Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Installer message, redirects, cannot run scans [Solved]

Started by 4myruby , Apr 04 2009 02:15 PM

  • This topic is locked This topic is locked

#1
4myruby
Posted 04 April 2009 - 02:15 PM

4myruby

    Member

  • Member
  • PipPip
  • 31 posts
OK, I give up and need help. My main problems are the "Google Installer has encountered a problem" error message continuing to pop up, usually on restart, and the redirects when using the Internet. I have gone through all of the steps in the cleanup guide I think, except the Malwarebytes scan. I cannot run the scan (another problem) even with renaming the .exe file. So... here are my Rooter and OTLI logs, and thanks much for your time and help:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:506 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 04/04/2009|13:02

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\WINDOWS\system32\HPConfig.exe
---------- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
---------- C:\WINDOWS\System32\snmp.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
---------- C:\Program Files\Java\jre6\bin\jucheck.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

==> VUNDO <==

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/04/2009|13:04

----------------------\\ Scan completed at 13:04

OTListIt logfile created on: 4/4/2009 1:08:05 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\Michelle Mc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 89.17 Mb Available Physical Memory | 19.95% Memory free
1.03 Gb Paging File | 0.61 Gb Available in Paging File | 59.44% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.49 Gb Free Space | 54.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE
Current User Name: Michelle Mc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Documents and Settings\Michelle Mc\Desktop\OTListIt2(2).exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe (Yahoo! Inc.)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gupdate1c9901b75fe1963 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HPConfig [Auto | Running]) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr [Auto | Running]) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LWWLicenseService [On_Demand | Stopped]) -- C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe (WoltersKluwerLWW)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (PSI_SVC_2 [Auto | Running]) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (SonicStage Back-End Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (0091401238875069mcinstcleanup [Auto | Stopped]) -- C:\Documents and Settings\Michelle Mc\Local Settings\Temp\0091401238875069mcinst.exe (McAfee, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ALiIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\aliirda.sys (Acer Laboratories Inc.)
DRV - (allegro [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atimpab [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atimpab.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (caboagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (CALIAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (CALIHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (CE3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ce3n5.sys (Xircom, Inc.)
DRV - (DgiVecp [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (Samsung Electronics Co., Ltd.)
DRV - (DKbFltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (DP83815 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\DP83815.SYS (National Semiconductor Corp.)
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (HPCI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hpci.sys (Hewlett-Packard)
DRV - (HSFHWALI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NuidFltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (Point32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StreamDispatcher [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys (Conexant Systems, Inc.)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/04/04 13:03:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/31 21:57:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 02:56:16 | 00,000,000 | ---D | M]

[2009/03/03 00:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Mc\Application Data\mozilla\Extensions
[2009/03/03 00:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Mc\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/08 06:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Mc\Application Data\mozilla\Extensions\[email protected]
[2009/04/04 12:54:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Mc\Application Data\mozilla\Firefox\Profiles\g72vlhgs.default\extensions
[2009/03/03 00:12:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Mc\Application Data\mozilla\Firefox\Profiles\g72vlhgs.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2008/04/11 06:31:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Mc\Application Data\mozilla\Firefox\Profiles\g72vlhgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/18 15:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Mc\Application Data\mozilla\Firefox\Profiles\g72vlhgs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/04 12:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Mc\Application Data\mozilla\Firefox\Profiles\g72vlhgs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/03/03 00:59:58 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Michelle Mc\Application Data\Mozilla\FireFox\Profiles\g72vlhgs.default\searchplugins\winamp-search.xml
[2009/04/03 01:38:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/04/11 06:21:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/29 02:56:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/16 19:04:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/29 02:56:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/29 02:56:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 16:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 16:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 16:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 16:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 16:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 16:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 16:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (3750 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 124.217.251.159 google.se
O1 - Hosts: 124.217.251.159 google.cn
O1 - Hosts: 124.217.251.159 google.com.pr
O1 - Hosts: 124.217.251.159 google.com.ca
O1 - Hosts: 124.217.251.159 google.com.ch
O1 - Hosts: 124.217.251.159 google.co.in
O1 - Hosts: 124.217.251.159 google.co.uk
O1 - Hosts: 124.217.251.159 google.lv
O1 - Hosts: 124.217.251.159 google.co.hu
O1 - Hosts: 124.217.251.159 google.lk
O1 - Hosts: 124.217.251.159 google.com.au
O1 - Hosts: 124.217.251.159 google.ru
O1 - Hosts: 124.217.251.159 gogle.de
O1 - Hosts: 124.217.251.159 googel.de
O1 - Hosts: 124.217.251.159 google.ro
O1 - Hosts: 124.217.251.159 google.kz
O1 - Hosts: 124.217.251.159 google.by
O1 - Hosts: 124.217.251.159 google.no
O1 - Hosts: 124.217.251.159 google.com.pl
O1 - Hosts: 124.217.251.159 google.es
O1 - Hosts: 124.217.251.159 google.pt
O1 - Hosts: 124.217.251.159 google.com.br
O1 - Hosts: 124.217.251.159 google.vc
O1 - Hosts: 124.217.251.159 google.co.za
O1 - Hosts: 91 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (BHO) - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [QuickFinder Scheduler] "c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" (Corel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [braviax] C:\WINDOWS\system32\braviax.exe File not found
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Michelle Mc\Application Data\Macromedia\Common\429700261.dll"" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunServices: [IEUpdate] C:\WINDOWS\system32\activedsq.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\downloads\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\Quicken\billmind.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE (Intuit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: kmep.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.kmep.com...ptX/ScriptX.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...sa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} http://10.201.50.41/...iconference.cab (AMI Conferencing Control 6.0)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} http://www.samsungdp...X/DrPrinter.cab (PrinterHelpEtcActiveX Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1238824459236 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159193915863 (MUWebControl Class)
O16 - DPF: {7B82431C-7875-42E1-9404-57102672D6B4} http://10.201.50.41/...l/amiviewer.cab (AMI ViewApp Control 6.0 (SPa5))
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} http://zone.msn.com/...S2.cab61895.cab ()
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...sa/SymAData.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{32919092-0221-4E99-9D8E-A25C10D9DC89}\\NameServer = 207.53.168.13,207.53.168.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{43C284AF-BF30-4D65-81E9-84DD1F916959}\\NameServer = 10.201.75.19,65.106.1.196
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wufewoga.dll) - C:\WINDOWS\system32\wufewoga.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\selekide.dll) - C:\WINDOWS\system32\selekide.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\lotoyeyo.dll) - C:\WINDOWS\system32\lotoyeyo.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\fedozuta.dll) - C:\WINDOWS\system32\fedozuta.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\vtuvttt: DllName - vtuvttt.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\khhif.dll) - C:\WINDOWS\system32\khhif.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3c176070-0074-11db-91f1-00904b412da6}\Shell - "" = AutoRun
O33 - MountPoints2\{3c176070-0074-11db-91f1-00904b412da6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c176070-0074-11db-91f1-00904b412da6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{50ef4220-a80d-11db-929d-00904b412da6}\Shell - "" = AutoRun
O33 - MountPoints2\{50ef4220-a80d-11db-929d-00904b412da6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{50ef4220-a80d-11db-929d-00904b412da6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{edf52f80-d00a-11dd-967e-00904b412da6}\Shell - "" = AutoRun
O33 - MountPoints2\{edf52f80-d00a-11dd-967e-00904b412da6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{edf52f80-d00a-11dd-967e-00904b412da6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2009/04/04 13:07:28 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\MICHEL~1\Desktop\OTListIt2(2).exe
[2009/04/04 13:02:36 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/04 13:02:15 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\Desktop\Rooter.exe
[2009/04/04 12:58:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/04/04 12:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/04/04 12:56:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/04 12:56:40 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/04/04 12:56:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/04/04 12:56:00 | 05,955,448 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\Desktop\saSetup64.exe
[2009/04/04 12:50:45 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/04 12:23:02 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/03 22:55:19 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/04/03 22:51:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 22:51:08 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/03 22:51:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/03 22:51:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/03 22:49:19 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\Desktop\ERUNT.lnk
[2009/04/03 22:49:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/03 22:48:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\MICHEL~1\Desktop\erunt_setup.exe
[2009/04/03 21:43:40 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/03 21:42:37 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\MICHEL~1\Desktop\OTListIt2.exe
[2009/04/03 20:51:15 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\MICHEL~1\Desktop\SysRestorePoint.exe
[2009/04/03 00:33:09 | 00,008,828 | -HS- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{88E628F1-2C52-4314-9A25-8CBF5C9B75AA}_Large.jpg
[2009/04/03 00:33:09 | 00,002,508 | -HS- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{88E628F1-2C52-4314-9A25-8CBF5C9B75AA}_Small.jpg
[2009/04/02 00:41:25 | 00,008,702 | -HS- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{6A76B9F0-30FA-432A-ABB4-91A6C8E9D95E}_Large.jpg
[2009/04/02 00:41:25 | 00,002,297 | -HS- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{6A76B9F0-30FA-432A-ABB4-91A6C8E9D95E}_Small.jpg
[2009/04/01 22:02:25 | 73,421,4144 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\s01e01 & s01e02 - Encounter at Farpoint.avi
[2009/04/01 21:59:14 | 00,013,371 | -HS- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{5C307EDE-8241-46AE-B994-DBC97C557051}_Large.jpg
[2009/04/01 21:59:14 | 00,003,223 | -HS- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{5C307EDE-8241-46AE-B994-DBC97C557051}_Small.jpg
[2009/04/01 00:41:24 | 00,011,953 | -HS- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{F43AE5B8-2662-43B7-A409-DEE2BAA2C114}_Large.jpg
[2009/04/01 00:41:24 | 00,003,017 | -HS- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{F43AE5B8-2662-43B7-A409-DEE2BAA2C114}_Small.jpg
[2009/04/01 00:31:15 | 10,482,570 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\2 Decode - Paramore.mp3
[2009/04/01 00:31:11 | 09,420,836 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\8 I Caught Myself - Paramore.mp3
[2009/04/01 00:31:10 | 08,447,125 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\1 Supermassive Black Hole - Muse.mp3
[2009/04/01 00:31:10 | 08,003,059 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\4 Leave Out All The Rest - Linkin Park.mp3
[2009/04/01 00:30:58 | 04,165,140 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\13 - Liar.mp3
[2009/04/01 00:30:43 | 04,259,840 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\TravisWhyDoesItAlwaysRainOnMe.mp3
[2009/04/01 00:30:38 | 03,785,918 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\ryLouisPolisar-AllIWantIsYou.mp3
[2009/04/01 00:30:38 | 03,446,002 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\Pink_SoWhat.mp3
[2009/04/01 00:30:37 | 07,716,992 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\ne-yo_-_closer.mp3
[2009/04/01 00:30:28 | 04,719,106 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\Rihanna_Rehab.mp3
[2009/04/01 00:30:27 | 10,219,814 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\Pink_-_Sober.mp3
[2009/04/01 00:30:27 | 03,894,503 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\JustDance__LadyGaga.mp3
[2009/04/01 00:30:27 | 03,594,379 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\Duelling_Violins.mp3
[2009/04/01 00:30:27 | 03,218,204 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\maroon 528.mp3
[2009/04/01 00:30:26 | 04,853,185 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\07-5-years-time.mp3
[2009/04/01 00:30:17 | 05,808,996 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\02-barking-at-the-moon-1.mp3
[2009/04/01 00:30:17 | 05,616,741 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\01-miley_cyrus_and_john_travolta-i_thought_i_lost_you.mp3
[2009/04/01 00:06:48 | 00,113,953 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\paramore-decode.mid
[2009/03/31 22:44:32 | 00,000,000 | ---D | C] -- C:\DOCUME~1\MICHEL~1\My Documents\RPGXP
[2009/03/30 21:14:25 | 00,081,579 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\My Documents\shockwave.jpg
[2009/03/30 21:01:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Enterbrain
[2009/03/30 13:56:22 | 00,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2009/03/30 13:55:34 | 00,000,714 | ---- | C] () -- C:\DOCUME~1\MICHEL~1\Desktop\Final Fantasy VII.lnk
[2009/03/30 13:46:25 | 00,000,000 | ---D | C] -- C:\Program Files\Final Fantasy VII
[2009/03/24 01:26:46 | 00,001,598 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SonicStage.lnk
[2009/03/24 01:26:43 | 00,770,048 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CDDBUISony.dll
[2009/03/24 01:26:43 | 00,655,360 | ---- | C] (Gracenote, Inc.) -- C:\WINDOWS\System32\CDDBControlSony.dll
[2009/03/24 01:26:43 | 00,589,824 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbMusicIDSony.dll
[2009/03/24 01:26:43 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/03/24 01:26:43 | 00,073,728 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbLinkSony.dll
[2009/03/24 01:25:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2009/03/24 01:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/03/24 01:22:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michelle Mc\Application Data\Sony Corporation
[2009/03/24 01:22:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2009/03/18 20:36:48 | 46,876,6720 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/18 15:19:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michelle Mc\Local Settings\Application Data\Yahoo
[2009/03/18 15:00:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michelle Mc\Application Data\Yahoo!
[2009/03/18 15:00:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/18 14:59:37 | 00,000,812 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Yahoo! Messenger.lnk
[2009/03/18 14:59:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/03/17 03:47:37 | 12,754,672 | ---- | C] (Microsoft Corporation) -- C:\DOCUME~1\MICHEL~1\Desktop\MP10Setup(2).exe
[2009/03/17 03:41:16 | 12,754,672 | ---- | C] (Microsoft Corporation) -- C:\DOCUME~1\MICHEL~1\Desktop\MP10Setup.exe
[2009/03/16 19:05:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michelle Mc\Application Data\Skype
[2009/03/16 19:04:51 | 00,002,257 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/03/16 19:04:47 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2009/03/16 19:04:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/03/16 19:00:37 | 23,596,840 | ---- | C] (Skype Technologies S.A.) -- C:\DOCUME~1\MICHEL~1\Desktop\SkypeSetupFull.exe
[2009/03/15 23:44:45 | 00,000,604 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Guild Wars.lnk
[2009/03/15 23:44:44 | 00,000,000 | ---D | C] -- C:\Program Files\Guild Wars
[2009/02/25 22:29:33 | 00,000,169 | ---- | C] () -- C:\WINDOWS\clientshell.INI
[2008/12/01 05:36:51 | 01,343,240 | -HS- | C] () -- C:\WINDOWS\System32\ilubugih.ini
[2008/11/30 16:51:00 | 01,296,222 | -HS- | C] () -- C:\WINDOWS\System32\ijugaral.ini
[2008/11/30 02:02:30 | 01,296,222 | -HS- | C] () -- C:\WINDOWS\System32\ovukofum.ini
[2008/10/20 00:28:19 | 00,141,612 | ---- | C] () -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys
[2008/10/19 02:37:08 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\COMSocketServer.dll
[2008/10/19 02:36:51 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/06/28 00:43:20 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/03/15 02:05:47 | 00,309,589 | -HS- | C] () -- C:\WINDOWS\System32\fihhk.ini2
[2008/03/15 02:05:45 | 00,309,589 | -HS- | C] () -- C:\WINDOWS\System32\fihhk.ini
[2007/08/29 23:43:39 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C7CFBA7692.sys
[2007/03/22 21:46:15 | 00,000,904 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/03/22 21:46:01 | 00,000,189 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2006/06/23 12:56:17 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/16 09:17:58 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005/12/09 23:35:27 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/08/30 00:00:00 | 00,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 00,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 00,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2005/08/09 11:29:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 10:20:26 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2004/12/14 13:59:17 | 00,050,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/10/12 09:42:05 | 00,001,277 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/16 14:36:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/04/21 09:37:40 | 00,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2004/04/21 09:25:40 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2004/04/21 09:24:59 | 00,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2004/04/21 09:24:56 | 00,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2004/03/02 11:18:41 | 00,001,208 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/03/02 11:18:09 | 00,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/01/27 05:13:54 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/01/27 05:13:14 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2003/12/17 14:41:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/07 03:29:20 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/09/24 16:14:29 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/09/24 16:14:11 | 00,000,639 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/22 16:27:13 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/05/22 16:17:19 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/05/22 16:16:53 | 00,000,139 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/05/13 11:28:52 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2003/02/26 16:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2002/09/09 08:15:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/09 08:02:16 | 00,477,670 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2002/09/09 07:49:46 | 00,000,726 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/09 07:49:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2002/09/09 07:49:10 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/09 07:43:50 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2002/09/09 07:43:50 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2002/09/09 00:34:18 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/08/28 19:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2002/08/28 19:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2002/08/28 19:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2002/08/28 19:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2002/08/28 19:00:00 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2002/08/28 19:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2002/08/28 19:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2002/08/28 19:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2002/08/28 19:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2002/08/28 19:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2002/08/28 19:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2002/08/28 19:00:00 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/08/28 19:00:00 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2002/08/28 19:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2002/08/28 19:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2002/08/28 19:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2002/08/28 19:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2002/08/28 19:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2002/08/28 19:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2002/08/28 19:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2002/08/28 19:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2002/08/28 19:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2002/08/28 19:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2002/08/28 19:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2002/08/28 19:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2002/08/28 19:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2002/08/28 19:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2002/08/28 19:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2002/08/28 19:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2002/08/28 19:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2002/08/28 19:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2002/08/28 19:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2002/08/28 19:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2002/08/28 19:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2002/08/28 19:00:00 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2002/08/28 19:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2002/08/28 19:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2002/08/28 19:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2002/08/28 19:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2002/08/28 19:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2002/08/28 19:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2002/08/28 19:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2002/08/28 19:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2002/08/28 19:00:00 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2002/08/28 19:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2002/08/28 19:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2002/08/28 19:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2002/08/28 19:00:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2002/08/28 19:00:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2002/03/04 11:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/07/15 16:48:32 | 00,170,585 | ---- | C] () -- C:\WINDOWS\System32\MCPrintX.dll
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/04 13:07:28 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\MICHEL~1\Desktop\OTListIt2(2).exe
[2009/04/04 13:02:15 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\Desktop\Rooter.exe
[2009/04/04 12:56:13 | 05,955,448 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\Desktop\saSetup64.exe
[2009/04/04 12:50:45 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/04 12:39:51 | 00,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/04 12:39:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/04 12:37:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 12:37:22 | 00,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 12:37:14 | 46,876,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/04 12:37:14 | 00,453,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/04 12:33:46 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/04 12:05:42 | 34,879,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/04 12:05:42 | 00,085,295 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/03 23:51:16 | 00,195,072 | ---- | M] () -- C:\Documents and Settings\Michelle Mc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/03 22:51:08 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/03 22:49:19 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\Desktop\ERUNT.lnk
[2009/04/03 22:48:24 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\MICHEL~1\Desktop\erunt_setup.exe
[2009/04/03 22:00:52 | 00,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/04/03 21:42:40 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\MICHEL~1\Desktop\OTListIt2.exe
[2009/04/03 20:51:38 | 00,131,928 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/04/03 20:49:21 | 00,009,334 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\Desktop\SysRestorePoint_v13.zip
[2009/04/03 11:35:11 | 34,841,319 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.old
[2009/04/03 11:35:11 | 00,084,967 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg.old
[2009/04/03 11:31:05 | 00,000,202 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2009/04/03 00:40:21 | 04,853,185 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\07-5-years-time.mp3
[2009/04/03 00:33:09 | 00,000,384 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\desktop.ini
[2009/04/03 00:32:02 | 00,008,828 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\Folder.jpg
[2009/04/03 00:32:02 | 00,008,828 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{88E628F1-2C52-4314-9A25-8CBF5C9B75AA}_Large.jpg
[2009/04/03 00:31:22 | 00,002,508 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArtSmall.jpg
[2009/04/03 00:31:22 | 00,002,508 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{88E628F1-2C52-4314-9A25-8CBF5C9B75AA}_Small.jpg
[2009/04/02 00:52:51 | 00,133,632 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\Thumbs.db
[2009/04/02 00:41:32 | 03,446,002 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\Pink_SoWhat.mp3
[2009/04/02 00:41:31 | 04,719,106 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\Rihanna_Rehab.mp3
[2009/04/02 00:41:31 | 04,259,840 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\TravisWhyDoesItAlwaysRainOnMe.mp3
[2009/04/02 00:40:59 | 00,008,702 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{6A76B9F0-30FA-432A-ABB4-91A6C8E9D95E}_Large.jpg
[2009/04/02 00:40:58 | 00,002,297 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{6A76B9F0-30FA-432A-ABB4-91A6C8E9D95E}_Small.jpg
[2009/04/02 00:40:54 | 10,219,814 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\Pink_-_Sober.mp3
[2009/04/01 21:59:07 | 00,013,371 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{5C307EDE-8241-46AE-B994-DBC97C557051}_Large.jpg
[2009/04/01 21:58:55 | 00,003,223 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{5C307EDE-8241-46AE-B994-DBC97C557051}_Small.jpg
[2009/04/01 00:58:52 | 05,616,741 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\01-miley_cyrus_and_john_travolta-i_thought_i_lost_you.mp3
[2009/04/01 00:48:49 | 05,808,996 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\02-barking-at-the-moon-1.mp3
[2009/04/01 00:41:24 | 00,011,953 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{F43AE5B8-2662-43B7-A409-DEE2BAA2C114}_Large.jpg
[2009/04/01 00:41:23 | 00,003,017 | -HS- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\AlbumArt_{F43AE5B8-2662-43B7-A409-DEE2BAA2C114}_Small.jpg
[2009/04/01 00:32:17 | 00,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/01 00:06:52 | 00,113,953 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\paramore-decode.mid
[2009/03/31 07:52:28 | 73,421,4144 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\s01e01 & s01e02 - Encounter at Farpoint.avi
[2009/03/30 21:14:28 | 00,081,579 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\shockwave.jpg
[2009/03/30 13:55:34 | 00,000,714 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\Desktop\Final Fantasy VII.lnk
[2009/03/27 00:47:50 | 08,003,059 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\4 Leave Out All The Rest - Linkin Park.mp3
[2009/03/27 00:47:42 | 10,482,570 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\2 Decode - Paramore.mp3
[2009/03/27 00:47:40 | 08,447,125 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\1 Supermassive Black Hole - Muse.mp3
[2009/03/27 00:47:08 | 03,894,503 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\JustDance__LadyGaga.mp3
[2009/03/27 00:47:04 | 03,594,379 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\Duelling_Violins.mp3
[2009/03/26 21:45:06 | 03,785,918 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\ryLouisPolisar-AllIWantIsYou.mp3
[2009/03/26 20:54:44 | 03,218,204 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\maroon 528.mp3
[2009/03/26 20:32:46 | 09,420,836 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\8 I Caught Myself - Paramore.mp3
[2009/03/26 20:32:46 | 04,165,140 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\13 - Liar.mp3
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 00:09:18 | 00,000,604 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Guild Wars.lnk
[2009/03/24 01:26:46 | 00,001,598 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SonicStage.lnk
[2009/03/22 20:23:24 | 00,002,257 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/03/18 14:59:37 | 00,000,812 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Yahoo! Messenger.lnk
[2009/03/17 03:51:31 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/03/17 03:51:31 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/03/17 03:49:03 | 12,754,672 | ---- | M] (Microsoft Corporation) -- C:\DOCUME~1\MICHEL~1\Desktop\MP10Setup(2).exe
[2009/03/17 03:43:08 | 12,754,672 | ---- | M] (Microsoft Corporation) -- C:\DOCUME~1\MICHEL~1\Desktop\MP10Setup.exe
[2009/03/16 19:03:13 | 23,596,840 | ---- | M] (Skype Technologies S.A.) -- C:\DOCUME~1\MICHEL~1\Desktop\SkypeSetupFull.exe
[2009/03/16 02:30:31 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/16 02:30:31 | 00,406,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/16 02:30:31 | 00,063,726 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/11 22:02:14 | 00,000,010 | ---- | M] () -- C:\WINDOWS\SEMD.bkm
[2009/03/06 01:21:22 | 07,716,992 | ---- | M] () -- C:\DOCUME~1\MICHEL~1\My Documents\ne-yo_-_closer.mp3
< End of report >
  • 0

Advertisements

#2
andrewuk
Posted 08 April 2009 - 05:13 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello 4myruby

welcome to geekstogo :) and sorry to keep you waiting.

firstly:

Download the HostsXpert 4.2 - Hosts File Manager.
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
and then:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review and a new hijackthis log

also:
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
andrewuk
  • 0

#3
4myruby
Posted 09 April 2009 - 07:50 AM

4myruby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
First of all, thanks sooo much for your help!
Now to business.... trying to do the Restore MS Hosts File in HostsXpert, it gives me an error message: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts
I did not go any further before consulting you. :)
Thanks!
  • 0

#4
andrewuk
Posted 09 April 2009 - 09:02 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
no problem, move onto the next step with combofix.
  • 0

#5
4myruby
Posted 09 April 2009 - 09:38 AM

4myruby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
... I cannot even get ComboFix to Run. I have turned off any antivirus, firewalls, etc, as far as I can tell. Slight panic setting in... :)
  • 0

#6
andrewuk
Posted 09 April 2009 - 09:49 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
no need to panic, i have several tricks up my sleeve:

try this route:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
and the hijackthis log please

andrewuk
  • 0

#7
4myruby
Posted 09 April 2009 - 10:45 AM

4myruby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OK, much better! Here are my ComboFix and HJT logs:

ComboFix:

ComboFix 09-04-04.01 - Michelle Mc 2009-04-09 9:11:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.153 [GMT -7:00]
Running from: c:\documents and settings\Michelle Mc\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\sanR24
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\drivers\UACxnrwosty.sys
c:\windows\system32\fihhk.ini
c:\windows\system32\fihhk.ini2
c:\windows\system32\ijugaral.ini
c:\windows\system32\ilubugih.ini
c:\windows\system32\ovukofum.ini
c:\windows\system32\UACbmyagkki.dll
c:\windows\system32\UACfyxouvtl.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkinetlir.log
c:\windows\system32\UACkxvdbqlt.log
c:\windows\system32\UACmepyyqpa.dll
c:\windows\system32\UACmpqmhskw.dll
c:\windows\system32\UACnvdjbinj.dat
c:\windows\system32\UACpxobldkb.log
c:\windows\system32\UACxjcbehqp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-04 13:02 . 2009-04-04 13:04 <DIR> d-------- C:\Rooter$
2009-04-04 12:58 . 2009-04-04 12:58 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-04 12:58 . 2009-04-04 12:58 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-04-04 12:58 . 2009-04-04 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-04 12:57 . 2009-04-04 12:57 <DIR> d-------- c:\program files\Common Files\McAfee
2009-04-04 12:56 . 2009-04-07 06:54 <DIR> d-------- c:\program files\McAfee
2009-04-04 12:56 . 2009-04-04 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-04-03 22:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-04-03 22:51 . 2009-04-03 22:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 22:51 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 22:51 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-03 22:49 . 2009-04-03 22:49 <DIR> d-------- c:\program files\ERUNT
2009-04-03 21:43 . 2009-04-03 21:43 <DIR> d-------- C:\_OTListIt
2009-03-30 21:01 . 2009-03-30 21:01 <DIR> d-------- c:\program files\Common Files\Enterbrain
2009-03-30 13:56 . 1998-07-17 13:36 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-03-30 13:46 . 2009-03-30 15:00 <DIR> d-------- c:\program files\Final Fantasy VII
2009-03-27 00:42 . 2009-03-27 00:42 <DIR> d-------- c:\documents and settings\All Users\SonicStage
2009-03-24 01:27 . 2001-09-13 02:15 90,112 --------- c:\windows\snymsico.dll
2009-03-24 01:27 . 2002-08-08 15:51 38,951 --------- c:\windows\system32\drivers\NETMDUSB.sys
2009-03-24 01:27 . 2005-10-31 10:46 36,679 --------- c:\windows\system32\drivers\NETMD052.sys
2009-03-24 01:27 . 2003-11-10 12:31 36,232 --------- c:\windows\system32\drivers\NETMD033.sys
2009-03-24 01:27 . 2003-04-01 18:55 35,319 --------- c:\windows\system32\drivers\NETMD031.sys
2009-03-24 01:26 . 2007-01-13 08:24 770,048 --a------ c:\windows\system32\CDDBUISony.dll
2009-03-24 01:26 . 2007-01-13 08:22 655,360 --a------ c:\windows\system32\CDDBControlSony.dll
2009-03-24 01:26 . 2007-01-13 08:22 589,824 --a------ c:\windows\system32\CddbMusicIDSony.dll
2009-03-24 01:26 . 2007-01-13 08:25 532,480 --a------ c:\windows\system32\CddbPlaylist2Sony.dll
2009-03-24 01:26 . 2007-01-13 08:24 73,728 --a------ c:\windows\system32\CddbLinkSony.dll
2009-03-24 01:25 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-03-24 01:23 . 2009-03-24 01:27 <DIR> d-------- c:\program files\Sony
2009-03-24 01:22 . 2009-03-24 01:23 <DIR> d-------- c:\program files\Common Files\Sony Shared
2009-03-24 01:22 . 2009-03-27 00:42 <DIR> d-------- c:\documents and settings\Michelle Mc\Application Data\Sony Corporation
2009-03-18 15:00 . 2009-03-18 15:00 <DIR> d-------- c:\documents and settings\Michelle Mc\Application Data\Yahoo!
2009-03-18 15:00 . 2009-03-18 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-18 14:59 . 2009-03-18 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-16 19:05 . 2009-03-22 20:41 <DIR> d-------- c:\documents and settings\Michelle Mc\Application Data\Skype
2009-03-16 19:04 . 2009-03-16 19:04 <DIR> d-------- c:\program files\Skype
2009-03-16 19:04 . 2009-03-16 19:04 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-15 23:44 . 2009-03-26 00:08 <DIR> d-------- c:\program files\Guild Wars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 16:27 --------- d-----w c:\program files\DNA
2009-04-09 16:27 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\DNA
2009-04-09 16:16 --------- d-----w c:\program files\Google
2009-04-05 02:20 952 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-04 19:50 --------- d-----w c:\program files\SUPERAntiSpyware
2009-04-04 19:50 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\SUPERAntiSpyware.com
2009-04-04 19:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-04 06:59 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\BitTorrent
2009-04-04 06:56 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\U3
2009-03-31 04:01 --------- d-----w c:\program files\Enterbrain
2009-03-29 09:53 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\WinFF
2009-03-29 09:03 90,112 ----a-w c:\windows\DUMP41c0.tmp
2009-03-24 08:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 06:36 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-23 03:24 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\skypePM
2009-03-18 22:00 --------- d-----w c:\program files\Yahoo!
2009-03-17 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-11 10:48 --------- d-----w c:\program files\Phoenix Dynasty Online
2009-02-26 00:39 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\LimeWire
2009-02-16 03:30 --------- d-----w c:\program files\srhmoxc
2008-10-13 06:20 53,248 ----a-w c:\documents and settings\Michelle Mc\lametritonus_en.dll
2008-10-13 06:20 162,304 ----a-w c:\documents and settings\Michelle Mc\lame_enc_en.dll
2008-03-21 06:08 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-19 20:56 129,216 -c--a-w c:\documents and settings\Michelle Mc\Application Data\GDIPFONTCACHEV1.DAT
2008-04-20 08:09 144 --sha-w c:\windows\system32\1244412595.dat
2008-10-27 07:50 56 --sh--r c:\windows\system32\C7CFBA7692.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"= "c:\program files\AskSearch\bin\DefaultSearch.dll" [2008-09-29 90112]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-14 67128]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-17 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-11-14 83232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\downloads\Reader\reader_sl.exe [2005-09-23 29696]
Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-09-20 36864]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-14 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-08 811008]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-09-20 53248]
Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-09-20 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 23:32 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8599:TCP"= 8599:TCP:*:Disabled:SolidNetworkManager
"8599:UDP"= 8599:UDP:*:Disabled:SolidNetworkManager
"22784:TCP"= 22784:TCP:BitCometLite 22784 TCP
"22784:UDP"= 22784:UDP:BitCometLite 22784 UDP
"18075:TCP"= 18075:TCP:BitCometLite 18075 TCP
"18075:UDP"= 18075:UDP:BitCometLite 18075 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-21 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-04-04 210216]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [2003-05-22 26112]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2003-05-22 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-05-22 273536]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-05-22 16512]
S2 mrtRate;mrtRate; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{155fee10-a59a-11db-929a-00904b412da6}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c176070-0074-11db-91f1-00904b412da6}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ef4220-a80d-11db-929d-00904b412da6}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edf52f80-d00a-11dd-967e-00904b412da6}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\defrag.job
- C:\defrag.bat [2008-10-21 09:29]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C9C42510-9B21-41c1-9DCD-8382A2D07C61} - c:\windows\system32\iehelper.dll
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
HKCU-Run-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe
HKCU-Run-rundll32.exe - c:\documents and settings\Michelle Mc\Application Data\Macromedia\Common\429700261.dll
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Explorer_Run-a7J2SNjG9M - c:\documents and settings\All Users\Application Data\rapyrafe\rwnyrcnk.exe
Notify-vtuvttt - vtuvttt.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://qus8l.hpwis.com/
uInternet Settings,ProxyOverride = localhost;<local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: kmep.com\www
TCP: {32919092-0221-4E99-9D8E-A25C10D9DC89} = 207.53.168.13,207.53.168.2
TCP: {43C284AF-BF30-4D65-81E9-84DD1F916959} = 10.201.75.19,65.106.1.196
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} - hxxp://10.201.50.41/ami/install/amiconference.cab
DPF: {7B82431C-7875-42E1-9404-57102672D6B4} - hxxp://10.201.50.41/ami/install/amiviewer.cab
FF - ProfilePath - c:\documents and settings\Michelle Mc\Application Data\Mozilla\Firefox\Profiles\g72vlhgs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\downloads\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 09:26:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\HPConfig.exe
c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-09 9:34:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 16:34:38

Pre-Run: 43,645,165,568 bytes free
Post-Run: 43,547,729,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

267 --- E O F --- 2009-04-04 19:34:06


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:10 AM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;*.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\downloads\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - https://www.kmep.com...ptX/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} (AMI Conferencing Control 6.0) - http://10.201.50.41/...iconference.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp...X/DrPrinter.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1238824459236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159193915863
O16 - DPF: {7B82431C-7875-42E1-9404-57102672D6B4} (AMI ViewApp Control 6.0 (SPa5)) - http://10.201.50.41/...l/amiviewer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://zone.msn.com/...S2.cab61895.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32919092-0221-4E99-9D8E-A25C10D9DC89}: NameServer = 207.53.168.13,207.53.168.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{43C284AF-BF30-4D65-81E9-84DD1F916959}: NameServer = 10.201.75.19,65.106.1.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{32919092-0221-4E99-9D8E-A25C10D9DC89}: NameServer = 207.53.168.13,207.53.168.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12709 bytes

thanks for your time and patience!
  • 0

#8
andrewuk
Posted 09 April 2009 - 04:44 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
1. i believe i can see 2 antivirus programs on your machine: AVG and norton? is this the case? if so, which one are you using?

2. is this your ISP or company?

Org-Name: NTT America Inc.
Street-Address: 8005 South Chester Street Suite
City: Englewood
State: CO

3. is this meant to be your start page? http://qus8l.hpwis.com


====STEP 1====
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Program Files\AskSearch

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"=-
[-HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[-HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{155fee10-a59a-11db-929a-00904b412da6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c176070-0074-11db-91f1-00904b412da6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ef4220-a80d-11db-929d-00904b412da6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edf52f80-d00a-11dd-967e-00904b412da6}]

DirLook::
c:\program files\srhmoxc


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



====STEP 2====
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • c:\documents and settings\Michelle Mc\lametritonus_en.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply (you will need to paste the link onto a notepad before you do the other scans below, else the contents of your clipboard will be written over with the new links).
Could you do the same for the following files:
  • c:\documents and settings\Michelle Mc\lame_enc_en.dll
  • c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
  • c:\windows\system32\C7CFBA7692.sys

In your next reply could i see:
1. the answers to the above questions
2. the combofix log
3. a new hijackthis log
4. the 4 virscan logs or links

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#9
4myruby
Posted 10 April 2009 - 06:36 AM

4myruby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OK, to answer your questions:
1. I use AVG; I was not aware that Norton was on here...
2. No, neither; I am not familiar with this.
3. No, usually either mymsn.com or yahoo is my start page.
I might also mention, whether or not it is pertinent, that this computer is an older extra laptop that I use when I work from home (there is no private company info on this computer; all of the data for this purpose is stored on a memory stick). Don't know if that matters but that is why 'MichelleMc' shows up because this person used to be the office manager umpteen years ago.

Anyway, here are my combofix and HJT logs. I will put the virscan logs in another reply.

ComboFix 09-04-04.01 - Michelle Mc 2009-04-09 17:36:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.102 [GMT -7:00]
Running from: c:\documents and settings\Michelle Mc\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Michelle Mc\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch
c:\program files\AskSearch\bin\DefaultSearch.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-09 09:39 . 2009-04-09 09:39 <DIR> d-------- c:\program files\Trend Micro
2009-04-04 13:02 . 2009-04-04 13:04 <DIR> d-------- C:\Rooter$
2009-04-04 12:58 . 2009-04-04 12:58 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-04 12:58 . 2009-04-04 12:58 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-04-04 12:58 . 2009-04-04 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-04 12:57 . 2009-04-04 12:57 <DIR> d-------- c:\program files\Common Files\McAfee
2009-04-04 12:56 . 2009-04-07 06:54 <DIR> d-------- c:\program files\McAfee
2009-04-04 12:56 . 2009-04-04 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-04-03 22:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-04-03 22:51 . 2009-04-03 22:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 22:51 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 22:51 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-03 22:49 . 2009-04-03 22:49 <DIR> d-------- c:\program files\ERUNT
2009-04-03 21:43 . 2009-04-03 21:43 <DIR> d-------- C:\_OTListIt
2009-03-30 21:01 . 2009-03-30 21:01 <DIR> d-------- c:\program files\Common Files\Enterbrain
2009-03-30 13:56 . 1998-07-17 13:36 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-03-30 13:46 . 2009-03-30 15:00 <DIR> d-------- c:\program files\Final Fantasy VII
2009-03-27 00:42 . 2009-03-27 00:42 <DIR> d-------- c:\documents and settings\All Users\SonicStage
2009-03-24 01:27 . 2001-09-13 02:15 90,112 --------- c:\windows\snymsico.dll
2009-03-24 01:27 . 2002-08-08 15:51 38,951 --------- c:\windows\system32\drivers\NETMDUSB.sys
2009-03-24 01:27 . 2005-10-31 10:46 36,679 --------- c:\windows\system32\drivers\NETMD052.sys
2009-03-24 01:27 . 2003-11-10 12:31 36,232 --------- c:\windows\system32\drivers\NETMD033.sys
2009-03-24 01:27 . 2003-04-01 18:55 35,319 --------- c:\windows\system32\drivers\NETMD031.sys
2009-03-24 01:26 . 2007-01-13 08:24 770,048 --a------ c:\windows\system32\CDDBUISony.dll
2009-03-24 01:26 . 2007-01-13 08:22 655,360 --a------ c:\windows\system32\CDDBControlSony.dll
2009-03-24 01:26 . 2007-01-13 08:22 589,824 --a------ c:\windows\system32\CddbMusicIDSony.dll
2009-03-24 01:26 . 2007-01-13 08:25 532,480 --a------ c:\windows\system32\CddbPlaylist2Sony.dll
2009-03-24 01:26 . 2007-01-13 08:24 73,728 --a------ c:\windows\system32\CddbLinkSony.dll
2009-03-24 01:25 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-03-24 01:23 . 2009-03-24 01:27 <DIR> d-------- c:\program files\Sony
2009-03-24 01:22 . 2009-03-24 01:23 <DIR> d-------- c:\program files\Common Files\Sony Shared
2009-03-24 01:22 . 2009-03-27 00:42 <DIR> d-------- c:\documents and settings\Michelle Mc\Application Data\Sony Corporation
2009-03-18 15:00 . 2009-03-18 15:00 <DIR> d-------- c:\documents and settings\Michelle Mc\Application Data\Yahoo!
2009-03-18 15:00 . 2009-03-18 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-18 14:59 . 2009-03-18 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-16 19:05 . 2009-03-22 20:41 <DIR> d-------- c:\documents and settings\Michelle Mc\Application Data\Skype
2009-03-16 19:04 . 2009-03-16 19:04 <DIR> d-------- c:\program files\Skype
2009-03-16 19:04 . 2009-03-16 19:04 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-15 23:44 . 2009-03-26 00:08 <DIR> d-------- c:\program files\Guild Wars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 00:38 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\DNA
2009-04-10 00:28 --------- d-----w c:\program files\DNA
2009-04-09 17:46 1,890 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-09 17:45 --------- d-----w c:\program files\WordPerfect Office 12
2009-04-09 17:33 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\Corel
2009-04-09 16:16 --------- d-----w c:\program files\Google
2009-04-04 19:50 --------- d-----w c:\program files\SUPERAntiSpyware
2009-04-04 19:50 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\SUPERAntiSpyware.com
2009-04-04 19:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-04 06:59 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\BitTorrent
2009-04-04 06:56 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\U3
2009-04-01 07:32 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-31 04:01 --------- d-----w c:\program files\Enterbrain
2009-03-29 09:53 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\WinFF
2009-03-29 09:03 90,112 ----a-w c:\windows\DUMP41c0.tmp
2009-03-24 08:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 06:36 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-23 03:24 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\skypePM
2009-03-18 22:00 --------- d-----w c:\program files\Yahoo!
2009-03-17 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-11 10:48 --------- d-----w c:\program files\Phoenix Dynasty Online
2009-02-26 00:39 --------- d-----w c:\documents and settings\Michelle Mc\Application Data\LimeWire
2009-02-16 03:30 --------- d-----w c:\program files\srhmoxc
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-06 06:32 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-13 06:20 53,248 ----a-w c:\documents and settings\Michelle Mc\lametritonus_en.dll
2008-10-13 06:20 162,304 ----a-w c:\documents and settings\Michelle Mc\lame_enc_en.dll
2008-03-21 06:08 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-19 20:56 129,216 -c--a-w c:\documents and settings\Michelle Mc\Application Data\GDIPFONTCACHEV1.DAT
2008-04-20 08:09 144 --sha-w c:\windows\system32\1244412595.dat
2008-10-27 07:50 56 --sh--r c:\windows\system32\C7CFBA7692.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\program files\srhmoxc ----



((((((((((((((((((((((((((((( SnapShot@2009-04-09_ 9.32.02.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-04 19:37:14 453,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-10 00:27:10 391,184 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-10 00:28:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_120.dat
+ 2009-04-10 00:27:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-14 67128]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-17 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-11-14 83232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\downloads\Reader\reader_sl.exe [2005-09-23 29696]
Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-09-20 36864]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-14 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-08 811008]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-09-20 53248]
Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-09-20 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 23:32 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8599:TCP"= 8599:TCP:*:Disabled:SolidNetworkManager
"8599:UDP"= 8599:UDP:*:Disabled:SolidNetworkManager
"22784:TCP"= 22784:TCP:BitCometLite 22784 TCP
"22784:UDP"= 22784:UDP:BitCometLite 22784 UDP
"18075:TCP"= 18075:TCP:BitCometLite 18075 TCP
"18075:UDP"= 18075:UDP:BitCometLite 18075 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-21 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-04-04 210216]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [2003-05-22 26112]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2003-05-22 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-05-22 273536]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-05-22 16512]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\defrag.job
- C:\defrag.bat [2008-10-21 09:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://qus8l.hpwis.com/
uInternet Settings,ProxyOverride = localhost;<local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: kmep.com\www
TCP: {32919092-0221-4E99-9D8E-A25C10D9DC89} = 207.53.168.13,207.53.168.2
TCP: {43C284AF-BF30-4D65-81E9-84DD1F916959} = 10.201.75.19,65.106.1.196
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} - hxxp://10.201.50.41/ami/install/amiconference.cab
DPF: {7B82431C-7875-42E1-9404-57102672D6B4} - hxxp://10.201.50.41/ami/install/amiviewer.cab
FF - ProfilePath - c:\documents and settings\Michelle Mc\Application Data\Mozilla\Firefox\Profiles\g72vlhgs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\downloads\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 17:41:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-04-09 17:44:32
ComboFix-quarantined-files.txt 2009-04-10 00:43:39
ComboFix2.txt 2009-04-09 16:34:51

Pre-Run: 43,546,968,064 bytes free
Post-Run: 43,529,629,696 bytes free

224 --- E O F --- 2009-04-04 19:34:06

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:10 AM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;*.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\downloads\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - https://www.kmep.com...ptX/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} (AMI Conferencing Control 6.0) - http://10.201.50.41/...iconference.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp...X/DrPrinter.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1238824459236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159193915863
O16 - DPF: {7B82431C-7875-42E1-9404-57102672D6B4} (AMI ViewApp Control 6.0 (SPa5)) - http://10.201.50.41/...l/amiviewer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://zone.msn.com/...S2.cab61895.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32919092-0221-4E99-9D8E-A25C10D9DC89}: NameServer = 207.53.168.13,207.53.168.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{43C284AF-BF30-4D65-81E9-84DD1F916959}: NameServer = 10.201.75.19,65.106.1.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{32919092-0221-4E99-9D8E-A25C10D9DC89}: NameServer = 207.53.168.13,207.53.168.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12709 bytes
  • 0

#10
4myruby
Posted 10 April 2009 - 06:41 AM

4myruby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
And the four virscans in order of request:


Main Menu
HOME About VirSCAN Report Help VirSCAN Submit Bugs Contact us

File information
File Name : lametritonus_en.dll
File Size : 53248 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : c8b76b04f86488d224c5a34854cb0782
SHA1 : b682a077b52e013b95d9be978c4abe17c603ee04
Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/04/09 17:56:26 (PDT)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090409194450 2009-04-09 - 1.896
AhnLab V3 2009.04.10.01 2009.04.10 2009-04-10 - 0.665
AntiVir 7.9.0.138 7.1.3.40 2009-04-09 - 1.986
Antiy 2.0.18 20090409.2288078 2009-04-09 - 0.119
Authentium 5.1.1 200904092036 2009-04-09 - 1.187
AVAST! 3.0.1 090409-0 2009-04-09 - 0.006
AVG 7.5.52.442 270.11.50/2051 2009-04-09 - 2.012
BitDefender 7.81008.2845856 7.24699 2009-04-10 - 2.650
CA (VET) 9.0.0.143 31.6.6448 2009-04-10 - 4.387
ClamAV 0.95 9218 2009-04-09 - 0.018
Comodo 3.8 1107 2009-04-09 - 0.550
CP Secure 1.1.0.715 2009.04.09 2009-04-09 - 8.026
Dr.Web 4.44.0.9170 2009.04.09 2009-04-09 - 4.373
F-Prot 4.4.4.56 20090409 2009-04-09 - 1.158
F-Secure 5.51.6100 2009.04.09.16 2009-04-09 - 0.092
Fortinet 2.81-3.117 10.266 2009-04-09 - 0.185
GData 19.4497/19.294 20090409 2009-04-09 - 3.789
ViRobot 20090409 2009.04.09 2009-04-09 - 0.403
Ikarus T3.1.01.49 2009.04.09.72554 2009-04-09 - 2.905
JiangMin 11.0.706 2009.04.09 2009-04-09 - 1.641
Kaspersky 5.5.10 2009.04.09 2009-04-09 - 0.075
KingSoft 2009.2.5.15 2009.4.9.21 2009-04-09 - 0.578
McAfee 5.3.00 5579 2009-04-09 - 2.713
Microsoft 1.4502 2009.04.09 2009-04-09 - 4.400
mks_vir 2.01 2009.04.09 2009-04-09 - 2.744
Norman 6.00.06 6.00.00 2009-04-03 - 10.010
Panda 9.05.01 2009.04.09 2009-04-09 - 4.062
Trend Micro 8.700-1004 5.956.14 2009-04-09 - 0.027
Quick Heal 10.00 2009.04.09 2009-04-09 - 1.067
Rising 20.0 21.23.40.00 2009-04-03 - 0.809
Sophos 2.85.0 4.40 2009-04-10 - 2.083
Sunbelt 5083 5083 2009-04-08 - 0.649
Symantec 1.3.0.24 20090409.004 2009-04-09 - 0.049
nProtect 20090409.02 3453499 2009-04-09 - 4.509
The Hacker 6.3.4.0 v00305 2009-04-09 - 0.616
VBA32 3.12.10.2 20090408.1215 2009-04-08 - 1.822
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 - 1.494
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database
Copy to clipboard

About VirSCAN | Privacy policy | Contact us | Help VirSCAN

Translated by Vit Rusych, Ukraine

****after scanning, the following message appeared:
The file are lame_enc_en.dll uploaded by other users and scanned successfully at 2009/03/16 10:46:13, and 37 softwares update the database from last scan to now.
after rerunning the scan, I received the same message but was able to copy the scan info....

VirSCAN.org Scanned Report :
Scanned time : 2009/03/15 20:46:13 (MDT)
Scanner results: All Scanners reported not find malware!
File Name : lame_enc.dll
File Size : 162304 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 3c0ac9f753dd0c4ad3d46f5f6aa36aa9
SHA1 : f9138dbbe82174cb9c948aac92f3cf863221b105
Online report : http://virscan.org/r...1d132055eb.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090315223639 2009-03-15 2.53 -
AhnLab V3 2009.03.15.00 2009.03.15 2009-03-15 1.14 -
AntiVir 7.9.0.114 7.1.2.172 2009-03-15 1.99 -
Antiy 2.0.18 20090315.2217560 2009-03-15 0.12 -
Authentium 5.1.1 200903151718 2009-03-15 1.13 -
AVAST! 3.0.1 090315-1 2009-03-15 0.04 -
AVG 7.5.52.442 270.11.15/2003 2009-03-15 1.98 -
BitDefender 7.81008.2794661 7.24210 2009-03-16 2.57 -
CA (VET) 9.0.0.143 31.6.6395 2009-03-13 3.89 -
ClamAV 0.94.2 9110 2009-03-15 0.21 -
Comodo 3.8 1057 2009-03-15 0.60 -
CP Secure 1.1.0.715 2009.03.15 2009-03-15 7.58 -
Dr.Web 4.44.0.9170 2009.03.15 2009-03-15 4.22 -
F-Prot 4.4.4.56 20090315 2009-03-15 1.21 -
F-Secure 5.51.6100 2009.03.15.05 2009-03-15 0.15 -
Fortinet 2.81-3.117 10.162 2009-03-15 0.46 -
GData 19.3978/19.263 20090316 2009-03-16 4.07 -
ViRobot 20090313 2009.03.13 2009-03-13 0.41 -
Ikarus T3.1.01.45 2009.03.16.72431 2009-03-16 4.29 -
JiangMin 11.0.706 2009.03.15 2009-03-15 1.58 -
Kaspersky 5.5.10 2009.03.16 2009-03-16 0.13 -
KingSoft 2009.2.5.15 2009.3.15.20 2009-03-15 0.76 -
McAfee 5.3.00 5554 2009-03-15 2.70 -
Microsoft 1.4405 2009.03.15 2009-03-15 4.79 -
mks_vir 2.01 2009.03.15 2009-03-15 2.70 -
Norman 6.00.06 6.00.00 2009-03-13 8.01 -
Panda 9.05.01 2009.03.15 2009-03-15 1.49 -
Trend Micro 8.700-1004 5.896.48 2009-03-15 0.09 -
Quick Heal 10.00 2009.03.14 2009-03-14 1.10 -
Rising 20.0 21.20.62.00 2009-03-15 0.90 -
Sophos 2.84.1 4.39 2009-03-16 2.19 -
Sunbelt 5042 5042 2009-03-14 2.26 -
Symantec 1.3.0.24 20090315.003 2009-03-15 0.22 -
nProtect 20090316.01 3339007 2009-03-16 4.83 -
The Hacker 6.3.2.7 v00282 2009-03-15 0.55 -
VBA32 3.12.10.1 20090314.1951 2009-03-14 1.73 -
VirusBuster 4.5.11.10 10.102.11/978871 2009-03-15 1.40 -


VirSCAN.org Scanned Report :
Scanned time : 2009/04/10 06:11:26 (MDT)
Scanner results: All Scanners reported not find malware!
File Name : QFSCHD140.EXE
File Size : 83232 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 92539dadc36404fd6c75cc082051a05b
SHA1 : 6f09a227ba4c26ad312308237f44a57d01a7df0f
Online report : http://virscan.org/r...e98fad0375.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090409194450 2009-04-09 3.18 -
AhnLab V3 2009.04.10.03 2009.04.10 2009-04-10 1.76 -
AntiVir 7.9.0.138 7.1.3.40 2009-04-09 2.02 -
Antiy 2.0.18 20090410.2288865 2009-04-10 0.12 -
Authentium 5.1.1 200904092036 2009-04-09 1.31 -
AVAST! 3.0.1 090409-0 2009-04-09 0.01 -
AVG 7.5.52.442 270.11.51/2052 2009-04-10 2.03 -
BitDefender 7.81008.2845951 7.24711 2009-04-10 2.65 -
CA (VET) 9.0.0.143 31.6.6448 2009-04-10 7.24 -
ClamAV 0.95 9219 2009-04-09 0.03 -
Comodo 3.8 1109 2009-04-10 1.19 -
CP Secure 1.1.0.715 2009.04.10 2009-04-10 8.21 -
Dr.Web 4.44.0.9170 2009.04.10 2009-04-10 4.46 -
F-Prot 4.4.4.56 20090409 2009-04-09 1.24 -
F-Secure 5.51.6100 2009.04.10.02 2009-04-10 0.08 -
Fortinet 2.81-3.117 10.267 2009-04-10 0.52 -
GData 19.4513/19.294 20090410 2009-04-10 7.90 -
ViRobot 20090409 2009.04.09 2009-04-09 0.61 -
Ikarus T3.1.01.49 2009.04.10.72556 2009-04-10 3.50 -
JiangMin 11.0.706 2009.04.10 2009-04-10 2.24 -
Kaspersky 5.5.10 2009.04.10 2009-04-10 0.08 -
KingSoft 2009.2.5.15 2009.4.10.18 2009-04-10 3.06 -
McAfee 5.3.00 5579 2009-04-09 2.73 -
Microsoft 1.4502 2009.04.10 2009-04-10 5.99 -
mks_vir 2.01 2009.04.10 2009-04-10 2.74 -
Norman 6.00.06 6.00.00 2009-04-03 10.02 -
Panda 9.05.01 2009.04.09 2009-04-09 1.60 -
Trend Micro 8.700-1004 5.958.04 2009-04-09 0.03 -
Quick Heal 10.00 2009.04.10 2009-04-10 1.96 -
Rising 20.0 21.23.40.00 2009-04-03 0.46 -
Sophos 2.85.0 4.40 2009-04-10 2.15 -
Sunbelt 5084 5084 2009-04-09 0.79 -
Symantec 1.3.0.24 20090409.004 2009-04-09 0.10 -
nProtect 20090410.02 3447271 2009-04-10 4.48 -
The Hacker 6.3.4.0 v00305 2009-04-09 0.58 -
VBA32 3.12.10.2 20090410.0506 2009-04-10 1.83 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.54 -

VirSCAN.org Scanned Report :
Scanned time : 2009/04/10 06:16:57 (MDT)
Scanner results: All Scanners reported not find malware!
File Name : C7CFBA7692.sys
File Size : 56 byte
File Type : data
MD5 : 9e9f2685adeebe3628bdd7ccaeb01545
SHA1 : 16221a88ea0c5f270abbf91d91e7a440458651ee
Online report : http://virscan.org/r...c0abf900cc.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090409194450 2009-04-09 2.18 -
AhnLab V3 2009.04.10.03 2009.04.10 2009-04-10 1.93 -
AntiVir 7.9.0.138 7.1.3.40 2009-04-09 2.04 -
Antiy 2.0.18 20090410.2288865 2009-04-10 0.12 -
Authentium 5.1.1 200904092036 2009-04-09 1.14 -
AVAST! 3.0.1 090409-0 2009-04-09 0.91 -
AVG 7.5.52.442 270.11.51/2052 2009-04-10 2.04 -
BitDefender 7.81008.2845951 7.24711 2009-04-10 2.68 -
CA (VET) 9.0.0.143 31.6.6448 2009-04-10 5.74 -
ClamAV 0.95 9219 2009-04-09 0.00 -
Comodo 3.8 1109 2009-04-10 0.55 -
CP Secure 1.1.0.715 2009.04.10 2009-04-10 8.08 -
Dr.Web 4.44.0.9170 2009.04.10 2009-04-10 4.41 -
F-Prot 4.4.4.56 20090409 2009-04-09 1.10 -
F-Secure 5.51.6100 2009.04.10.02 2009-04-10 5.15 -
Fortinet 2.81-3.117 10.267 2009-04-10 0.14 -
GData 19.4513/19.294 20090410 2009-04-10 3.47 -
ViRobot 20090409 2009.04.09 2009-04-09 0.54 -
Ikarus T3.1.01.49 2009.04.10.72556 2009-04-10 2.99 -
JiangMin 11.0.706 2009.04.10 2009-04-10 2.02 -
Kaspersky 5.5.10 2009.04.10 2009-04-10 0.02 -
KingSoft 2009.2.5.15 2009.4.10.18 2009-04-10 0.63 -
McAfee 5.3.00 5579 2009-04-09 2.69 -
Microsoft 1.4502 2009.04.10 2009-04-10 4.76 -
mks_vir 2.01 2009.04.10 2009-04-10 2.69 -
Norman 6.00.06 6.00.00 2009-04-03 10.01 -
Panda 9.05.01 2009.04.09 2009-04-09 1.60 -
Trend Micro 8.700-1004 5.958.04 2009-04-09 0.02 -
Quick Heal 10.00 2009.04.10 2009-04-10 2.37 -
Rising 20.0 21.23.40.00 2009-04-03 0.28 -
Sophos 2.85.0 4.40 2009-04-10 2.06 -
Sunbelt 5084 5084 2009-04-09 1.17 -
Symantec 1.3.0.24 20090409.004 2009-04-09 0.23 -
nProtect 20090410.02 3447271 2009-04-10 4.74 -
The Hacker 6.3.4.0 v00305 2009-04-09 0.51 -
VBA32 3.12.10.2 20090410.0506 2009-04-10 1.81 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.50 -
  • 0

Advertisements

#11
andrewuk
Posted 10 April 2009 - 06:53 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


and then could you re-run and post a new hijackthis log please, you posted the old one just now.

andrewuk
  • 0

#12
4myruby
Posted 10 April 2009 - 07:26 AM

4myruby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
oops, sorry about the old log. Here is the one I just ran:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:09 AM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;*.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\downloads\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - https://www.kmep.com...ptX/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} (AMI Conferencing Control 6.0) - http://10.201.50.41/...iconference.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp...X/DrPrinter.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1238824459236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159193915863
O16 - DPF: {7B82431C-7875-42E1-9404-57102672D6B4} (AMI ViewApp Control 6.0 (SPa5)) - http://10.201.50.41/...l/amiviewer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://zone.msn.com/...S2.cab61895.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32919092-0221-4E99-9D8E-A25C10D9DC89}: NameServer = 207.53.168.13,207.53.168.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{43C284AF-BF30-4D65-81E9-84DD1F916959}: NameServer = 10.201.75.19,65.106.1.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{32919092-0221-4E99-9D8E-A25C10D9DC89}: NameServer = 207.53.168.13,207.53.168.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12570 bytes
  • 0

#13
andrewuk
Posted 10 April 2009 - 07:57 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
hmm . . . . .interesting on the NTT America. your internet traffic is routed through there as it resolves your DNS. personally, it does not look like malware to me, so perhaps it goes back to when the machine was at the office. we will leave that in, it looks ok.

in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.

we will also remove your norton.



====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 2====
we will update and re-run your malwarebytes:

double click the malwarebytes icon on your desktop to open the program
  • on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
  • once complete (a new version of malwarebytes may download) select the tab Scanner
  • select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 3====
we will also update and re-run your superantispyware.

  • Double-click the superantispyware icon on your desktop to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
====STEP 4====
Go HERE and choose the product that is installed and then download the removal tool.
Run it and reboot.
This should get rid of Norton.


====STEP 5====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 12.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe and select "Run as an Administrator.")
In your next reply could i see:
1. the malwarebytes log
2. the superantispyware log
3. the kaspersky log
4. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#14
4myruby
Posted 10 April 2009 - 06:38 PM

4myruby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Done finally between the scanning, work, and grocery shopping! :)

malware scan:
Malwarebytes' Anti-Malware 1.36
Database version: 1962
Windows 5.1.2600 Service Pack 3

4/10/2009 7:23:25 AM
mbam-log-2009-04-10 (07-23-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116474
Time elapsed: 19 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\EuroGrand Casino (Adware.Purityscan) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfyxouvtl.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmepyyqpa.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxjcbehqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\EuroGrand Casino\Bonus.html (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\Program Files\EuroGrand Casino\eug.ico (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\Program Files\EuroGrand Casino\SetupCasino.exe (Adware.Purityscan) -> Quarantined and deleted successfully.

superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/10/2009 at 08:30 AM

Application Version : 4.26.1000

Core Rules Database Version : 3838
Trace Rules Database Version: 1794

Scan type : Quick Scan
Total Scan Time : 00:40:34

Memory items scanned : 434
Memory threats detected : 0
Registry items scanned : 537
Registry threats detected : 1
File items scanned : 28002
File threats detected : 1

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-571148457-2326399450-3316599525-1006\SOFTWARE\Microsoft\fias4013

Trojan.RootKit/Gen
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UACBMYAGKKI.DLL.VIR

kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, April 10, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, April 10, 2009 18:43:30
Records in database: 2032144
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 73424
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 05:45:05


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmpqmhskw.dll.vir Infected: Packed.Win32.Tdss.f 1

The selected area was scanned.

Currently, I am no longer getting the Google installer message and have been able to run Malwarebytes. I have not been on this computer enough to comment about the redirects. Overall, it still runs a little slow, but probably no slower than when I first started using the computer; it was already slow then.... hope that info helps some.
  • 0

#15
andrewuk
Posted 10 April 2009 - 07:14 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the malwarebytes only found remnants and items already quarantined, likewise superantispyware and kaspersky.

before we wrap this up, lets just clear away a folder and check your hosts file:

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
c:\program files\srhmoxc

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


and:

double-click hijackthis to run it.

1. Press "open the Misc Tool Section"

2. Press "open Hosts File Manager"

3. Let the list populate and then press "Open in Notepad"

4. copy the contents here in reply.

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

Edited by andrewuk, 10 April 2009 - 07:20 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP