml"
6874 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\games.xml"
6874 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\games.xml"
6874 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\games.xml"
6874 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\games.xml"
15621 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\imvironments.xml"
15621 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\imvironments.xml"
6016 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\imvironments.xml"
5936 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\cache\imvironments.xml"
859 Jan 25 2008 "C:\Program Files\Yahoo!\Messenger\cache\logos.xml"
859 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\logos.xml"
566 May 9 2006 "E:\Program Files\Yahoo!\Messenger\cache\logos.xml"
795 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\marketing.xml"
767 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\marketing.xml"
833 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\cache\marketing.xml"
2256 Jan 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\partner.xml"
2256 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\partner.xml"
2256 Dec 1 2006 "E:\Program Files\Yahoo!\Messenger\cache\partner.xml"
1406 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\revoked-plugins.xml"
1406 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\revoked-plugins.xml"
1406 Oct 4 2006 "E:\Program Files\Yahoo!\Messenger\cache\revoked-plugins.xml"
379 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.slotmgr.ini"
71 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.slotmgr.ini"
0 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.ProfileMap.dat.tmp"
0 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ProfileMap.dat.tmp"
3832 May 3 2007 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.chatCategories.xml"
1396 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.ab.xml"
41 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--\S6KP6dCkAbZHWGr2dU6rKQ--_CallLogData.xml"
1715 Jan 22 2008 "C:\Program Files\Yahoo!\Messenger\cache\S6KP6dCkAbZHWGr2dU6rKQ--.InstalledPlugins.xml"
3832 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.chatCategories.xml"
128 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\S6KP6dCkAbZHWGr2dU6rKQ--.conversationhistory.xml"
1230 Jan 13 2007 "C:\Program Files\Yahoo!\Messenger\cache\safeobjects.xml"
1230 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\safeobjects.xml"
1230 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\safeobjects.xml"
2629 Oct 5 2007 "C:\Program Files\Yahoo!\Messenger\cache\searchbar.xml"
2629 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\searchbar.xml"
225 Feb 26 2008 "C:\Documents and Settings\MERION\Application Data\Mozilla\Firefox\Profiles\1xxqk038.default\GoogleToolbarData\searchhistory.xml"
2582 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\searchbar.xml"
16726 May 31 2007 "C:\Program Files\Yahoo!\Messenger\cache\searchcategories.xml"
16726 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\searchcategories.xml"
16728 Sep 5 2006 "E:\Program Files\Yahoo!\Messenger\cache\searchcategories.xml"
4701 Jun 28 2007 "C:\Program Files\Yahoo!\Messenger\cache\sidepanel-plugins.xml"
4701 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\sidepanel-plugins.xml"
5491 Dec 12 2006 "E:\Program Files\Yahoo!\Messenger\cache\sidepanel-plugins.xml"
5814 Nov 1 2007 "C:\Program Files\Yahoo!\Messenger\cache\sms.xml"
5814 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\sms.xml"
5554 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\sms.xml"
5519 Dec 6 2006 "E:\Program Files\Yahoo!\Messenger\cache\sms.xml"
1158 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\system.xml"
1158 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\system.xml"
790 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\cache\system.xml"
874 Sep 26 2006 "E:\Program Files\Yahoo!\Messenger\cache\system.xml"
827 Jan 14 2008 "C:\Program Files\Yahoo!\Messenger\cache\urls.xml"
827 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\urls.xml"
467 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\urls.xml"
3173 Sep 18 2007 "C:\Program Files\Yahoo!\Messenger\cache\userfeedback.xml"
3173 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\userfeedback.xml"
3194 Sep 7 2006 "E:\Program Files\Yahoo!\Messenger\cache\userfeedback.xml"
228776 Feb 29 2008 "C:\Program Files\Yahoo!\Messenger\logs\billing_MERION.log"
4726 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\billing_MERION.log"
174 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\billing_MERION.log"
20999 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\billing_stephanie.log"
4078243 Feb 29 2008 "C:\Program Files\Yahoo!\Messenger\logs\client_MERION.log"
45822 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\client_MERION.log"
166 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\client_MERION.log"
43390 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\client_stephanie.log"
1561405 Feb 22 2008 "C:\Program Files\Yahoo!\Messenger\logs\GIPS.log"
20809 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\GIPS.log"
5242585 Nov 17 2007 "C:\Program Files\Yahoo!\Messenger\logs\network_MERION_1.log"
20221 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\network_MERION.log"
166 Apr 18 2007 "C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs\network_MERION.log"
67265 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\logs\network_stephanie.log"
36073 Feb 22 2008 "C:\Program Files\Yahoo!\Messenger\logs\p2pce.log"
4856 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\p2pce.log"
923 Feb 29 2008 "C:\Program Files\Yahoo!\Messenger\logs\voice.log"
147284 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\voice.log"
184 Feb 2 2008 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\logs\voice.log"
14128 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\logs\YSDP.log"
492 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\YSDP.log"
14130 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\logs\YSIP.log"
492 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\logs\YSIP.log"
854 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\10small_1.png"
854 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\10small_1.png"
407 Jan 25 2008 "C:\Program Files\Yahoo!\Messenger\cache\branding\11small_1.png"
407 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\11small_1.png"
3410 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\1small_1.png"
3410 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\1small_1.png"
857 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\2small_1.png"
857 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\2small_1.png"
684 Oct 26 2007 "C:\Program Files\Yahoo!\Messenger\cache\branding\9small_1.png"
684 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\branding\9small_1.png"
16053 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\sb.swf"
16122 Oct 5 2007 "C:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.swf"
16053 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\Media\misc\sb.swf"
16122 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.swf"
14352 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\sb.swf"
16524 Dec 20 2006 "E:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.swf"
14352 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\Media\misc\sb.swf"
1362 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\sb.xml"
1362 Jul 9 2007 "C:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.xml"
1362 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchBar\sb.xml"
243 Aug 29 2006 "E:\Program Files\Yahoo!\Messenger\sb.xml"
1317 Apr 15 2005 "E:\Program Files\Yahoo!\Messenger\cache\SearchBar\sb.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_6.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_6.xml"
5289 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_7.xml"
5289 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_7.xml"
440 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_11.xml"
440 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_11.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_0.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_0.xml"
3122 Sep 20 2005 "E:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_11.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_1.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_1.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_4.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_4.xml"
439 Feb 21 2008 "C:\Program Files\Yahoo!\Messenger\cache\SearchKeywords\keyword_default_5.xml"
439 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Cache\SearchKeywords\keyword_default_5.xml"
171 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\bg_1.gif"
171 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\bg_1.gif"
171 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\bg_1.gif"
171 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\bg_1.gif"
180 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ch_1.gif"
180 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ch_1.gif"
180 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ch_1.gif"
180 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ch_1.gif"
225 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ck_1.gif"
225 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ck_1.gif"
225 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ck_1.gif"
225 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ck_1.gif"
178 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\do_2.gif"
178 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\do_2.gif"
178 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\do_2.gif"
178 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\do_2.gif"
226 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\lt_1.gif"
226 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\lt_1.gif"
226 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\lt_1.gif"
226 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\lt_1.gif"
1358 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ph_3.gif"
1358 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ph_3.gif"
1358 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ph_3.gif"
1358 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ph_3.gif"
367 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\pl_1.gif"
367 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\pl_1.gif"
367 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\pl_1.gif"
367 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\pl_1.gif"
354 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ttb_1.gif"
354 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ttb_1.gif"
354 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ttb_1.gif"
354 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ttb_1.gif"
198 Jul 23 2005 "C:\Program Files\Yahoo!\Messenger\Games\icons\ww_2.gif"
198 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Games\icons\ww_2.gif"
198 Jun 12 2006 "C:\Documents and Settings\MERION\Application Data\Yahoo!\Messenger\Games\icons\ww_2.gif"
198 Jul 23 2005 "E:\Program Files\Yahoo!\Messenger\Games\icons\ww_2.gif"
31 Jul 7 2007 "C:\Program Files\Yahoo!\Messenger\Profiles\neyo510\My Icons\Index.ini"
4914 Jun 25 2007 "C:\Program Files\Yahoo!\Messenger\Profiles\not_my_go0di3z51o\My Icons\Index.ini"
2493 Jan 26 2008 "C:\Program Files\Yahoo!\Messenger\Profiles\steph_flores510\My Icons\Index.ini"
133 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\Index.ini"
1219 Jun 28 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\d1z0n3ky00t13p1n41\My Icons\Index.ini"
31 Mar 13 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\merion_flores510\My Icons\Index.ini"
31 Jan 19 2007 "E:\Program Files\Yahoo!\Messenger\Profiles\[email protected]\My Icons\Index.ini"
6922 Dec 22 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\not_my_go0di3z51o\My Icons\Index.ini"
31 Sep 19 2006 "E:\Program Files\Yahoo!\Messenger\Profiles\stephanie_flores510\My Icons\Index.ini"
19371 Feb 11 2008 "C:\Program Files\Yahoo!\Messenger\bak\Profiles\steph_flores510\My Icons\yptC0.png"


end of report

[Rorschach112]

Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Also post a new HijackThis log

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.