ComboFix 08-07-01.5 - Melinda Roman 2008-07-02 17:37:22.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.173 [GMT -4:00]
Running from: C:\Documents and Settings\Melinda Roman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Melinda Roman\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\Documents and Settings\Melinda Roman\.exe
C:\WINDOWS\
000001_.tmp
C:\WINDOWS\system32\adsldpc.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Melinda Roman\.exe
C:\Program Files\WistaAntivirus
C:\Program Files\WistaAntivirus\config.cfg
C:\temp\itmp4
C:\WINDOWS\
000001_.tmp
C:\WINDOWS\system32\1178
C:\WINDOWS\system32\adsldpc.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
2008-07-02 14:53 . 2008-07-02 14:53 <DIR> d-------- C:\Program Files\AskSBar
2008-07-02 14:53 . 2008-07-02 14:53 164 --a------ C:\install.dat
2008-07-02 00:41 . 2008-07-02 00:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-02 00:41 . 2008-07-02 00:41 <DIR> d-------- C:\WINDOWS\ehome
2008-07-02 00:40 . 2002-08-29 06:41 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2008-07-02 00:39 . 2002-08-29 04:09 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-07-02 00:38 . 2002-08-29 06:41 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-02 00:38 . 2002-08-29 02:16 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-01 23:16 . 2008-07-01 23:17 <DIR> d-------- C:\Program Files\Panda Security
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Documents and Settings\Melinda Roman\Application Data\Malwarebytes
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 21:24 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 21:24 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 21:23 . 2008-07-01 21:23 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 15:27 . 2008-07-01 15:27 <DIR> d-------- C:\Program Files\BChanger
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\Documents and Settings\Melinda Roman\Application Data\Webroot
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-01 15:24 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-01 15:24 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-01 15:24 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-01 15:24 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-01 15:24 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-29 10:24 . 2008-06-29 10:24 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-28 12:29 . 2002-08-29 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-17 13:19 . 2008-06-17 13:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 19:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-02 01:54 --------- d-----w C:\Documents and Settings\Melinda Roman\Application Data\SUPERAntiSpyware.com
2008-05-31 00:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 00:36 --------- d-----w C:\Program Files\Yahoo!
2008-05-31 00:35 --------- d-----w C:\Program Files\Ahead
2008-05-31 00:32 --------- d-----w C:\Documents and Settings\Melinda Roman\Application Data\Lavasoft
2008-05-31 00:12 --------- d-----w C:\Program Files\dvd43
2008-05-31 00:12 --------- d-----w C:\Program Files\321Studios
2008-05-31 00:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-13 19:31 --------- d-----w C:\Program Files\America Online 8.0
2008-05-13 19:31 --------- d-----w C:\Documents and Settings\Juan Roman\Application Data\Viewpoint
2006-12-16 20:09 9,055 ----a-w C:\Program Files\hijackthis.log
2006-12-16 20:08 218,112 ----a-w C:\Program Files\HijackThis.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-02_13.06.24.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-02 16:58:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 21:41:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-02 13:38:54 4,796 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\S-1-5-21-1214970204-3266471654-2512236806-1005.dat
+ 2008-07-02 19:12:25 4,796 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\S-1-5-21-1214970204-3266471654-2512236806-1005.dat
- 2008-07-02 16:57:30 53,528 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-07-02 21:40:10 51,528 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\settings.dat
- 2008-07-02 13:21:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-02 19:35:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-02 13:21:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-02 19:35:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-02 13:21:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-02 19:35:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-08-29 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\alg.exe
+ 2002-08-29 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\csrss.exe
+ 2002-08-29 12:00:00 1,004,032 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2002-08-29 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
+ 2002-08-29 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\perfproc.dll
+ 2002-08-29 12:00:00 101,376 -c--a-w C:\WINDOWS\system32\dllcache\services.exe
+ 2002-08-29 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\smss.exe
+ 2005-06-10 23:55:46 53,248 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2002-08-29 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
+ 2002-08-29 12:00:00 667,136 -c--a-w C:\WINDOWS\system32\dllcache\userenv.dll
+ 2002-08-29 12:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\vdmdbg.dll
- 2007-10-01 20:24:34 16,184 ----a-w C:\WINDOWS\system32\ssiefr.EXE
+ 2008-01-05 00:34:34 16,240 ----a-w C:\WINDOWS\system32\ssiefr.EXE
- 2007-10-01 20:24:36 219,448 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2008-01-05 00:34:36 219,504 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
- 2007-10-01 20:24:36 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll
+ 2008-01-05 00:34:36 26,480 ----a-w C:\WINDOWS\system32\wrlzma.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-02 14:53 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]
2008-06-19 10:21 36864 --a------ C:\Program Files\BChanger\bchanger.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dflk"="C:\WINDOWS\system32\?ecurity\l?gonui.exe" [?]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-02 15:02 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 20:56 1896448]
"HelpCenter"="C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 12:00 192512]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\
0]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\untitled.JPG
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\tomw3.bmp
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\11]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\pictures\thuglife.JPG
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\12]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\emoicons\th_2csdwjr.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\cartoon1.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\da3.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\stars.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\bubbles.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\tink2.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\OMG.bmp
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\bubbles.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\9]
Source= C:\Documents and Settings\Melinda Roman\My Documents\peace.JPG
FriendlyName=
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-02 15:02 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-02 15:02 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Melinda Roman^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=C:\Documents and Settings\Melinda Roman\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-09-13 00:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2003-12-02 19:11 54296 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a------ 2003-12-02 19:11 58392 C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-04-23 06:49 1298554 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 18:45 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
--a------ 2004-02-13 09:08 57344 C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-11-15 16:18 1670144 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-05-12 16:04 196608 C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-06-26 20:01 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2003-01-03 20:17 26112 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\showicon2k]
--a------ 2003-07-04 13:55 135168 C:\Program Files\eM\Bay Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-11-02 20:59 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 04:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-10-07 01:41 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe
R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 10:15]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 04:04:21 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2008-07-02 19:35:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-02 17:43:17
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLServiceHost.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-07-02 17:51:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 21:51:00
ComboFix2.txt 2008-07-02 17:07:04
Pre-Run: 141,117,394,944 bytes free
Post-Run: 141,122,719,744 bytes free
234 --- E O F --- 2008-06-11 19:02:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:04 PM, on 7/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLServiceHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Dflk] C:\WINDOWS\system32\?ecurity\l?gonui.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} -
https://password.bel...oad/tgctlsr.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\untitled.JPG
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\tomw3.bmp
O24 - Desktop Component 10: (no name) -
http://myspace-155.v...190522155_l.jpgO24 - Desktop Component 11: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\pictures\thuglife.JPG
O24 - Desktop Component 12: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\emoicons\th_2csdwjr.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\cartoon1.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\da3.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\stars.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\bubbles.gif
O24 - Desktop Component 6: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\tink2.gif
O24 - Desktop Component 7: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\OMG.bmp
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\bubbles.gif
O24 - Desktop Component 9: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\peace.JPG
--
End of file - 9447 bytes