Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Error saying restriction in computer [RESOLVED]


  • This topic is locked This topic is locked

#1
Ammar

Ammar

    Member

  • Member
  • PipPipPip
  • 119 posts
Hi,

My computer givess the error message the operation has been cancelled due to restrictions in effect on this computer. It does this when I click on the time or go on properties. I also have spyware icons on my desktop, which I believe are trying to lure me into buying their antispyware softwares. I did a MBAM scan and I got to the scanning files and folders part and all of a sudden the computer had a blue screen saying that there is something wrong with the driver. I removed the spyware that showed up in MBAM before the comp turned off, but I want this problem resolved please.

Thanks, here my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:56 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0600B276-D63D-46A7-A7A8-474945B75727} - C:\WINDOWS\system32\bhabvths.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: msscds32.msdn_hlp - {279A05E3-C129-4189-BA16-F0DB908C89B0} - C:\WINDOWS\system32\msscds32.dll (file missing)
O2 - BHO: (no name) - {451D5B19-26CA-4A4E-AEC0-30003D1B9F41} - C:\WINDOWS\system32\bhabvths.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {5D7DA0AB-6C70-4A92-B6F3-F2B36C5DC4E5} - C:\Program Files\Messenger\hokeso5555.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: (no name) - {61F7073C-C2D5-9351-F54F-EC2B2F96D99E} - C:\WINDOWS\system32\vowrfi.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 0 - {7EF95ACC-FC4D-4A0E-4C8C-A80E03DE7873} - C:\Program Files\Windows NT\lavumade948.dll (file missing)
O2 - BHO: (no name) - {875C0613-B3DC-44B8-BFD8-CDD82FB53F79} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D1C9E945-D645-422F-AB46-090BACEFC5BE} - C:\Program Files\Messenger\hokeso455101.dll (file missing)
O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mskvtns.dll (file missing)
O2 - BHO: (no name) - {F2156CC3-1F63-44BF-B6BA-F3F077A3630B} - C:\Program Files\Messenger\hokeso4444.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [j4231836] rundll32 C:\WINDOWS\system32\j4231836.dll sook
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\ie_ban.exe
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Ftqgufvk] C:\WINDOWS\?dobe\m?config.exe
O4 - HKCU\..\Run: [Lmxpx] "C:\Documents and Settings\Rashid\My Documents\?ppPatch\m?config.exe"
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\COMMON~1\FNTS~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Policies\Explorer\Run: [{9CE85F2C-0AE9-1033-0404-060718200001}] "C:\Program Files\Common Files\{9CE85F2C-0AE9-1033-0404-060718200001}\Update.exe" mc-110-12-0000627
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{9CE85F2C-0AE9-1033-0404-060718200001}] "C:\Program Files\Common Files\{9CE85F2C-0AE9-1033-0404-060718200001}\Update.exe" mc-110-12-0000627 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{9CE85F2C-0AE9-1033-0404-060718200001}] "C:\Program Files\Common Files\{9CE85F2C-0AE9-1033-0404-060718200001}\Update.exe" mc-110-12-0000627 (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lmdsrngp.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9d3a52c8dcf246a7b59e13fdc44b2a47
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9d3a52c8dcf246a7b59e13fdc44b2a47
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.snipenet.net
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.snipenet.net (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll (file missing)
O20 - Winlogon Notify: rqrqpml - rqrqpml.dll (file missing)
O21 - SSODL: E404Helper - {d2899554-a626-4fa2-be2c-d314ee769328} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\profsybywuu.html

--
End of file - 13254 bytes
  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. AVG and Norton.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Then,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Ammar

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hey thanks man for all the help,
I just had a question. I am trying to delete AVG but, I cant delete all the files because some say these files are in use and I cant go to add or remove programs to take out AVG, because first of all I cant find control panel and everytime I click set program acces and defaults, it says access is denied. PLease tell me what to do for this.
Thanks
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

It doesn't suprise me that you are having so many problems with Control Panel etc.. Your system is crippled with malware.
If I were you, I would keep AVG and uninstall Norton instead - but we can do that afterwards..

Let's start with Combofix first and follow the instructions :)
  • 0

#5
Ammar

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
sorry, one last question.
Do I have to install Windows Recovery Program?
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Yes
  • 0

#7
Ammar

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Im not sure if I have SP2 or SP1...sorry this is not my computer...so thats why...is there a way to find out?

Edited by Ammar, 26 May 2008 - 04:24 PM.

  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
You have SP2. :)

Did you read the instructions how to use Combofix and install the Recovery Console with Combofix? Because it's also explained there in detail how to do this.
  • 0

#9
Ammar

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hi. I did the ComboFix thing and it deleted the files, but after reboot, I waited 15 minutes but no report showed up and so I closed it.
What should I do?
and the time is still in 24 hour mode

Edited by Ammar, 26 May 2008 - 05:06 PM.

  • 0

#10
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Yes, I know the time is still in 24 hour mode - don't change that now.

Please try Combofix again, but first disable your Norton and AVG, because they may interfere.

If that didn't work, try to run Combofix from Windows Safe mode.

Also, please don't close the scan - let it finish, because it does its job after reboot as well.

Edited by miekiemoes, 26 May 2008 - 05:10 PM.

  • 0

Advertisements


#11
Ammar

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Arrite. It worked! thanks alot

ComboFix 08-05-25.5 - Rashid 2008-05-26 19:59:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -4:00]
Running from: C:\Documents and Settings\Rashid\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\.rdr.ini
C:\Documents and Settings\LocalService\Local Settings\Application Data\n.ini
C:\Documents and Settings\NetworkService\Application Data\.rdr.ini
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Rashid\Application Data\.rdr.ini
C:\Documents and Settings\Rashid\Application Data\ASEMBL~1
C:\Documents and Settings\Rashid\Application Data\macromedia\Flash Player\#SharedObjects\9R2D7Q4F\www.broadcaster.com
C:\Documents and Settings\Rashid\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Rashid\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Rashid\Application Data\MANTEC~1
C:\Documents and Settings\Rashid\Application Data\PPPATC~1
C:\Documents and Settings\Rashid\Application Data\RACLE~1
C:\Documents and Settings\Rashid\Application Data\TSKS~1
C:\Documents and Settings\Rashid\My Documents\APPATC~1
C:\Documents and Settings\Rashid\My Documents\APPATC~1\Romana Resume edited.doc
C:\Documents and Settings\Rashid\My Documents\PPPATC~1
C:\Documents and Settings\Rashid\My Documents\PPPATC~2
C:\Documents and Settings\Rashid\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Rashid\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Rashid\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Rashid\Start Menu\Programs\Startup\ta_start.lnk
C:\Program Files\Common Files\{3CE85~1
C:\Program Files\Common Files\{3CE85~1\Bar888.dll.lzma
C:\Program Files\Common Files\{9CE85~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\fnts~1\M?crosoft\
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\Common Files\ymbols~1
C:\Program Files\crosof~1.net
C:\Program Files\E404 Helper
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\00E55886.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\budyicon\fwpbuddy.png
C:\Program Files\MyWebSearch\bar\Cache\0000AEDD
C:\Program Files\MyWebSearch\bar\Cache\00011076
C:\Program Files\MyWebSearch\bar\Cache\0001AEC9
C:\Program Files\MyWebSearch\bar\Cache\0001B716
C:\Program Files\MyWebSearch\bar\Cache\00028F65
C:\Program Files\MyWebSearch\bar\Cache\0002B54C
C:\Program Files\MyWebSearch\bar\Cache\00036E5B
C:\Program Files\MyWebSearch\bar\Cache\00040E44
C:\Program Files\MyWebSearch\bar\Cache\0004178B
C:\Program Files\MyWebSearch\bar\Cache\0006FCC1
C:\Program Files\MyWebSearch\bar\Cache\00087344
C:\Program Files\MyWebSearch\bar\Cache\0008BBE6
C:\Program Files\MyWebSearch\bar\Cache\0008F814
C:\Program Files\MyWebSearch\bar\Cache\000B3F93
C:\Program Files\MyWebSearch\bar\Cache\000D10BA
C:\Program Files\MyWebSearch\bar\Cache\00123AA0
C:\Program Files\MyWebSearch\bar\Cache\001DB5C6
C:\Program Files\MyWebSearch\bar\Cache\002C73B3.bin
C:\Program Files\MyWebSearch\bar\Cache\002C7430.bin
C:\Program Files\MyWebSearch\bar\Cache\002C749D.bin
C:\Program Files\MyWebSearch\bar\Cache\002C7578.bin
C:\Program Files\MyWebSearch\bar\Cache\002C7624.bin
C:\Program Files\MyWebSearch\bar\Cache\004387E7
C:\Program Files\MyWebSearch\bar\Cache\00B5CB10
C:\Program Files\MyWebSearch\bar\Cache\00B6F576
C:\Program Files\MyWebSearch\bar\Cache\00CA9DB0
C:\Program Files\MyWebSearch\bar\Cache\00CB8EB7
C:\Program Files\MyWebSearch\bar\Cache\00F39A9C.bin
C:\Program Files\MyWebSearch\bar\Cache\0154F854
C:\Program Files\MyWebSearch\bar\Cache\015C7AF0
C:\Program Files\MyWebSearch\bar\Cache\01715BC9
C:\Program Files\MyWebSearch\bar\Cache\017308AE
C:\Program Files\MyWebSearch\bar\Cache\0181C94A
C:\Program Files\MyWebSearch\bar\Cache\018BBD34.bin
C:\Program Files\MyWebSearch\bar\Cache\018BBECA.bin
C:\Program Files\MyWebSearch\bar\Cache\018BBF09.bin
C:\Program Files\MyWebSearch\bar\Cache\018BBF86
C:\Program Files\MyWebSearch\bar\Cache\018F6481
C:\Program Files\MyWebSearch\bar\Cache\01ABE542
C:\Program Files\MyWebSearch\bar\Cache\01D626A4
C:\Program Files\MyWebSearch\bar\Cache\0238C20D
C:\Program Files\MyWebSearch\bar\Cache\024619B3
C:\Program Files\MyWebSearch\bar\Cache\02473739
C:\Program Files\MyWebSearch\bar\Cache\026BA41C
C:\Program Files\MyWebSearch\bar\Cache\0297FFA4
C:\Program Files\MyWebSearch\bar\Cache\03E678B4
C:\Program Files\MyWebSearch\bar\Cache\13D0B3E0
C:\Program Files\MyWebSearch\bar\Cache\13D0B632
C:\Program Files\MyWebSearch\bar\Cache\13D0B71C.bin
C:\Program Files\MyWebSearch\bar\Cache\13D0B8C2.bin
C:\Program Files\MyWebSearch\bar\Cache\13D0B97E.bin
C:\Program Files\MyWebSearch\bar\Cache\13D0BA1A.bin
C:\Program Files\MyWebSearch\bar\Cache\13D0C303.bin
C:\Program Files\MyWebSearch\bar\Cache\13D0CF48.bin
C:\Program Files\MyWebSearch\bar\Cache\13D0CF96.bin
C:\Program Files\MyWebSearch\bar\Cache\13D0D080.bin
C:\Program Files\MyWebSearch\bar\Cache\13D0D18A
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\pppatc~1
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\Windows NT\profsybywuu.html
C:\Program Files\wintouch
C:\Program Files\wintouch\wintouch.cfg
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\tn3
C:\Think-Adz.lnk
C:\WINDOWS\180ax.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\curity~1
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\dobe~1
C:\WINDOWS\flt.dll
C:\WINDOWS\fnts~1
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\pack.epk
C:\WINDOWS\pbar.dll
C:\WINDOWS\pppatc~1
C:\WINDOWS\racle~1
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\sks~1
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\ssembl~1
C:\WINDOWS\stcloader.exe
C:\WINDOWS\susp.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\acjqggiq.ini
C:\WINDOWS\system32\afbyysyh.ini
C:\WINDOWS\system32\agpegxgy.ini
C:\WINDOWS\system32\anwfeylm.ini
C:\WINDOWS\system32\aqmchbwo.ini
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\atgalepe.ini
C:\WINDOWS\system32\baoprqkq.ini
C:\WINDOWS\system32\bbijwhbf.ini
C:\WINDOWS\system32\bdobtxdt.ini
C:\WINDOWS\system32\bewpqjtf.ini
C:\WINDOWS\system32\bfmnqbdk.ini
C:\WINDOWS\system32\bnmcrosq.ini
C:\WINDOWS\system32\bntrslll.ini
C:\WINDOWS\system32\bqjcpewh.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bylqlmhl.ini
C:\WINDOWS\system32\cixfcdoc.ini
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\cqgrjwcx.ini
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\crosof~1.net\??crosoft.NET\
C:\WINDOWS\system32\csuqhmjw.ini
C:\WINDOWS\system32\cvgfkuni.ini
C:\WINDOWS\system32\deebkdvi.ini
C:\WINDOWS\system32\dgvuouva.ini
C:\WINDOWS\system32\djrflxps.ini
C:\WINDOWS\system32\dkbbimuv.ini
C:\WINDOWS\system32\dpemnipr.ini
C:\WINDOWS\system32\dqxkbacn.ini
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\dsrhmwqr.ini
C:\WINDOWS\system32\dxgdnqps.ini
C:\WINDOWS\system32\dyihjvaj.ini
C:\WINDOWS\system32\eluuhfht.ini
C:\WINDOWS\system32\epyegnhn.ini
C:\WINDOWS\system32\eqksboja.ini
C:\WINDOWS\system32\evjtprhj.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f06WtR
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fdnmqvga.ini
C:\WINDOWS\system32\fhrxdqhh.ini
C:\WINDOWS\system32\fqiivoln.ini
C:\WINDOWS\system32\fybqdjxw.ini
C:\WINDOWS\system32\gbqvgbat.ini
C:\WINDOWS\system32\gcjlgkrk.ini
C:\WINDOWS\system32\gexbbjka.ini
C:\WINDOWS\system32\ghrmoaie.ini
C:\WINDOWS\system32\gkboomef.ini
C:\WINDOWS\system32\gkhxotgd.ini
C:\WINDOWS\system32\glicowix.ini
C:\WINDOWS\system32\gmaifehm.ini
C:\WINDOWS\system32\gmdmtgbt.ini
C:\WINDOWS\system32\gryokpmr.ini
C:\WINDOWS\system32\gsbliwnn.ini
C:\WINDOWS\system32\gsblyafw.ini
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\hfspcltr.ini
C:\WINDOWS\system32\hfvkjrii.ini
C:\WINDOWS\system32\hkyjeenl.ini
C:\WINDOWS\system32\hmsinvir.ini
C:\WINDOWS\system32\hqucvhbi.ini
C:\WINDOWS\system32\hunhckvw.ini
C:\WINDOWS\system32\hvhldblk.ini
C:\WINDOWS\system32\ibfgtast.ini
C:\WINDOWS\system32\igpolyfy.ini
C:\WINDOWS\system32\iljbewun.ini
C:\WINDOWS\system32\iukvbwrx.ini
C:\WINDOWS\system32\iuogflai.ini
C:\WINDOWS\system32\ivqsqnss.ini
C:\WINDOWS\system32\jcnorowp.ini
C:\WINDOWS\system32\jefriprf.ini
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jnyxvljy.ini
C:\WINDOWS\system32\juscuiof.ini
C:\WINDOWS\system32\kbrrkcow.ini
C:\WINDOWS\system32\kifgrvcy.ini
C:\WINDOWS\system32\kjcfijwd.ini
C:\WINDOWS\system32\kjuxpriu.ini
C:\WINDOWS\system32\klvbvpyk.ini
C:\WINDOWS\system32\kqywinnr.ini
C:\WINDOWS\system32\krkfspdu.ini
C:\WINDOWS\system32\krwxqwbr.ini
C:\WINDOWS\system32\kthebagl.ini
C:\WINDOWS\system32\kucmdqmf.ini
C:\WINDOWS\system32\kxnsggad.ini
C:\WINDOWS\system32\lahhnxoy.ini
C:\WINDOWS\system32\legskype.ini
C:\WINDOWS\system32\lfd32.ini
C:\WINDOWS\system32\ljfwrjwd.ini
C:\WINDOWS\system32\lkrpthgr.ini
C:\WINDOWS\system32\llbyakrk.ini
C:\WINDOWS\system32\lufwdpec.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\mfkocppj.ini
C:\WINDOWS\system32\mhitjyob.ini
C:\WINDOWS\system32\mjjvwbpo.ini
C:\WINDOWS\system32\mmppserp.ini
C:\WINDOWS\system32\mnmokfnx.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\mxuupblj.ini
C:\WINDOWS\system32\mythgsbm.ini
C:\WINDOWS\system32\nedeqkfv.ini
C:\WINDOWS\system32\niuvjaty.ini
C:\WINDOWS\system32\nqfwwnwy.ini
C:\WINDOWS\system32\nucqomom.ini
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\olfwoggk.ini
C:\WINDOWS\system32\oowkbjmg.ini
C:\WINDOWS\system32\owewwopq.ini
C:\WINDOWS\system32\pdbjhktq.ini
C:\WINDOWS\system32\peaapuij.ini
C:\WINDOWS\system32\phljjmmv.ini
C:\WINDOWS\system32\plvtujhi.ini
C:\WINDOWS\system32\prfxnque.ini
C:\WINDOWS\system32\ptudgjru.ini
C:\WINDOWS\system32\pwyfxahj.ini
C:\WINDOWS\system32\qgoihjff.ini
C:\WINDOWS\system32\qmmibmqu.ini
C:\WINDOWS\system32\qwdufrhn.ini
C:\WINDOWS\system32\rdwsqcjy.ini
C:\WINDOWS\system32\rlrqwpgq.ini
C:\WINDOWS\system32\ruxywcrv.ini
C:\WINDOWS\system32\sfgikueb.ini
C:\WINDOWS\system32\soarlltx.ini
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\svvssnng.ini
C:\WINDOWS\system32\sxjkdlne.ini
C:\WINDOWS\system32\tbdlqggj.ini
C:\WINDOWS\system32\tumorrlj.ini
C:\WINDOWS\system32\tyhwndsy.ini
C:\WINDOWS\system32\ucvkvckx.ini
C:\WINDOWS\system32\uexemmjt.ini
C:\WINDOWS\system32\uiweasic.ini
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\system32\vknohco.dat
C:\WINDOWS\system32\vknohco_nav.dat
C:\WINDOWS\system32\vknohco_navps.dat
C:\WINDOWS\system32\vkqsldti.ini
C:\WINDOWS\system32\vnmnkmam.ini
C:\WINDOWS\system32\vptidoew.ini
C:\WINDOWS\system32\vscftgof.ini
C:\WINDOWS\system32\vuynfbkq.ini
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wbirlcuh.ini
C:\WINDOWS\system32\wdkenstn.ini
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnlocnxx.ini
C:\WINDOWS\system32\wnmdtyny.ini
C:\WINDOWS\system32\wnsintsv32.exe
C:\WINDOWS\system32\wsxwapje.ini
C:\WINDOWS\system32\wtcsujkl.ini
C:\WINDOWS\system32\wwstsisv.ini
C:\WINDOWS\system32\xblrxtdj.ini
C:\WINDOWS\system32\xegbmfsu.ini
C:\WINDOWS\system32\xkcijwpu.ini
C:\WINDOWS\system32\xklhbqrb.ini
C:\WINDOWS\system32\xselgklc.ini
C:\WINDOWS\system32\xvinnnma.ini
C:\WINDOWS\system32\ybiqxjlb.ini
C:\WINDOWS\system32\yeegjotj.ini
C:\WINDOWS\system32\yefwqvel.ini
C:\WINDOWS\system32\yinalwin.ini
C:\WINDOWS\system32\yjgkwpus.ini
C:\WINDOWS\system32\yklsenlq.ini
C:\WINDOWS\system32\ymloduej.ini
C:\WINDOWS\system32\ywxxgtrb.ini
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\ymante~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENT_IP-IPX
-------\Legacy_DOMAINSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NNSERV
-------\Legacy_SYMAVC32
-------\Legacy_XLAVBA8
-------\Service_NNServ
-------\Service_symavc32
-------\Service_xlavba8


((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-25 01:41 . 2008-05-25 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 01:40 . 2008-05-25 13:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 01:40 . 2008-05-25 01:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 01:40 . 2008-05-25 01:40 <DIR> d-------- C:\Documents and Settings\Rashid\Application Data\SUPERAntiSpyware.com
2008-05-25 01:33 . 2008-05-25 01:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 00:39 . 2008-05-25 00:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 00:39 . 2008-05-25 00:39 <DIR> d-------- C:\Documents and Settings\Rashid\Application Data\Malwarebytes
2008-05-25 00:39 . 2008-05-25 00:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 00:39 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-25 00:39 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-25 00:37 . 2008-05-25 00:37 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-20 00:44 . 2008-05-20 00:46 <DIR> d-------- C:\90c6895b3daf69ced2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 23:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-26 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-26 23:33 --------- d-----w C:\Documents and Settings\Rashid\Application Data\ZoomBrowser EX
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 21:13 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-17 00:04 88 --sh--r C:\WINDOWS\system32\356C853FB8.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 00:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-24 12:00 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 00:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 00:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ftqgufvk"="C:\WINDOWS\?dobe\m?config.exe" [ ]
"Lmxpx"="C:\Documents and Settings\Rashid\My Documents\?ppPatch\m?config.exe" [ ]
"Aim6"="" []
"Sen"="C:\PROGRA~1\COMMON~1\FNTS~1\winlogon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 21:48 68856]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08 4670968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 02:49 718704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-16 18:03 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-10 08:53 219136]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{9CE85F2C-0AE9-1033-0404-060718200001}"= "C:\Program Files\Common Files\{9CE85F2C-0AE9-1033-0404-060718200001}\Update.exe" mc-110-12-0000627

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{9CE85F2C-0AE9-1033-0404-060718200001}"= "C:\Program Files\Common Files\{9CE85F2C-0AE9-1033-0404-060718200001}\Update.exe" mc-110-12-0000627

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjj]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqpml]
rqrqpml.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rashid^Start Menu^Programs^Startup^findfast.exe]
path=C:\Documents and Settings\Rashid\Start Menu\Programs\Startup\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rashid^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Rashid\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rashid^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Rashid\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 01:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 17:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2005-04-18 14:38 71256 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-08 09:49 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clkhost]
C:\WINDOWS\xlaherx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cncfezaz]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\cncfezaz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep]
C:\WINDOWS\system32\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\froody]
C:\WINDOWS\system32\timoty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
C:\WINDOWS\g4356cbvy63

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
C:\WINDOWS\system32\avuouvgd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1157199342\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i34yuc387]
C:\WINDOWS\i34yuc387

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-03-27 11:57 126104 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMModule4]
C:\Program Files\ISM\ISMModule4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\izabsdyf]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\izabsdyf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsft Windows Adapter 5.1.3013]
C:\Documents and Settings\Rashid\Application Data\ulyj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ooze view does send]
C:\Documents and Settings\All Users\Application Data\DENT AXIS OOZE VIEW\OnceType.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 17:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poll memo junk ping]
C:\Documents and Settings\All Users\Application Data\16 new ping long\for hole draw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qqwr]
C:\PROGRA~1\COMMON~1\qqwr\qqwrm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-06-16 18:03 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-06-16 18:03 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rlrft]
C:\WINDOWS\?ssembly\s?oolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROAD ITCH AMOK PING]
C:\Documents and Settings\All Users\Application Data\Long slow road itch\Support media.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rtvxtxhg]
C:\WINDOWS\??curity\i?xplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\WINDOWS\pvenxs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShareSearcher]
c:\wsusupd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
C:\WINDOWS\system32\spoolvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\that third]
C:\DOCUME~1\Rashid\APPLIC~1\FILETW~1\linkclose.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Defender]
C:\Program Files\Ultimate Defender\UltimateDefender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
C:\WINDOWS\system32\winter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
C:\WINDOWS\system32\timoty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vknohco]
c:\windows\system32\vknohco.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsService]
C:\WINDOWS\system32\wockrrbk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Program Files\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wkkjrzf]
C:\Documents and Settings\Rashid\My Documents\?ppPatch\?pool32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 14:08 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{85-5F-F2-2C-ZN}]
C:\WINDOWS\system32\lmdsrngp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1157199342\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AOL\\1157199342\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1157199342\\EE\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msrr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 00:00:01 C:\WINDOWS\Tasks\B229E45795E688D7.job"
- c:\docume~1\rashid\applic~1\filetw~1\RectOozeTons.exe
"2008-05-26 23:51:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-27 00:01:02 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Rashid.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 20:03:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-26 20:05:21
ComboFix-quarantined-files.txt 2008-05-27 00:04:14

Pre-Run: 91,938,521,088 bytes free
Post-Run: 91,941,183,488 bytes free

683 --- E O F --- 2008-05-15 19:27:38
  • 0

#12
Ammar

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:59 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Ftqgufvk] C:\WINDOWS\?dobe\m?config.exe
O4 - HKCU\..\Run: [Lmxpx] "C:\Documents and Settings\Rashid\My Documents\?ppPatch\m?config.exe"
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\COMMON~1\FNTS~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [{9CE85F2C-0AE9-1033-0404-060718200001}] "C:\Program Files\Common Files\{9CE85F2C-0AE9-1033-0404-060718200001}\Update.exe" mc-110-12-0000627
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{9CE85F2C-0AE9-1033-0404-060718200001}] "C:\Program Files\Common Files\{9CE85F2C-0AE9-1033-0404-060718200001}\Update.exe" mc-110-12-0000627 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{9CE85F2C-0AE9-1033-0404-060718200001}] "C:\Program Files\Common Files\{9CE85F2C-0AE9-1033-0404-060718200001}\Update.exe" mc-110-12-0000627 (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9d3a52c8dcf246a7b59e13fdc44b2a47
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9d3a52c8dcf246a7b59e13fdc44b2a47
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.snipenet.net
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.snipenet.net (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll (file missing)
O20 - Winlogon Notify: rqrqpml - rqrqpml.dll (file missing)
O21 - SSODL: E404Helper - {d2899554-a626-4fa2-be2c-d314ee769328} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10375 bytes
  • 0

#13
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then, * Download DelDomains.inf and save it to your desktop.
Rightclick on it and choose 'install'.

Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\Tasks\B229E45795E688D7.job
C:\WINDOWS\pss\Think-Adz.lnkStartup
C:\WINDOWS\pss\TA_Start.lnkStartup
Folder::
c:\docume~1\rashid\applic~1\filetw~1
C:\Documents and Settings\All Users\Application Data\16 new ping long
C:\Documents and Settings\All Users\Application Data\Long slow road itch
C:\Documents and Settings\All Users\Application Data\DENT AXIS OOZE VIEW
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ftqgufvk"=-
"Lmxpx"=-
"Sen"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{9CE85F2C-0AE9-1033-0404-060718200001}"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{9CE85F2C-0AE9-1033-0404-060718200001}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqpml]
[-HKLM\~\startupfolder\C:^Documents and Settings^Rashid^Start Menu^Programs^Startup^TA_Start.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Rashid^Start Menu^Programs^Startup^Think-Adz.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clkhost]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cncfezaz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\froody]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i34yuc387]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMModule4]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\izabsdyf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsft Windows Adapter 5.1.3013]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ooze view does send]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poll memo junk ping]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qqwr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rlrft]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROAD ITCH AMOK PING]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rtvxtxhg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShareSearcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\that third]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Defender]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vknohco]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsService]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wkkjrzf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{85-5F-F2-2C-ZN}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
  • 0

#14
Ammar

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ComboFix 08-05-25.5 - Rashid 2008-05-27 11:26:47.3 - NTFSx86
Running from: C:\Documents and Settings\Rashid\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rashid\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup
C:\WINDOWS\Tasks\B229E45795E688D7.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\rashid\applic~1\filetw~1
c:\docume~1\rashid\applic~1\filetw~1\0
C:\Documents and Settings\All Users\Application Data\16 new ping long
C:\Documents and Settings\All Users\Application Data\DENT AXIS OOZE VIEW
C:\Documents and Settings\All Users\Application Data\Long slow road itch
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup
C:\WINDOWS\Tasks\B229E45795E688D7.job

.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-25 01:41 . 2008-05-25 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 01:40 . 2008-05-25 13:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 01:40 . 2008-05-25 01:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 01:40 . 2008-05-25 01:40 <DIR> d-------- C:\Documents and Settings\Rashid\Application Data\SUPERAntiSpyware.com
2008-05-25 01:33 . 2008-05-25 01:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 00:39 . 2008-05-25 00:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 00:39 . 2008-05-25 00:39 <DIR> d-------- C:\Documents and Settings\Rashid\Application Data\Malwarebytes
2008-05-25 00:39 . 2008-05-25 00:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 00:39 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-25 00:39 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-25 00:37 . 2008-05-25 00:37 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-20 00:44 . 2008-05-20 00:46 <DIR> d-------- C:\90c6895b3daf69ced2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 15:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-27 15:22 --------- d-----w C:\Program Files\Viewpoint
2008-05-27 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-26 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-26 23:33 --------- d-----w C:\Documents and Settings\Rashid\Application Data\ZoomBrowser EX
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 21:13 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-17 00:04 88 --sh--r C:\WINDOWS\system32\356C853FB8.sys
.

((((((((((((((((((((((((((((( [email protected]_20.03.44.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 23:18:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 03:58:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 00:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-24 12:00 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 00:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 00:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 21:48 68856]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08 4670968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 02:49 718704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-16 18:03 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-10 08:53 219136]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rashid^Start Menu^Programs^Startup^findfast.exe]
path=C:\Documents and Settings\Rashid\Start Menu\Programs\Startup\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 01:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 17:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2005-04-18 14:38 71256 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-08 09:49 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1157199342\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-03-27 11:57 126104 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 17:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-06-16 18:03 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-06-16 18:03 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 14:08 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1157199342\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AOL\\1157199342\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1157199342\\EE\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msrr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 14:51:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-27 00:01:02 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Rashid.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 11:30:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-27 11:34:13
ComboFix-quarantined-files.txt 2008-05-27 15:33:48
ComboFix2.txt 2008-05-27 00:05:23

Pre-Run: 91,873,652,736 bytes free
Post-Run: 91,898,667,008 bytes free

196 --- E O F --- 2008-05-15 19:27:38
  • 0

#15
Ammar

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:51 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9d3a52c8dcf246a7b59e13fdc44b2a47
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9d3a52c8dcf246a7b59e13fdc44b2a47
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: E404Helper - {d2899554-a626-4fa2-be2c-d314ee769328} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8605 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP