Jump to content

JediLord

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I installed windows xp sp3 a couple weeks ago and started having crashes with a video driver named IALMRNT5.dll. I tried to update the driver and that didnt solve the problem. Then I was told to rollback sp3 to sp2 and tried to but it says Files are missing. I applied a hotfix from microsoft that was supposed to fix the missing file error but it didn't. Then I tried to reinstall sp3 so I would have a complete program update to rollback from. That didn't work as my computer would not allow me to install sp3. I keep getting this message of packed.generic.200 is found by Norton AV, but it won't remove it. I ran malwarebytes and couldn't find anything wrong. Any suggestions> JL-
  2. Hi, No, it didn't reinstall itself. It's like just a bogus notice from Norton each time. I'm just trying to figure out how it keeps showing up. Everything else is good. But I'll do combofix if you think I should, your call. JL-
  3. Mike, this is what I have. Any idea on where this GLOBALROOT directory is? Unresolved Threats: Packed.Generic.200 Type: Anomaly Risk: High (High Stealth, High Removal, High Performance, High Privacy) Categories: Heuristic Virus Status: Remove Failed ----------- 3 Files globalroot\systemroot\system32\uacxdqmnohbhlovylb.dll - Failed globalroot\systemroot\system32\uacxdqmnohbhlovylb.dll - No action taken globalroot\systemroot\system32\uacxdqmnohbhlovylb.dll - No action taken 1 Browser Cache
  4. Thanks for the help and advice Mike. I guess I will stick with Norton sine it's paid for. As far as finding the file path, I can't. Norton says it is the following: globalroot/windows/system32 No clue where it is found at.
  5. Thanks for all your help, things are alot better now. But I still get this notice of infection of PACKED.GENERIC.200. Norton AV 2009 won't remove it. Any further suggestions. And one thing I did note when I ran MalwareBytes again is the 11 infections that were contained in the Norton folders. Sick to think I pay for a service that gets infected and can't clean itself. What is the best AV out there? JL- ps. will be donating through paypal
  6. ComboFix 09-06-08.02 - Scotarnjo 06/08/2009 18:04.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1482 [GMT -5:00] Running from: c:\documents and settings\Scotarnjo\Desktop\rootbuster\Combo-Fix.exe Command switches used :: c:\documents and settings\Scotarnjo\Desktop\rootbuster\CFScript.txt AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FILE :: "C:\buvppwg.exe" "C:\lquq.exe" "C:\xnljcwib.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\SCOTAR~1\LOCALS~1\Temp\IadHide4.dll c:\documents and settings\Scotarnjo\Local Settings\temp\IadHide4.dll c:\windows\ime\imjp8_1\bak c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE c:\windows\ime\imkr6_1\bak c:\windows\ime\imkr6_1\bak\IMEKRMIG.EXE c:\windows\system32\bak c:\windows\system32\bak\ctfmon.exe c:\windows\system32\IME\PINTLGNT\bak c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe . --------------- FCopy --------------- c:\windows\system32\dllcache\ndis.sys --> c:\windows\system32\drivers\ndis.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_7911a769 ((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 ))))))))))))))))))))))))))))))) . 2009-06-08 23:11 . 2009-05-09 18:20 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2009-06-08 23:00 . 2009-05-09 18:20 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys 2009-06-08 23:00 . 2009-05-09 18:20 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll 2009-06-08 23:00 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll 2009-06-08 23:00 . 2009-05-09 18:20 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys 2009-06-08 23:00 . 2009-05-09 18:20 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys 2009-06-08 15:41 . 2009-05-09 18:20 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\NAVENG.SYS 2009-06-08 15:41 . 2009-05-09 18:20 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\NAVEX15.SYS 2009-06-08 15:41 . 2009-05-09 18:20 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\NAVENG32.DLL 2009-06-08 15:41 . 2009-05-09 18:20 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\NAVEX32A.DLL 2009-06-08 15:41 . 2009-05-09 18:20 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\EECTRL.SYS 2009-06-08 15:41 . 2009-05-09 18:20 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\ERASER.SYS 2009-06-08 15:41 . 2009-05-09 18:20 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\ECMSVR32.DLL 2009-06-08 15:41 . 2009-05-09 18:19 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\CCERASER.DLL 2009-06-07 04:11 . 2009-06-07 04:11 152576 ----a-w- c:\documents and settings\Scotarnjo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-06 22:14 . 2009-06-06 22:14 -------- d-----w- c:\program files\Trend Micro 2009-06-06 17:24 . 2009-06-06 17:25 -------- dc-h--w- c:\windows\ie8 2009-06-06 16:56 . 2009-06-06 17:16 -------- d-----w- C:\bfaa24cf73bbcf680408f6b3440804e6 2009-06-06 15:38 . 2009-06-06 16:55 -------- d-----w- C:\515a62d7ee311f5dcddd 2009-06-06 14:08 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 14:08 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-06 13:49 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-06 13:49 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-06 13:49 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-06 13:48 . 2009-06-06 22:53 -------- d-----w- c:\program files\Common Files\PC Tools 2009-06-06 13:48 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-06 13:48 . 2009-06-06 15:41 -------- d-----w- c:\program files\Spyware Doctor 2009-06-06 13:48 . 2009-06-06 13:48 -------- d-----w- c:\documents and settings\Scotarnjo\Application Data\PC Tools 2009-06-06 13:48 . 2009-06-06 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-06-05 12:16 . 2009-06-05 12:16 -------- d-----w- c:\program files\RegCleaner 2009-06-05 02:09 . 2009-06-05 02:09 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-06-04 23:45 . 2009-06-04 23:45 -------- d-----r- c:\program files\Norton Support 2009-06-04 22:23 . 2009-06-04 22:23 -------- d-----w- c:\program files\FileASSASSIN 2009-06-04 11:36 . 2009-06-04 11:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-04 11:34 . 2009-06-04 11:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache 2009-06-02 16:05 . 2009-06-02 16:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-05-31 03:19 . 2009-05-31 03:19 18184984 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup900_2162_us.exe 2009-05-29 19:50 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll 2009-05-29 19:50 . 2009-05-09 18:20 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys 2009-05-29 19:50 . 2009-05-09 18:20 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys 2009-05-29 19:50 . 2009-05-09 18:20 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys 2009-05-29 19:50 . 2009-05-09 18:20 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll 2009-05-10 22:53 . 2009-05-10 22:53 -------- d-----w- c:\documents and settings\Scotarnjo\Local Settings\Application Data\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-08 23:12 . 2006-08-19 12:06 -------- d-----w- c:\program files\QuickTime 2009-06-08 23:04 . 2006-09-28 11:58 -------- d-----w- c:\program files\j2 Messenger 4.2 2009-06-08 23:04 . 2005-11-10 23:58 -------- d-----w- c:\program files\Lexmark 5200 series 2009-06-07 11:33 . 2006-02-28 12:00 182912 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-06-07 04:44 . 2005-11-12 19:39 67944 ----a-w- c:\documents and settings\Scotarnjo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-07 03:54 . 2006-02-20 22:20 -------- d-----w- c:\program files\Java 2009-06-07 03:28 . 2005-11-10 23:11 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-07 01:30 . 2008-12-23 22:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-06 14:08 . 2008-12-23 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-06 13:48 . 2006-03-02 18:47 -------- d-----w- c:\program files\Google 2009-06-06 13:23 . 2004-08-03 22:58 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-06-05 18:57 . 2006-10-28 12:53 -------- d-----w- c:\program files\World of Warcraft 2009-06-05 18:41 . 2006-04-20 09:15 -------- d-----w- c:\program files\Viewpoint 2009-06-05 18:41 . 2006-04-20 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-05 18:40 . 2007-01-19 04:44 -------- d-----w- c:\documents and settings\Scotarnjo\Application Data\Viewpoint 2009-06-05 13:24 . 2006-03-25 04:14 -------- d-----w- c:\program files\LimeWire 2009-05-09 21:35 . 2009-05-09 20:35 -------- d-----w- c:\documents and settings\Scotarnjo\Application Data\GetRightToGo 2009-05-09 18:22 . 2005-11-10 02:57 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-05-09 18:21 . 2009-05-09 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-05-09 18:20 . 2009-05-09 18:20 -------- d-----w- c:\program files\Symantec 2009-05-09 18:20 . 2009-05-09 18:20 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-05-09 18:20 . 2009-05-09 18:20 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-09 18:20 . 2009-05-09 18:20 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-05-09 18:20 . 2009-05-09 18:20 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-09 18:20 . 2009-05-09 18:20 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-05-09 18:20 . 2009-05-09 18:20 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys 2009-05-09 18:20 . 2009-05-09 18:20 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-05-09 18:20 . 2009-05-09 18:20 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys 2009-05-09 18:20 . 2009-05-09 18:20 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-05-09 18:20 . 2009-05-09 18:20 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-05-09 18:20 . 2009-05-09 18:20 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll 2009-05-09 18:19 . 2009-05-09 18:19 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-05-09 18:19 . 2009-05-09 18:18 -------- d-----w- c:\program files\Norton AntiVirus 2009-05-09 18:18 . 2005-11-10 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-05-09 18:18 . 2009-05-09 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-05-09 18:13 . 2009-05-09 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings 2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w- c:\program files\NortonInstaller 2009-05-06 19:08 . 2009-04-28 20:52 18189072 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup900_2152_us.exe 2009-05-05 00:14 . 2005-11-11 00:00 -------- d-----w- c:\program files\Lx_cats 2009-05-04 05:16 . 2009-05-04 05:16 -------- d-----w- c:\program files\CCleaner 2009-05-03 02:45 . 2009-05-03 02:45 -------- d-----w- c:\documents and settings\Scotarnjo\Application Data\Uniblue 2009-05-02 19:52 . 2009-05-02 19:52 -------- d-----w- c:\program files\AIM6 2009-05-02 19:52 . 2009-05-02 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore 2009-05-02 19:16 . 2009-04-02 18:05 -------- d-----w- c:\program files\Common Files\FotoWire 2009-04-28 20:54 . 2006-12-16 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-04-21 14:46 . 2009-04-21 14:46 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-04-02 17:55 . 2009-04-02 17:55 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe 2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-07_11.43.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-08 22:50 . 2009-06-08 22:50 16384 c:\windows\Temp\Perflib_Perfdata_b40.dat + 2009-06-08 23:12 . 2009-06-08 23:12 16384 c:\windows\Temp\Perflib_Perfdata_924.dat + 2009-06-08 23:12 . 2009-06-08 23:12 16384 c:\windows\Temp\Perflib_Perfdata_12c.dat + 2009-06-08 23:11 . 2009-06-08 23:11 16384 c:\windows\Temp\Perflib_Perfdata_108.dat + 2009-06-07 19:51 . 2009-06-07 19:51 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2005-09-20 16:35 . 2005-09-20 16:35 94208 c:\windows\system32\igfxtray.exe + 2005-09-20 16:32 . 2005-09-20 16:32 77824 c:\windows\system32\hkcmd.exe + 2007-03-16 00:17 . 2009-03-11 03:18 934792 c:\windows\system32\WgaTray.exe + 2007-03-16 00:16 . 2009-03-11 03:18 239496 c:\windows\system32\WgaLogon.dll + 2006-04-07 13:05 . 2001-07-09 16:50 155648 c:\windows\system32\NeroCheck.exe + 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe + 2005-09-20 16:36 . 2005-09-20 16:36 114688 c:\windows\system32\igfxpers.exe + 2007-03-16 00:17 . 2009-03-11 03:18 934792 c:\windows\system32\dllcache\WgaTray.exe + 2007-03-16 00:16 . 2009-03-11 03:18 239496 c:\windows\system32\dllcache\wgaLogon.dll + 2006-02-28 12:00 . 2009-06-07 11:33 182912 c:\windows\system32\dllcache\ndis.sys - 2009-06-07 11:39 . 2009-06-07 11:33 182912 c:\windows\system32\dllcache\ndis.sys + 2006-05-17 17:23 . 2009-03-11 03:18 1482112 c:\windows\system32\LegitCheckControl.dll + 2009-02-02 23:07 . 2009-02-02 23:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2005-12-17 14:18 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-04-02 20480] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-06 39408] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-4-2 450560] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Norton AntiVirus\\Engine\\16.5.0.134\\ccSvcHst.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:blizzard downloader "6112:TCP"= 6112:TCP:blizzard downloader R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2/21/2009 11:13 PM 16855] R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/6/2009 8:49 AM 130936] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/9/2009 1:20 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/9/2009 1:20 PM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/9/2009 1:20 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys [6/8/2009 6:00 PM 276344] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/26/2009 2:54 PM 55152] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/9/2009 1:20 PM 115560] R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/6/2009 8:48 AM 348752] R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2/21/2009 11:13 PM 21808] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/6/2009 1:51 PM 101936] S2 avast!avscontrolservice;avast!avscontrolservice;c:\windows\System32\avast!AVSControlService.exe -k netsvcs --> c:\windows\System32\avast!AVSControlService.exe -k netsvcs [?] S2 Ca536av;FashionCam Video Camera Device;c:\windows\system32\drivers\Ca536av.sys [3/4/2006 2:48 PM 514859] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360] S3 USBCamera;FashionCam Digital Still Camera Device;c:\windows\system32\drivers\Bulk536.sys [3/4/2006 2:48 PM 11048] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60b49e34-c7cc-11d0-8953-00a0c90347ff}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-06-08 c:\windows\Tasks\User_Feed_Synchronization-{9C40644F-AE8D-44C9-BE50-A84056159EBE}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = <local>;localhost uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm TCP: {95B1AEF2-DECC-4B25-85F1-AA17CEC38BB8} = 192.168.254.254 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll FF - ProfilePath - c:\documents and settings\Scotarnjo\Application Data\Mozilla\Firefox\Profiles\l4vdvhb3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-08 18:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1012) c:\windows\system32\NavLogon.dll - - - - - - - > 'explorer.exe'(3484) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2009-06-08 18:17 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-08 23:17 ComboFix2.txt 2009-06-07 11:50 Pre-Run: 21,267,030,016 bytes free Post-Run: 21,255,057,408 bytes free 281 --- E O F --- 2009-06-08 08:06
  7. Here is the new logs after running Combo-Fix as instructed and HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:54:14 AM, on 6/7/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1244330446593 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95B1AEF2-DECC-4B25-85F1-AA17CEC38BB8}: NameServer = 192.168.254.254 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: avast!avscontrolservice - Unknown owner - C:\WINDOWS\System32\avast!AVSControlService.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 8458 bytes ComboFix 09-06-06.03 - Scotarnjo 06/07/2009 6:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1410 [GMT -5:00] Running from: c:\documents and settings\Scotarnjo\Desktop\rootbuster\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\SCOTAR~1\APPLIC~1\wiaserva.log c:\docume~1\SCOTAR~1\APPLIC~1\wiaservg.log c:\docume~1\SCOTAR~1\LOCALS~1\Temp\IadHide4.dll c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm c:\documents and settings\Scotarnjo\Local Settings\Temp\IadHide4.dll c:\program files\Microsoft Common c:\windows\aceeeg.ini c:\windows\system32\__c008D1C4.dat c:\windows\system32\sysloc c:\windows\system32\sysloc\sysloc.dll c:\windows\system32\TDSSitpe.dat Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SFC -------\Legacy_TDSSSERV.SYS -------\Service_sfc -------\Service_TDSSserv.sys -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 11:39 . 2009-06-07 11:33 182912 -c--a-w- c:\windows\system32\dllcache\ndis.sys 2009-06-07 01:48 . 2009-05-09 18:20 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\NAVENG.SYS 2009-06-07 01:48 . 2009-05-09 18:20 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\NAVEX15.SYS 2009-06-07 01:48 . 2009-05-09 18:20 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\NAVENG32.DLL 2009-06-07 01:48 . 2009-05-09 18:20 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\NAVEX32A.DLL 2009-06-07 01:48 . 2009-05-09 18:20 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\EECTRL.SYS 2009-06-07 01:48 . 2009-05-09 18:20 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\ERASER.SYS 2009-06-07 01:48 . 2009-05-09 18:20 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\ECMSVR32.DLL 2009-06-07 01:48 . 2009-05-09 18:19 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\CCERASER.DLL 2009-06-06 22:14 . 2009-06-06 22:14 -------- d-----w- c:\program files\Trend Micro 2009-06-06 17:24 . 2009-06-06 17:25 -------- dc-h--w- c:\windows\ie8 2009-06-06 16:56 . 2009-06-06 17:16 -------- d-----w- C:\bfaa24cf73bbcf680408f6b3440804e6 2009-06-06 15:38 . 2009-06-06 16:55 -------- d-----w- C:\515a62d7ee311f5dcddd 2009-06-06 14:08 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 14:08 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-06 13:49 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-06 13:49 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-06 13:49 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-06 13:48 . 2009-06-06 22:53 -------- d-----w- c:\program files\Common Files\PC Tools 2009-06-06 13:48 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-06 13:48 . 2009-06-06 15:41 -------- d-----w- c:\program files\Spyware Doctor 2009-06-06 13:48 . 2009-06-06 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-06-06 13:48 . 2009-06-06 13:48 -------- d-----w- c:\docume~1\SCOTAR~1\APPLIC~1\PC Tools 2009-06-05 12:16 . 2009-06-05 12:16 -------- d-----w- c:\program files\RegCleaner 2009-06-05 02:09 . 2009-06-05 02:09 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-06-05 00:28 . 2009-05-09 18:20 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2009-06-04 23:45 . 2009-06-04 23:45 -------- d-----r- c:\program files\Norton Support 2009-06-04 22:23 . 2009-06-04 22:23 -------- d-----w- c:\program files\FileASSASSIN 2009-06-04 11:37 . 2009-06-04 11:37 9728 ----a-w- C:\xnljcwib.exe 2009-06-04 11:37 . 2009-06-04 11:37 38400 ----a-w- C:\buvppwg.exe 2009-06-04 11:36 . 2009-06-04 11:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-04 11:34 . 2009-06-04 11:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache 2009-06-04 11:34 . 2009-06-04 11:34 38400 ----a-w- C:\lquq.exe 2009-06-02 16:05 . 2009-06-02 16:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-05-31 03:19 . 2009-05-31 03:19 18184984 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup900_2162_us.exe 2009-05-29 19:50 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll 2009-05-29 19:50 . 2009-05-09 18:20 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys 2009-05-29 19:50 . 2009-05-09 18:20 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys 2009-05-29 19:50 . 2009-05-09 18:20 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys 2009-05-29 19:50 . 2009-05-09 18:20 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll 2009-05-19 19:25 . 2009-05-09 18:20 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys 2009-05-19 19:25 . 2009-05-09 18:20 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys 2009-05-19 19:25 . 2009-05-09 18:20 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys 2009-05-19 19:25 . 2009-05-09 18:20 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll 2009-05-19 19:25 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll 2009-05-10 22:53 . 2009-05-10 22:53 -------- d-----w- c:\documents and settings\Scotarnjo\Local Settings\Application Data\Symantec 2009-05-09 20:35 . 2009-05-09 21:35 -------- d-----w- c:\docume~1\SCOTAR~1\APPLIC~1\GetRightToGo 2009-05-09 18:20 . 2009-05-09 18:20 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-05-09 18:20 . 2009-05-09 18:20 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-05-09 18:20 . 2009-05-09 18:20 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-09 18:20 . 2009-05-09 18:20 -------- d-----w- c:\program files\Symantec 2009-05-09 18:20 . 2009-05-09 18:20 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys 2009-05-09 18:20 . 2009-05-09 18:20 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-05-09 18:20 . 2009-05-09 18:20 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys 2009-05-09 18:20 . 2009-05-09 18:20 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-05-09 18:20 . 2009-05-09 18:20 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-05-09 18:20 . 2009-05-09 18:20 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll 2009-05-09 18:19 . 2009-05-09 18:19 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-05-09 18:18 . 2009-05-09 18:18 -------- d-----w- c:\windows\system32\drivers\NAV 2009-05-09 18:18 . 2009-05-09 18:19 -------- d-----w- c:\program files\Norton AntiVirus 2009-05-09 18:13 . 2009-05-09 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings 2009-05-09 18:13 . 2009-05-09 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-05-09 18:12 . 2009-05-09 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-05-09 18:12 . 2009-05-09 18:12 -------- d-----w- c:\program files\NortonInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 04:44 . 2005-11-12 19:39 67944 ----a-w- c:\documents and settings\Scotarnjo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-07 03:54 . 2006-02-20 22:20 -------- d-----w- c:\program files\Java 2009-06-07 03:28 . 2005-11-10 23:11 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-07 01:30 . 2008-12-23 22:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-06 14:08 . 2008-12-23 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-06 13:48 . 2006-03-02 18:47 -------- d-----w- c:\program files\Google 2009-06-06 13:23 . 2004-08-03 22:58 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-06-05 18:57 . 2006-10-28 12:53 -------- d-----w- c:\program files\World of Warcraft 2009-06-05 18:41 . 2006-04-20 09:15 -------- d-----w- c:\program files\Viewpoint 2009-06-05 18:41 . 2006-04-20 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-05 18:40 . 2007-01-19 04:44 -------- d-----w- c:\docume~1\SCOTAR~1\APPLIC~1\Viewpoint 2009-06-05 13:24 . 2006-03-25 04:14 -------- d-----w- c:\program files\LimeWire 2009-06-04 11:36 . 2006-02-28 12:00 212480 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-05-09 18:22 . 2005-11-10 02:57 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-05-09 18:20 . 2009-05-09 18:20 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-05-09 18:20 . 2009-05-09 18:20 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-09 18:18 . 2005-11-10 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-05-06 19:08 . 2009-04-28 20:52 18189072 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup900_2152_us.exe 2009-05-05 00:14 . 2005-11-11 00:00 -------- d-----w- c:\program files\Lx_cats 2009-05-04 05:16 . 2009-05-04 05:16 -------- d-----w- c:\program files\CCleaner 2009-05-03 02:45 . 2009-05-03 02:45 -------- d-----w- c:\docume~1\SCOTAR~1\APPLIC~1\Uniblue 2009-05-02 19:52 . 2009-05-02 19:52 -------- d-----w- c:\program files\AIM6 2009-05-02 19:52 . 2009-05-02 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore 2009-05-02 19:16 . 2009-04-02 18:05 -------- d-----w- c:\program files\Common Files\FotoWire 2009-04-28 20:54 . 2006-12-16 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-04-21 14:46 . 2009-04-21 14:46 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-04-02 17:55 . 2009-04-02 17:55 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe 2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll . ------- Sigcheck ------- [7] 2009-06-07 11:33 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys [-] 2009-06-04 11:36 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\drivers\ndis.sys . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-09-24 05:30 . 2006-01-13 02:52 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe 2006-05-10 00:24 . 2006-05-10 00:24 50760 c:\program files\Common Files\AOL\1145524522\ee\bak\AOLSoftware.exe 2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe 2003-09-14 02:36 . 2003-09-14 02:36 50688 c:\program files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe 2006-09-28 11:58 . 2006-07-14 20:03 107008 c:\program files\j2 Messenger 4.2\bak\J2GDllCmd.exe 2006-10-18 11:22 . 2004-02-24 17:10 57344 c:\program files\Lexmark 5200 series\bak\lxbtbmgr.exe 2006-08-19 12:06 . 2006-08-19 12:06 282624 c:\program files\QuickTime\bak\qttask.exe 2007-03-10 19:36 . 2006-02-28 12:00 208952 c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE 2007-03-10 19:36 . 2006-02-28 12:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe 2007-03-10 19:36 . 2006-02-28 12:00 44032 c:\windows\ime\imkr6_1\bak\IMEKRMIG.EXE 2007-03-10 19:36 . 2006-02-28 12:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe 2006-02-28 12:00 . 2006-02-28 12:00 15360 c:\windows\system32\bak\ctfmon.exe 2006-02-28 12:00 . 2006-02-28 12:00 15360 c:\windows\system32\ctfmon.exe 2005-09-20 16:32 . 2005-09-20 16:32 77824 c:\windows\system32\bak\hkcmd.exe 2005-09-20 16:36 . 2005-09-20 16:36 114688 c:\windows\system32\bak\igfxpers.exe 2005-09-20 16:35 . 2005-09-20 16:35 94208 c:\windows\system32\bak\igfxtray.exe 2006-04-07 13:05 . 2001-07-09 16:50 155648 c:\windows\system32\bak\NeroCheck.exe 2007-03-10 19:37 . 2006-02-28 12:00 59392 c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe 2007-03-10 19:37 . 2006-02-28 12:00 59392 c:\windows\system32\IME\PINTLGNT\imscinst.exe 2007-03-10 19:37 . 2006-02-28 12:00 455168 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE 2007-03-10 19:37 . 2006-02-28 12:00 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [N/A] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-04-02 20480] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-06 39408] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-4-2 450560] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisallowRun"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\c:^documents and settings^scotarnjo^start menu^programs^startup^powerreg scheduler.exe] path=c:\documents and settings\Scotarnjo\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Norton AntiVirus\\Engine\\16.5.0.134\\ccSvcHst.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:blizzard downloader "6112:TCP"= 6112:TCP:blizzard downloader R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2/21/2009 11:13 PM 16855] R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/6/2009 8:49 AM 130936] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/9/2009 1:20 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/9/2009 1:20 PM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/9/2009 1:20 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys [5/29/2009 2:50 PM 276344] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/26/2009 2:54 PM 55152] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/9/2009 1:20 PM 115560] R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/6/2009 8:48 AM 348752] R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2/21/2009 11:13 PM 21808] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/6/2009 1:51 PM 101936] S1 7911a769;7911a769;c:\windows\system32\drivers\7911a769.sys --> c:\windows\system32\drivers\7911a769.sys [?] S2 avast!avscontrolservice;avast!avscontrolservice;c:\windows\System32\avast!AVSControlService.exe -k netsvcs --> c:\windows\System32\avast!AVSControlService.exe -k netsvcs [?] S2 Ca536av;FashionCam Video Camera Device;c:\windows\system32\drivers\Ca536av.sys [3/4/2006 2:48 PM 514859] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/6/2009 9:08 AM 40160] S3 USBCamera;FashionCam Digital Still Camera Device;c:\windows\system32\drivers\Bulk536.sys [3/4/2006 2:48 PM 11048] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60b49e34-c7cc-11d0-8953-00a0c90347ff}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-06-07 c:\windows\Tasks\User_Feed_Synchronization-{9C40644F-AE8D-44C9-BE50-A84056159EBE}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . - - - - ORPHANS REMOVED - - - - Notify-__c007D907 - c:\windows\system32\__c007D907.dat SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = <local>;localhost uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm TCP: {95B1AEF2-DECC-4B25-85F1-AA17CEC38BB8} = 192.168.254.254 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll FF - ProfilePath - c:\docume~1\SCOTAR~1\APPLIC~1\Mozilla\Firefox\Profiles\l4vdvhb3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-07 06:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1020) c:\windows\system32\NavLogon.dll - - - - - - - > 'explorer.exe'(2080) c:\windows\system32\ieframe.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\windows\system32\control.exe c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2009-06-07 6:50 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-07 11:50 Pre-Run: 19,840,434,176 bytes free Post-Run: 21,485,600,768 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 314 --- E O F --- 2009-05-09 11:16
  8. I have the same issue, about 4 and a half minutes intot he scan. And when it stops responding Taskmanager won't end process. Ihave to reboot to get it to stop. It's carazy. We need some adviceon this issues please. JL-
  9. I couldn't locate a live chat on here. Do we have one? Or does anyone use Yahoo, AIM, Windows Live, etc.? Would be nice to know. JL_
  10. I know I have a UAC variant. Rootrepeal doesnt locate it and I cant seem to find the GLOBALROOT directory. Any pointers on how to get to this file so I can delete them? JL-
  11. My scans show this is the file that holds Generic.Packed.200. I can't find it on my hard drive or computer. Any suggestions to get it from neing hidden. JL-
  12. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:15:05 PM, on 6/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Scotarnjo\Desktop\rootbuster\RootRepeal.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\MRT.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O1 - Hosts: ::1 localhost O1 - Hosts: 94.232.248.66 security-problem.microsoft.com O1 - Hosts: 94.232.248.66 inetavirus.com O1 - Hosts: 94.232.248.66 www.inetavirus.com O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174356840359 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95B1AEF2-DECC-4B25-85F1-AA17CEC38BB8}: NameServer = 192.168.254.254 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: __c007D907 - C:\WINDOWS\system32\__c007D907.dat O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast!avscontrolservice - Unknown owner - C:\WINDOWS\System32\avast!AVSControlService.exe (file missing) O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - http://content.flixster.com/skin/profile/5...=20070315084359 -- End of file - 13522 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.