Jump to content

rundbay

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. rundbay
    Computer seems fine. I uninstalled ComboFix, didn't seem to have GMER, and ran OTMoveit3. I thank you, and my daughters thank you.
  2. rundbay
    Here are the latest logs Malwarebytes' Anti-Malware 1.34 Database version: 1762 Windows 5.1.2600 Service Pack 2 2/14/2009 7:27:19 PM mbam-log-2009-02-14 (19-27-19).txt Scan type: Quick Scan Objects scanned: 86724 Time elapsed: 9 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:36:58, on 2/14/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Sony\Giga Pocket\shwserv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Sony\Giga Pocket\RM_SV.exe C:\WINDOWS\system32\wuauclt.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\sony\usbsircs\usbsircs.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Support.com\bin\tgcmd.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\iPod\bin\iPodService.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Remocon Driver.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 14050 bytes
  3. rundbay
    It seems to be fine. The browser has been working right since the first combofix run. McAfee also seems funtional again, although it must have let it by in the first place. Thanks again for your help.
  4. rundbay
    Here are the latest, thanks again for all your help. Malwarebytes' Anti-Malware 1.34 Database version: 1761 Windows 5.1.2600 Service Pack 2 2/13/2009 11:28:11 PM mbam-log-2009-02-13 (23-28-11).txt Scan type: Quick Scan Objects scanned: 80919 Time elapsed: 5 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:35:12, on 2/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Sony\Giga Pocket\shwserv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\sony\usbsircs\usbsircs.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\wuauclt.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Remocon Driver.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13724 bytes --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz ) BIOS : BIOS Date: 04/09/04 13:44:32 Ver: 08.00.08 USER : David ( Administrator ) BOOT : Normal boot Antivirus : McAfee VirusScan (Activated) Firewall : McAfee Personal Firewall (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:143 Go (Free:63 Go) D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) F:\ (USB) G:\ (USB) H:\ (USB) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( Fri 02/13/2009|23:43 ) --------------------\\ Listing folders in APPLIC~1 [02/13/2009|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [01/09/2007|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [01/08/2007|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads [12/25/2007|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [12/25/2006|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [01/01/2009|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache [08/15/2008|00:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\blg [10/18/2008|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard [03/30/2005|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Broderbund LLC [03/30/2005|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Broderbund Software [09/19/2008|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2 [09/19/2008|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames [10/26/2008|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo [12/31/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse [12/20/2007|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii [01/13/2009|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [06/05/2005|23:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Groove Games [04/24/2005|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek [01/05/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft [04/11/2005|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit [12/22/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin [10/15/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin Games [02/13/2009|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [12/24/2006|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee [09/08/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [09/21/2008|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo [11/09/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9 [12/20/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NevoSoft Games [02/13/2009|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [09/19/2008|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games [04/16/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pdf995 [02/02/2009|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst [12/31/2006|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayTime [12/23/2007|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap [01/29/2005|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks [12/25/2005|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [09/19/2008|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games [03/31/2004|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [09/14/2007|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan [08/16/2004|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation [04/28/2007|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games [12/22/2006|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com [12/24/2006|01:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [01/01/2009|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [02/02/2008|01:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uniblue [08/16/2004|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform [01/21/2007|23:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint [10/18/2008|17:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent [07/16/2006|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [12/06/2007|00:52] C:\DOCUME~1\David\APPLIC~1\Adobe [01/26/2009|13:11] C:\DOCUME~1\David\APPLIC~1\AdobeUM [07/11/2008|21:07] C:\DOCUME~1\David\APPLIC~1\Alawar [01/09/2007|19:11] C:\DOCUME~1\David\APPLIC~1\AOL [09/11/2007|12:48] C:\DOCUME~1\David\APPLIC~1\Apple Computer [04/05/2005|18:46] C:\DOCUME~1\David\APPLIC~1\ArcSoft [11/08/2008|22:47] C:\DOCUME~1\David\APPLIC~1\BeachPartyCraze [08/15/2008|00:40] C:\DOCUME~1\David\APPLIC~1\blg [01/16/2009|21:36] C:\DOCUME~1\David\APPLIC~1\Boomzap [02/13/2009|23:39] C:\DOCUME~1\David\APPLIC~1\ComcastToolbar [07/30/2005|14:12] C:\DOCUME~1\David\APPLIC~1\Drag'n Drop CD+DVD [01/22/2007|20:09] C:\DOCUME~1\David\APPLIC~1\EPSON [11/09/2008|12:54] C:\DOCUME~1\David\APPLIC~1\GameHouse [12/22/2008|22:05] C:\DOCUME~1\David\APPLIC~1\GameInvest [11/21/2008|18:02] C:\DOCUME~1\David\APPLIC~1\Gamelab [09/20/2008|15:32] C:\DOCUME~1\David\APPLIC~1\Go-Go Gourmet Chef of the Year [10/14/2007|19:42] C:\DOCUME~1\David\APPLIC~1\Google [04/24/2005|12:00] C:\DOCUME~1\David\APPLIC~1\GTek [04/08/2005|15:55] C:\DOCUME~1\David\APPLIC~1\Help [12/20/2007|20:24] C:\DOCUME~1\David\APPLIC~1\Home Sweet Home [03/31/2004|13:07] C:\DOCUME~1\David\APPLIC~1\Identities [01/17/2005|23:07] C:\DOCUME~1\David\APPLIC~1\InterVideo [04/13/2008|14:58] C:\DOCUME~1\David\APPLIC~1\Intuit [12/22/2008|22:35] C:\DOCUME~1\David\APPLIC~1\iWin [10/15/2008|17:21] C:\DOCUME~1\David\APPLIC~1\iWinArcade [08/06/2007|19:33] C:\DOCUME~1\David\APPLIC~1\Macromedia [02/13/2009|21:14] C:\DOCUME~1\David\APPLIC~1\Malwarebytes [01/08/2009|22:34] C:\DOCUME~1\David\APPLIC~1\Microsoft [06/20/2005|17:49] C:\DOCUME~1\David\APPLIC~1\Mind Control Software [01/24/2006|22:22] C:\DOCUME~1\David\APPLIC~1\Mozilla [09/19/2008|16:15] C:\DOCUME~1\David\APPLIC~1\Oberon Games [02/13/2009|23:34] C:\DOCUME~1\David\APPLIC~1\OpenOffice.org2 [11/06/2008|16:55] C:\DOCUME~1\David\APPLIC~1\PetShowCraze [02/02/2009|19:17] C:\DOCUME~1\David\APPLIC~1\PlayFirst [01/09/2009|17:37] C:\DOCUME~1\David\APPLIC~1\Playrix Entertainment [04/16/2005|13:17] C:\DOCUME~1\David\APPLIC~1\SecuROM [04/10/2007|17:18] C:\DOCUME~1\David\APPLIC~1\Sony Corporation [11/21/2008|18:31] C:\DOCUME~1\David\APPLIC~1\SulusGames [03/31/2004|16:02] C:\DOCUME~1\David\APPLIC~1\Symantec [10/11/2005|16:32] C:\DOCUME~1\David\APPLIC~1\Template [07/13/2008|21:01] C:\DOCUME~1\David\APPLIC~1\TheScruffs [07/13/2008|00:43] C:\DOCUME~1\David\APPLIC~1\Total Eclipse [02/02/2008|01:50] C:\DOCUME~1\David\APPLIC~1\Uniblue [08/02/2008|18:19] C:\DOCUME~1\David\APPLIC~1\Ventrilo [01/21/2007|23:12] C:\DOCUME~1\David\APPLIC~1\Viewpoint [07/12/2008|22:06] C:\DOCUME~1\David\APPLIC~1\ViquaSoft [02/13/2009|21:05] C:\DOCUME~1\David\APPLIC~1\WinRAR [01/16/2009|19:57] C:\DOCUME~1\David\APPLIC~1\World-LooM [01/29/2005|14:44] C:\DOCUME~1\David\APPLIC~1\You've Got Pictures Screensaver [03/31/2004|13:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [08/16/2004|17:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [03/31/2004|15:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla [03/31/2004|16:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec [08/21/2008|14:48] C:\DOCUME~1\Keighley\APPLIC~1\Adobe [01/02/2006|11:32] C:\DOCUME~1\Keighley\APPLIC~1\AdobeUM [10/29/2006|10:17] C:\DOCUME~1\Keighley\APPLIC~1\AOL [07/05/2006|19:04] C:\DOCUME~1\Keighley\APPLIC~1\ArcSoft [05/08/2007|07:33] C:\DOCUME~1\Keighley\APPLIC~1\COMCASTTOOLBAR [05/08/2007|07:33] C:\DOCUME~1\Keighley\APPLIC~1\Google [04/09/2006|18:31] C:\DOCUME~1\Keighley\APPLIC~1\Help [03/31/2004|13:07] C:\DOCUME~1\Keighley\APPLIC~1\Identities [01/14/2005|19:20] C:\DOCUME~1\Keighley\APPLIC~1\Leadertech [04/29/2007|09:43] C:\DOCUME~1\Keighley\APPLIC~1\Macromedia [01/21/2006|13:54] C:\DOCUME~1\Keighley\APPLIC~1\Microsoft [10/07/2004|10:24] C:\DOCUME~1\Keighley\APPLIC~1\Mozilla [02/03/2006|18:33] C:\DOCUME~1\Keighley\APPLIC~1\PlayFirst [03/31/2004|16:02] C:\DOCUME~1\Keighley\APPLIC~1\Symantec [11/03/2006|21:52] C:\DOCUME~1\Keighley\APPLIC~1\You've Got Pictures Screensaver [01/16/2005|13:43] C:\DOCUME~1\Kendall\APPLIC~1\Adobe [06/26/2005|17:21] C:\DOCUME~1\Kendall\APPLIC~1\AdobeUM [09/01/2006|10:56] C:\DOCUME~1\Kendall\APPLIC~1\AOL [08/04/2005|10:55] C:\DOCUME~1\Kendall\APPLIC~1\ArcSoft [06/27/2007|18:42] C:\DOCUME~1\Kendall\APPLIC~1\COMCASTTOOLBAR [01/10/2007|17:16] C:\DOCUME~1\Kendall\APPLIC~1\Google [11/20/2004|15:29] C:\DOCUME~1\Kendall\APPLIC~1\Help [03/31/2004|13:07] C:\DOCUME~1\Kendall\APPLIC~1\Identities [04/11/2005|19:21] C:\DOCUME~1\Kendall\APPLIC~1\Intuit [06/27/2007|18:20] C:\DOCUME~1\Kendall\APPLIC~1\Macromedia [06/15/2005|16:10] C:\DOCUME~1\Kendall\APPLIC~1\Microsoft [01/12/2005|17:07] C:\DOCUME~1\Kendall\APPLIC~1\Mozilla [03/31/2004|16:02] C:\DOCUME~1\Kendall\APPLIC~1\Symantec [02/09/2005|15:30] C:\DOCUME~1\Kendall\APPLIC~1\You've Got Pictures Screensaver [03/27/2008|17:52] C:\DOCUME~1\Kyla\APPLIC~1\Adobe [03/28/2006|14:40] C:\DOCUME~1\Kyla\APPLIC~1\AdobeUM [09/05/2006|19:01] C:\DOCUME~1\Kyla\APPLIC~1\AOL [05/06/2007|18:12] C:\DOCUME~1\Kyla\APPLIC~1\Apple Computer [03/27/2008|17:52] C:\DOCUME~1\Kyla\APPLIC~1\COMCASTTOOLBAR [02/12/2007|20:23] C:\DOCUME~1\Kyla\APPLIC~1\Google [12/14/2005|18:58] C:\DOCUME~1\Kyla\APPLIC~1\Help [03/31/2004|13:07] C:\DOCUME~1\Kyla\APPLIC~1\Identities [03/27/2008|12:46] C:\DOCUME~1\Kyla\APPLIC~1\InterVideo [05/06/2007|18:03] C:\DOCUME~1\Kyla\APPLIC~1\Macromedia [10/01/2006|17:25] C:\DOCUME~1\Kyla\APPLIC~1\Microsoft [04/30/2006|00:00] C:\DOCUME~1\Kyla\APPLIC~1\Mozilla [10/21/2006|15:53] C:\DOCUME~1\Kyla\APPLIC~1\Sony Corporation [03/31/2004|16:02] C:\DOCUME~1\Kyla\APPLIC~1\Symantec [10/01/2006|17:31] C:\DOCUME~1\Kyla\APPLIC~1\U3 [10/15/2006|11:46] C:\DOCUME~1\Kyla\APPLIC~1\You've Got Pictures Screensaver [03/31/2004|13:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [01/09/2007|01:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [09/06/2004|21:07] C:\DOCUME~1\Owner\APPLIC~1\Symantec --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [12/09/2008 09:08][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser.job [02/02/2009 15:36][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job [02/07/2009 13:11][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [02/13/2009 23:37][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job [01/15/2009 01:48][--a------] C:\WINDOWS\tasks\McDefragTask.job [02/01/2009 01:00][--a------] C:\WINDOWS\tasks\McQcTask.job [02/13/2009 23:33][--ah-----] C:\WINDOWS\tasks\SA.DAT [03/31/2003 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [02/05/2005|15:38] C:\Program Files\1602 A.D [12/24/2006|01:07] C:\Program Files\Activision [02/13/2009|19:16] C:\Program Files\Adobe [12/22/2008|23:13] C:\Program Files\Alawar [04/12/2008|13:28] C:\Program Files\Amazon [01/08/2007|23:55] C:\Program Files\AOL [01/08/2007|23:57] C:\Program Files\AOL Toolbar [12/25/2007|08:54] C:\Program Files\Apple Software Update [02/22/2005|19:17] C:\Program Files\ArcSoft [02/22/2006|17:31] C:\Program Files\Atari [03/31/2004|14:36] C:\Program Files\ATI Technologies [05/12/2008|18:20] C:\Program Files\AVYMEDIA [10/15/2008|15:29] C:\Program Files\bfgclient [03/15/2008|12:37] C:\Program Files\BoundAround_Demo [03/30/2005|19:14] C:\Program Files\Calendar Creator [02/22/2005|19:26] C:\Program Files\Canon [01/02/2009|14:37] C:\Program Files\Chill [12/24/2006|01:03] C:\Program Files\Comcast Play Games [03/24/2007|12:59] C:\Program Files\ComcastToolbar [02/13/2009|19:49] C:\Program Files\Common Files [03/31/2004|13:06] C:\Program Files\ComPlus Applications [03/15/2008|12:39] C:\Program Files\Cosmic Bugs [09/25/2004|22:46] C:\Program Files\Crimsonland [09/25/2004|11:59] C:\Program Files\Croteam [01/06/2008|19:04] C:\Program Files\Dark Basic Software [10/10/2008|16:23] C:\Program Files\Diablo [10/14/2008|21:15] C:\Program Files\Diablo II [09/23/2004|16:03] C:\Program Files\directx [05/03/2005|20:10] C:\Program Files\Doom 3 [05/03/2005|19:13] C:\Program Files\Doom 3 Demo [08/16/2004|17:59] C:\Program Files\drag'n drop cd+dvd [07/19/2008|17:09] C:\Program Files\Empire Interactive [02/22/2005|19:19] C:\Program Files\epic [02/22/2005|19:14] C:\Program Files\EPSON [09/25/2005|12:11] C:\Program Files\Expert Software [06/28/2005|14:33] C:\Program Files\Feeding Frenzy [09/25/2004|09:30] C:\Program Files\Fox [03/15/2008|12:45] C:\Program Files\FrozenFruits [05/17/2008|19:05] C:\Program Files\Game_Maker7 [10/25/2008|14:55] C:\Program Files\GameFiesta [02/13/2009|18:16] C:\Program Files\GameHouse [01/19/2007|07:46] C:\Program Files\GameSpy Arcade [03/15/2008|12:48] C:\Program Files\Giant [01/13/2009|20:50] C:\Program Files\Google [03/15/2008|12:46] C:\Program Files\Gutterball 2 [03/26/2005|13:23] C:\Program Files\Hasbro Interactive [03/15/2008|12:46] C:\Program Files\Icarus [10/22/2005|19:41] C:\Program Files\id Software [10/07/2004|10:17] C:\Program Files\Infogrames Interactive [02/02/2009|21:16] C:\Program Files\InstallShield Installation Information [03/31/2004|13:16] C:\Program Files\Intel [05/26/2005|13:06] C:\Program Files\InterActual [02/13/2009|03:03] C:\Program Files\Internet Explorer [08/16/2004|17:52] C:\Program Files\InterVideo [12/25/2007|09:00] C:\Program Files\iPod [04/17/2006|18:21] C:\Program Files\ItsDeductible2005 [04/13/2005|13:41] C:\Program Files\ItsDeductibleEX [12/25/2007|09:00] C:\Program Files\iTunes [02/13/2009|18:07] C:\Program Files\iWin Games [01/02/2009|14:19] C:\Program Files\iWin.com [04/22/2007|20:32] C:\Program Files\KrazyDad [01/29/2005|14:44] C:\Program Files\Learn2.com [12/10/2007|22:20] C:\Program Files\LifeFX [05/29/2005|12:01] C:\Program Files\LucasArts [08/15/2005|12:14] C:\Program Files\Luxor [02/13/2009|21:14] C:\Program Files\Malwarebytes' Anti-Malware [08/23/2005|15:55] C:\Program Files\Mattel Interactive [05/19/2005|16:53] C:\Program Files\Maxis [09/02/2008|22:26] C:\Program Files\McAfee [12/24/2006|01:33] C:\Program Files\McAfee.com [12/25/2005|18:29] C:\Program Files\Media Guitar Basics [02/13/2009|03:05] C:\Program Files\Messenger [08/16/2004|18:03] C:\Program Files\Microsoft ActiveSync [03/31/2004|13:07] C:\Program Files\microsoft frontpage [10/27/2005|14:40] C:\Program Files\Microsoft Games [08/16/2004|18:04] C:\Program Files\Microsoft Office [08/16/2004|18:01] C:\Program Files\Microsoft Works [03/31/2004|15:57] C:\Program Files\MoodLogic [09/24/2004|22:27] C:\Program Files\Movie Maker [03/31/2004|13:05] C:\Program Files\MSN [01/09/2007|19:20] C:\Program Files\MSN Games [03/31/2004|13:05] C:\Program Files\MSN Gaming Zone [11/06/2004|18:58] C:\Program Files\MSXML 4.0 [09/24/2004|22:23] C:\Program Files\NetMeeting [03/31/2004|15:54] C:\Program Files\Netscape [02/13/2009|19:00] C:\Program Files\NOS [06/20/2005|17:49] C:\Program Files\Oasis [10/26/2008|18:23] C:\Program Files\Oberon Media [01/09/2007|19:19] C:\Program Files\Online Services [01/18/2007|20:08] C:\Program Files\OpenOffice.org 2.1 [06/13/2007|02:03] C:\Program Files\Outlook Express [06/05/2005|23:38] C:\Program Files\Pariah Multiplayer Demo [03/27/2007|10:58] C:\Program Files\Pivot Stickfigure Animator [02/02/2009|19:15] C:\Program Files\PlayFirst [01/09/2009|17:36] C:\Program Files\Playrix Entertainment [03/15/2008|12:40] C:\Program Files\PopCap Games [08/02/2007|21:56] C:\Program Files\Project64 [12/16/2008|21:00] C:\Program Files\Project64 1.6 [01/09/2007|19:15] C:\Program Files\Pure Networks [08/13/2005|09:38] C:\Program Files\Quake III Arena [03/31/2004|15:59] C:\Program Files\Quicken [12/25/2007|08:57] C:\Program Files\QuickTime [09/06/2004|19:01] C:\Program Files\Real [10/17/2008|17:49] C:\Program Files\RealArcade [06/20/2005|17:47] C:\Program Files\ReflexiveArcade [09/25/2004|23:24] C:\Program Files\Return to Castle Wolfenstein [08/15/2005|17:26] C:\Program Files\Rocket Bowl [01/15/2007|21:16] C:\Program Files\Rockstar Games [12/22/2008|23:14] C:\Program Files\Sallys Spa [09/14/2007|18:41] C:\Program Files\Security Task Manager [03/31/2004|16:00] C:\Program Files\Shield [02/13/2009|18:17] C:\Program Files\Shockwave.com [12/16/2006|18:59] C:\Program Files\Sierra [08/16/2004|18:05] C:\Program Files\Sony [08/06/2007|08:54] C:\Program Files\Starcraft [04/24/2005|14:02] C:\Program Files\Strategy First [05/11/2007|01:55] C:\Program Files\support.com [12/24/2006|01:23] C:\Program Files\Symantec [04/16/2007|16:39] C:\Program Files\TaxCut06 [01/09/2008|17:04] C:\Program Files\The Game Creators [12/22/2006|09:56] C:\Program Files\The Learning Company [12/24/2006|01:04] C:\Program Files\THQ [02/11/2009|20:02] C:\Program Files\Trend Micro [04/12/2008|13:33] C:\Program Files\TurboTax [12/07/2005|20:07] C:\Program Files\Ubi Soft [09/08/2004|21:15] C:\Program Files\Ubisoft [02/02/2008|01:50] C:\Program Files\Uniblue [03/31/2004|13:11] C:\Program Files\Uninstall Information [11/03/2006|21:48] C:\Program Files\VCW VicMan's Photo Editor [08/01/2008|17:35] C:\Program Files\Ventrilo [12/10/2007|22:20] C:\Program Files\ViaVoice TTS [09/06/2004|19:01] C:\Program Files\Viewpoint [02/03/2009|20:49] C:\Program Files\Warcraft III [04/24/2005|14:55] C:\Program Files\Web Publish [10/18/2008|17:32] C:\Program Files\WildGames [01/09/2007|01:15] C:\Program Files\Windows Defender [04/27/2007|00:38] C:\Program Files\Windows Media Connect 2 [04/27/2007|00:38] C:\Program Files\Windows Media Player [09/24/2004|22:23] C:\Program Files\Windows NT [03/31/2004|13:05] C:\Program Files\WindowsUpdate [01/28/2009|18:42] C:\Program Files\World of Warcraft [03/31/2004|13:07] C:\Program Files\xerox --------------------\\ Listing Folders in C:\Program Files\Common Files [02/13/2009|19:14] C:\Program Files\Common Files\Adobe [02/13/2009|19:15] C:\Program Files\Common Files\Adobe AIR [04/12/2008|13:46] C:\Program Files\Common Files\AnswerWorks 4.0 [01/09/2007|19:13] C:\Program Files\Common Files\AOL [08/31/2006|17:53] C:\Program Files\Common Files\aolback [12/25/2007|08:53] C:\Program Files\Common Files\Apple [01/09/2008|17:07] C:\Program Files\Common Files\Bcgsoft [12/04/2008|18:40] C:\Program Files\Common Files\Blizzard Entertainment [03/30/2005|19:01] C:\Program Files\Common Files\Broderbund [08/16/2004|18:03] C:\Program Files\Common Files\DESIGNER [04/24/2005|14:06] C:\Program Files\Common Files\DirectX [11/17/2006|21:35] C:\Program Files\Common Files\Download Manager [02/22/2005|19:07] C:\Program Files\Common Files\EPSON [06/05/2005|23:37] C:\Program Files\Common Files\Groove Games Shared [08/16/2004|17:53] C:\Program Files\Common Files\InstallShield [03/31/2004|15:59] C:\Program Files\Common Files\Intuit [07/04/2008|17:01] C:\Program Files\Common Files\McAfee [08/16/2004|18:05] C:\Program Files\Common Files\Microsoft Shared [03/31/2004|13:06] C:\Program Files\Common Files\MSSoap [02/09/2005|14:30] C:\Program Files\Common Files\NSV [01/29/2005|14:43] C:\Program Files\Common Files\Nullsoft [09/19/2008|16:12] C:\Program Files\Common Files\Oberon Media [03/31/2004|05:03] C:\Program Files\Common Files\ODBC [03/31/2004|15:59] C:\Program Files\Common Files\Palo Alto Software [09/05/2004|20:30] C:\Program Files\Common Files\PocketSoft [02/22/2005|19:15] C:\Program Files\Common Files\Python [09/06/2004|19:01] C:\Program Files\Common Files\Real [03/19/2007|09:06] C:\Program Files\Common Files\Scanner [03/31/2004|13:06] C:\Program Files\Common Files\Services [08/16/2004|17:55] C:\Program Files\Common Files\Sony Shared [03/31/2004|05:03] C:\Program Files\Common Files\SpeechEngines [02/02/2009|19:17] C:\Program Files\Common Files\SWF Studio [12/24/2006|01:23] C:\Program Files\Common Files\Symantec Shared [06/13/2007|02:03] C:\Program Files\Common Files\System [08/01/2008|17:34] C:\Program Files\Common Files\Wise Installation Wizard --------------------\\ Process ( 52 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\David\Cookies\david@advertising[1].txt C:\DOCUME~1\David\Cookies\david@advertising[2].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-13 23:46:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:138][D:0]-> C:\DOCUME~1\David\Cookies [F:649][D:4]-> C:\DOCUME~1\David\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Fri 02/13/2009|23:48 - Option : [1] --------------------\\ Scan completed at 23:48:53
  5. rundbay
    LOL...No I'm not sure I want the iWin stuff on the computer. I should probably mention that this machine is used primarily by my 2 teenage daughters. Anyway here are the logs, hopefully in the right order! JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Feb 13 18:30:18 2009 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410201 ------------------------------------ Finished reporting. ComboFix 09-02-12.03 - David 2009-02-13 19:45:13.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.126 [GMT -8:00] Running from: c:\documents and settings\David\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\David\Desktop\CFscript.txt AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point FILE :: c:\progra~1\IWINGA~1\IWINGA~1.DLL c:\windows\QTFont.for c:\windows\QTFont.qfn c:\windows\system32\nnnkkjhi.dll c:\windows\system32\uacinit.dll c:\windows\Tasks\jmyesjxs.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\QTFont.for c:\windows\QTFont.qfn c:\windows\system32\uacinit.dll c:\windows\Tasks\jmyesjxs.job . ((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))) . 2009-02-13 19:15 . 2009-02-13 19:15 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-02-13 19:00 . 2009-02-13 19:00 <DIR> d-------- c:\program files\NOS 2009-02-13 19:00 . 2009-02-13 19:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-02-12 20:06 . 2008-05-01 06:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-02-12 19:27 . 2009-02-12 20:09 <DIR> d-------- C:\2combofix 2009-02-11 20:02 . 2009-02-11 20:02 <DIR> d-------- c:\program files\Trend Micro 2009-02-02 19:17 . 2009-02-02 19:17 <DIR> d-------- c:\program files\Common Files\SWF Studio 2009-01-16 21:36 . 2009-01-16 21:36 <DIR> d-------- c:\documents and settings\David\Application Data\Boomzap 2009-01-16 19:57 . 2009-01-16 19:57 <DIR> d-------- c:\documents and settings\David\Application Data\World-LooM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 04:02 --------- d-----w c:\documents and settings\David\Application Data\OpenOffice.org2 2009-02-14 03:26 --------- d-----w c:\documents and settings\David\Application Data\ComcastToolbar 2009-02-14 03:14 --------- d-----w c:\program files\Common Files\Adobe 2009-02-14 02:17 --------- d-----w c:\program files\Shockwave.com 2009-02-14 02:16 --------- d-----w c:\program files\GameHouse 2009-02-14 02:07 --------- d-----w c:\program files\iWin Games 2009-02-04 04:49 --------- d-----w c:\program files\Warcraft III 2009-02-03 05:16 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 03:17 --------- d-----w c:\documents and settings\David\Application Data\PlayFirst 2009-02-03 03:17 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2009-02-03 03:15 --------- d-----w c:\program files\PlayFirst 2009-01-29 02:42 --------- d-----w c:\program files\World of Warcraft 2009-01-26 21:11 --------- d-----w c:\documents and settings\David\Application Data\AdobeUM 2009-01-14 04:50 --------- d-----w c:\program files\Google 2009-01-10 01:37 --------- d-----w c:\documents and settings\David\Application Data\Playrix Entertainment 2009-01-10 01:36 --------- d-----w c:\program files\Playrix Entertainment 2009-01-02 22:37 --------- d-----w c:\program files\Chill 2009-01-02 22:19 --------- d-----w c:\program files\iWin.com 2009-01-02 01:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-02 01:48 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-01-01 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse 2008-12-29 15:01 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\COMCASTTOOLBAR 2008-12-23 07:14 --------- d-----w c:\program files\Sallys Spa 2008-12-23 07:13 --------- d-----w c:\program files\Alawar 2008-12-23 06:35 --------- d-----w c:\documents and settings\David\Application Data\iWin 2008-12-23 06:35 --------- d-----w c:\documents and settings\All Users\Application Data\iWin 2008-12-23 06:05 --------- d-----w c:\documents and settings\David\Application Data\GameInvest 2008-12-21 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\NevoSoft Games 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-17 05:00 --------- d-----w c:\program files\Project64 1.6 . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\David\Application Data\Boomzap ---- 2009-01-16 21:43 296489 --a------ c:\documents and settings\David\Application Data\Boomzap\orchard_bzp.rms 2009-01-16 21:43 100282 --a------ c:\documents and settings\David\Application Data\Boomzap\orchard.log ---- Directory of c:\documents and settings\David\Application Data\World-LooM ---- 2009-01-16 20:47 711 --a------ c:\documents and settings\David\Application Data\World-LooM\Fix-it-up Kate's Adventure\settings.xml 2009-01-16 20:47 4864 --a------ c:\documents and settings\David\Application Data\World-LooM\Fix-it-up Kate's Adventure\um.sav.dso 2009-01-16 19:57 2603 --a------ c:\documents and settings\David\Application Data\World-LooM\Fix-it-up Kate's Adventure\default.sav.dso ((((((((((((((((((((((((((((( SnapShot@2009-02-12_20.07.09.96 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll + 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll + 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll + 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys + 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll + 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll + 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys + 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys + 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys + 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll + 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll + 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys + 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys + 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll + 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll + 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll + 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll - 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys - 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe - 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-04-23 04:16:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-04-23 04:16:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-04-23 04:16:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-04-23 04:16:28 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-04-23 04:16:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-04-22 07:39:58 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-04-23 04:16:28 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-04-23 04:16:28 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-04-20 05:07:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-04-23 04:16:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-04-23 04:16:28 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-04-23 04:16:28 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-04-22 07:39:58 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-04-22 07:40:18 625,664 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-04-23 04:16:28 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-04-23 04:16:28 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-04-23 04:16:28 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-04-24 05:16:30 3,591,680 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-04-23 04:16:28 478,208 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-04-23 04:16:28 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-04-23 04:16:28 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-04-23 04:16:28 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-04-23 04:16:28 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-04-23 04:16:29 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-04-23 04:16:29 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll + 2009-02-13 11:01:15 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe + 2007-12-12 23:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe - 2008-04-23 04:16:28 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll - 2009-02-13 03:27:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-14 03:12:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-02-13 03:27:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-02-14 03:12:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-02-13 03:27:12 81,920 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-14 03:12:37 81,920 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-04-23 04:16:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys - 2008-02-20 05:32:43 148,992 -c----w c:\windows\system32\dllcache\dnsapi.dll + 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll - 2008-04-23 04:16:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-04-23 04:16:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-07-07 20:32:22 253,952 -c----w c:\windows\system32\dllcache\es.dll - 2008-04-23 04:16:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll - 2008-02-20 06:51:05 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll + 2008-10-23 13:01:36 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll - 2008-04-23 04:16:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-04-22 07:39:58 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe - 2008-04-23 04:16:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-04-23 04:16:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-04-20 05:07:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll - 2008-04-23 04:16:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-04-23 04:16:28 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll - 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-04-23 04:16:28 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-04-23 04:16:28 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-04-22 07:39:58 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-04-22 07:40:18 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe - 2007-08-21 06:15:44 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll + 2008-04-11 18:50:43 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll - 2008-04-23 04:16:28 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-06-18 09:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe - 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys + 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys + 2008-06-24 16:23:05 74,240 -c----w c:\windows\system32\dllcache\mscms.dll - 2008-04-23 04:16:28 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-04-23 04:16:28 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-04-24 05:16:30 3,591,680 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2009-01-17 05:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-04-23 04:16:28 478,208 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-04-23 04:16:28 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-04-23 04:16:28 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-06-20 17:41:10 245,248 -c----w c:\windows\system32\dllcache\mswsock.dll - 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll + 2008-09-04 16:42:02 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll - 2006-08-17 12:28:27 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll + 2008-10-15 16:57:55 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll - 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe - 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe - 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe + 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe - 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe - 2008-04-23 04:16:28 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-04-23 04:16:28 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys + 2008-12-11 11:57:21 333,184 -c----w c:\windows\system32\dllcache\srv.sys - 2006-08-21 17:52:08 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:15:47 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll - 2007-10-30 17:20:55 360,064 -c----w c:\windows\system32\dllcache\tcpip.sys + 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys - 2006-08-16 09:37:30 225,664 -c----w c:\windows\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys - 2008-04-23 04:16:28 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-04-23 04:16:29 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-04-23 04:16:29 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\system32\dllcache\win32k.sys + 2008-09-15 11:57:41 1,846,016 -c----w c:\windows\system32\dllcache\win32k.sys - 2008-04-23 04:16:29 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-06-18 13:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll - 2006-10-19 04:47:22 2,450,944 -c----w c:\windows\system32\dllcache\wmvcore.dll + 2008-06-18 13:03:14 2,458,112 -c----w c:\windows\system32\dllcache\WMVCore.dll - 2007-07-31 02:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 22:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll - 2008-02-20 05:32:43 148,992 ----a-w c:\windows\system32\dnsapi.dll + 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll - 2004-08-04 06:14:14 138,496 ----a-w c:\windows\system32\drivers\afd.sys + 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys - 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys - 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys + 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys - 2007-10-30 17:20:55 360,064 ----a-w c:\windows\system32\drivers\tcpip.sys + 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys - 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys - 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll + 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll - 2008-04-23 04:16:28 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-04-09 10:10:26 221,632 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-13 11:13:01 221,632 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll + 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll - 2008-04-23 04:16:28 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-04-22 07:39:58 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-04-23 04:16:28 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-04-23 04:16:28 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-04-20 05:07:51 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-04-23 04:16:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-04-23 04:16:28 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-04-23 04:16:28 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-04-23 04:16:28 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-04-22 07:39:58 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll + 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll - 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2006-10-19 03:03:58 100,864 ----a-w c:\windows\system32\logagent.exe + 2008-06-18 09:09:22 100,864 ----a-w c:\windows\system32\logagent.exe - 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll + 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll - 2008-04-23 04:16:28 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-04-23 04:16:28 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-04-24 05:16:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll + 2009-01-17 05:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\mshtmled.dll + 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-04-23 04:16:28 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll - 2004-08-04 07:56:44 245,248 ----a-w c:\windows\system32\mswsock.dll + 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll - 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll + 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll - 2007-05-08 22:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll + 2008-10-01 00:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll - 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll + 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll - 2007-02-28 08:38:57 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe + 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe - 2007-02-28 09:08:48 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe + 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe - 2008-04-23 04:16:28 102,912 ----a-w c:\windows\system32\occache.dll + 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll - 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2007-11-30 11:18:51 17,272 ----a-w c:\windows\system32\spmsg.dll + 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll - 2006-08-21 17:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll + 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll - 2007-11-13 11:31:11 60,416 ----a-w c:\windows\system32\tzchange.exe + 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe - 2008-04-23 04:16:28 105,984 ----a-w c:\windows\system32\url.dll + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll - 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-04-23 04:16:29 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\win32k.sys + 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys - 2006-10-19 04:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll + 2008-06-18 13:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll - 2006-10-19 04:47:20 295,936 ----a-w c:\windows\system32\wmpeffects.dll + 2008-06-25 02:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll - 2006-10-19 04:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll + 2008-06-18 13:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll - 2007-07-31 02:18:40 33,624 ----a-w c:\windows\system32\wups.dll + 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\wups.dll - 2007-07-31 02:19:12 43,352 ----a-w c:\windows\system32\wups2.dll + 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\wups2.dll + 2008-10-01 00:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-10-01 00:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll + 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-06 26112] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "EPSON Stylus CX5200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-06-30 74752] "HostManager"="c:\program files\Common Files\AOL\1152497802\ee\AOLSoftware.exe" [2006-09-25 50736] "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\David\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-02 57344] Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-08-16 229376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\SV_Httpd.exe"= "c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\UPnPFramework.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"= "c:\\Program Files\\Pariah Multiplayer Demo\\System\\Pariah.exe"= "c:\\Program Files\\Quake III Arena\\quake3.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Diablo II\\Diablo II.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:UDP"= 6112:UDP:Warcraft "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336] R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-08-16 86098] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-13 33752] S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?] . Contents of the 'Scheduled Tasks' folder 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-01-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2009-02-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2009-02-14 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2009-02-02 c:\windows\Tasks\Uniblue SpyEraser Nag.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] 2008-12-09 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www6.comcast.net/a/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.comcast.net mWindow Title = Windows Internet Explorer provided by Comcast uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: turbotax.com DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} - hxxp://download.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} - hxxp://download.playfirst.com/play/game/tastyplanet/tastyplanet.1.0.0.4.cab DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://download.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.10.cab DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-13 19:55:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe c:\program files\Sony\Giga Pocket\shwserv.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\windows\system32\UAService7.exe c:\windows\wanmpsvc.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\program files\Sony\Giga Pocket\RM_SV.exe c:\program files\OpenOffice.org 2.1\program\soffice.exe c:\program files\OpenOffice.org 2.1\program\soffice.bin c:\program files\McAfee\MPF\MpfSrv.exe c:\progra~1\McAfee\MSC\mcuimgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-02-13 20:09:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-14 04:09:21 ComboFix2.txt 2009-02-13 04:08:37 Pre-Run: 68,684,365,824 bytes free Post-Run: 68,696,907,776 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 543 --- E O F --- 2009-02-13 11:06:10 SDFix: Version 1.240 Run by David on Fri 02/13/2009 at 08:38 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:11:13 PM, on 2/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Sony\Giga Pocket\shwserv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Sony\Giga Pocket\RM_SV.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\sony\usbsircs\usbsircs.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Support.com\bin\tgcmd.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Remocon Driver.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 14486 bytes Malwarebytes' Anti-Malware 1.34 Database version: 1761 Windows 5.1.2600 Service Pack 2 2/13/2009 9:23:23 PM mbam-log-2009-02-13 (21-23-23).txt Scan type: Quick Scan Objects scanned: 80653 Time elapsed: 5 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 105 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\malwaredestruct.server.1 (Rogue.MalwareDestructor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\expertantivirus.addin.1 (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\estkzelc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:28:55 PM, on 2/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Sony\Giga Pocket\shwserv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\UAService7.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\sony\usbsircs\usbsircs.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Remocon Driver.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 14346 bytes
  6. rundbay
    Here are the logs, ComboFix did not ask to install the recovery console, just went right to scanning...Thanks ComboFix 09-02-12.03 - David 2009-02-12 19:37:22.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.218 [GMT -8:00] Running from: c:\documents and settings\David\Desktop\2combofix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\David\Application Data\.# c:\documents and settings\David\Application Data\.#\MBX@E70@B34180.### c:\documents and settings\David\Application Data\.#\MBX@E70@B341B0.### c:\documents and settings\David\Application Data\.#\MBX@E70@B341E0.### c:\documents and settings\David\Application Data\FunWebProducts c:\documents and settings\David\Application Data\FunWebProducts\Data\David\avatar.dat c:\documents and settings\David\Application Data\gadcom c:\documents and settings\David\Local Settings\Temporary Internet Files\fbk.sts c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\019CF8F2.urr c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\165F1906 c:\program files\MyWebSearch\bar\Cache\165F1B67 c:\program files\MyWebSearch\bar\Cache\165F1C13.bin c:\program files\MyWebSearch\bar\Cache\165F1D2C.bin c:\program files\MyWebSearch\bar\Cache\165F1E07.bin c:\program files\MyWebSearch\bar\Cache\165F1F7E.bin c:\program files\MyWebSearch\bar\Cache\165F2088.bin c:\program files\MyWebSearch\bar\Cache\23944921.bin c:\program files\MyWebSearch\bar\Cache\2394574A.bin c:\program files\MyWebSearch\bar\Cache\23945844.bin c:\program files\MyWebSearch\bar\Cache\2394594E.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\windows\BM57c5e42d.txt c:\windows\BM57c5e42d.xml c:\windows\cookies.ini c:\windows\pskt.ini c:\windows\setup.exe c:\windows\system32\adhrtmmh.ini c:\windows\system32\deNnnUtv.ini c:\windows\system32\deNnnUtv.ini2 c:\windows\system32\drivers\UACktivklrr.sys c:\windows\system32\ehnfelhw.ini c:\windows\system32\f3PSSavr.scr c:\windows\system32\hwtrbhbm.ini c:\windows\system32\kmmqbsse.ini c:\windows\system32\KmUBKRqr.ini c:\windows\system32\KmUBKRqr.ini2 c:\windows\system32\ktxmpdge.ini c:\windows\system32\lgrjfjbw.ini c:\windows\system32\mcrh.tmp c:\windows\system32\mxbyvuxt.ini c:\windows\system32\oxslppkr.ini c:\windows\system32\twain32 c:\windows\system32\twain32\local.ds c:\windows\system32\twain32\user.ds c:\windows\system32\twain32\user.ds.lll c:\windows\system32\UACfmynsxwk.log c:\windows\system32\UACkqrnbjnq.dll c:\windows\system32\UACmqlhhmlt.log c:\windows\system32\UACpbdktuir.dll c:\windows\system32\UACpuipsxkl.dat c:\windows\system32\UACvwipptaq.dll c:\windows\system32\UACwmowijbo.dll c:\windows\system32\UACyltowkgo.log c:\windows\system32\uqajaryd.ini c:\windows\system32\useycood.ini c:\windows\system32\wpv151233967690.cpx c:\windows\system32\xubrtxsd.ini c:\windows\wiaserviv.log ----- BITS: Possible infected sites ----- hxxp://childhe.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_IWINGAMESINSTALLER -------\Service_iWinGamesInstaller ((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 ))))))))))))))))))))))))))))))) . 2009-02-12 19:19 . 2009-02-12 19:53 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-12 19:19 . 2009-02-12 19:19 1,409 --a------ c:\windows\QTFont.for 2009-02-11 20:02 . 2009-02-11 20:02 <DIR> d-------- c:\program files\Trend Micro 2009-02-08 17:23 . 2009-02-12 15:33 5,541 --a------ c:\windows\system32\uacinit.dll 2009-02-02 19:17 . 2009-02-02 19:17 <DIR> d-------- c:\program files\Common Files\SWF Studio 2009-01-16 21:36 . 2009-01-16 21:36 <DIR> d-------- c:\documents and settings\David\Application Data\Boomzap 2009-01-16 19:57 . 2009-01-16 19:57 <DIR> d-------- c:\documents and settings\David\Application Data\World-LooM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 03:55 --------- d-----w c:\documents and settings\David\Application Data\OpenOffice.org2 2009-02-10 23:29 --------- d-----w c:\documents and settings\David\Application Data\ComcastToolbar 2009-02-04 04:49 --------- d-----w c:\program files\Warcraft III 2009-02-03 05:16 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 03:17 --------- d-----w c:\documents and settings\David\Application Data\PlayFirst 2009-02-03 03:17 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2009-02-03 03:15 --------- d-----w c:\program files\PlayFirst 2009-01-29 02:42 --------- d-----w c:\program files\World of Warcraft 2009-01-26 21:11 --------- d-----w c:\documents and settings\David\Application Data\AdobeUM 2009-01-14 04:50 --------- d-----w c:\program files\Google 2009-01-10 01:37 --------- d-----w c:\documents and settings\David\Application Data\Playrix Entertainment 2009-01-10 01:36 --------- d-----w c:\program files\Playrix Entertainment 2009-01-02 22:37 --------- d-----w c:\program files\Chill 2009-01-02 22:19 --------- d-----w c:\program files\iWin.com 2009-01-02 01:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-02 01:48 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-01-01 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse 2008-12-29 15:01 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\COMCASTTOOLBAR 2008-12-23 07:14 --------- d-----w c:\program files\Sallys Spa 2008-12-23 07:13 --------- d-----w c:\program files\Alawar 2008-12-23 06:35 --------- d-----w c:\documents and settings\David\Application Data\iWin 2008-12-23 06:35 --------- d-----w c:\documents and settings\All Users\Application Data\iWin 2008-12-23 06:05 --------- d-----w c:\documents and settings\David\Application Data\GameInvest 2008-12-21 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\NevoSoft Games 2008-12-17 05:00 --------- d-----w c:\program files\Project64 1.6 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EA756889-2338-43DB-8F07-D1CA6FB9C90D}"= "c:\program files\AOL\AOL Toolbar 4.0\aoltb.dll" [2006-11-13 968240] [HKEY_CLASSES_ROOT\clsid\{ea756889-2338-43db-8f07-d1ca6fb9c90d}] [HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{371A6A18-2D6A-4DF8-A4AA-61CA349B3C70}] [HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}] 2008-09-09 08:35 78848 --a------ c:\progra~1\IWINGA~1\IWINGA~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-06 26112] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "EPSON Stylus CX5200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-06-30 74752] "HostManager"="c:\program files\Common Files\AOL\1152497802\ee\AOLSoftware.exe" [2006-09-25 50736] "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\David\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-02 57344] Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-08-16 229376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\SV_Httpd.exe"= "c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\UPnPFramework.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"= "c:\\Program Files\\Pariah Multiplayer Demo\\System\\Pariah.exe"= "c:\\Program Files\\Quake III Arena\\quake3.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Diablo II\\Diablo II.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:UDP"= 6112:UDP:Warcraft "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336] R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-08-16 86098] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?] . Contents of the 'Scheduled Tasks' folder 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-02-13 c:\windows\Tasks\jmyesjxs.job - c:\windows\system32\nnnkkjhi.dll [] 2009-01-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2009-02-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2009-02-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2009-02-02 c:\windows\Tasks\Uniblue SpyEraser Nag.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] 2008-12-09 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . - - - - ORPHANS REMOVED - - - - BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) BHO-{6123eacf-695b-464d-8c59-a5b9765071f3} - c:\windows\system32\tcgyjc.dll BHO-{6619893F-294E-4038-91D7-30475767EFB2} - (no file) Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL WebBrowser-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL HKCU-Run-prunnet - c:\windows\system32\prunnet.exe HKLM-Run-Windows SysNotify - c:\windows\system32\mssecc.exe HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe Notify-iiffGYss - iiffGYss.dll Notify-urqQghgE - urqQghgE.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www6.comcast.net/a/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.comcast.net mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = hxxp://www.legendent.com/cgi-bin/bugreport.cgi?version=829&error=Can't+find+'ini:Engine.Engine.GameEngine'+in+configuration+file%0D%0A%0D%0AHistory:+UObject::SafeLoadError+<-+UObject::StaticLoadClass+<-+InitEngine%0D%0A%0D%0ABuild:+Jan++7+2003+18:16:21%0D%0A uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028MHUS IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: turbotax.com DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} - hxxp://download.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} - hxxp://download.playfirst.com/play/game/tastyplanet/tastyplanet.1.0.0.4.cab DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://download.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.10.cab DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-12 19:57:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\LastGood c:\windows\system32\wuapi.dll.wusetup.431656.bak 549720 bytes executable c:\windows\system32\wuauclt.exe.wusetup.433687.bak 53080 bytes executable c:\windows\system32\wuaueng.dll.wusetup.437328.bak 1712984 bytes executable scan completed successfully hidden files: 4 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe c:\program files\Sony\Giga Pocket\shwserv.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\windows\system32\UAService7.exe c:\windows\wanmpsvc.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\program files\OpenOffice.org 2.1\program\soffice.exe c:\program files\OpenOffice.org 2.1\program\soffice.bin c:\program files\Sony\Giga Pocket\RM_SV.exe c:\program files\iPod\bin\iPodService.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\progra~1\McAfee\MSC\mcuimgr.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-02-12 20:08:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-13 04:08:31 Pre-Run: 68,510,150,656 bytes free Post-Run: 68,906,532,864 bytes free 356 --- E O F --- 2008-06-21 10:01:43 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:09:51 PM, on 2/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Sony\Giga Pocket\shwserv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\sony\usbsircs\usbsircs.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Sony\Giga Pocket\RM_SV.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\McAfee\MPF\MPFSrv.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.legendent.com/cgi-bin/bugreport...+18:16:21%0D%0A R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Remocon Driver.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028MHUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O24 - Desktop Component 0: (no name) - http://www.nabou.com/sublinks/pokemon/playing_cards/105.jpg O24 - Desktop Component 1: (no name) - http://content.ytmnd.com/content/d/d/a/dda...388906322cb.gif -- End of file - 15533 bytes
  7. rundbay
    I picked up the Spyware Protect 2009 infection. I could not install Malwarebytes so attempted to remove manually. Found numerous files to delete and am no longer getting popups but continue to have problems. I was able to install Malwarebytes after renaming the install file, but it still won't scan. Used the same trick to install Hijack this and it did run a log. Thanks for any help Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:02:54 PM, on 2/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Sony\Giga Pocket\shwserv.exe C:\Program Files\iWin Games\iWinGamesInstaller.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\sony\usbsircs\usbsircs.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\WINDOWS\system32\UAService7.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony\Giga Pocket\RM_SV.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.legendent.com/cgi-bin/bugreport...+18:16:21%0D%0A R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe, N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js) O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: {3f170567-9b5a-95c8-d464-b596fcae3216} - {6123eacf-695b-464d-8c59-a5b9765071f3} - C:\WINDOWS\system32\tcgyjc.dll (file missing) O2 - BHO: (no name) - {6619893F-294E-4038-91D7-30475767EFB2} - (no file) O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Windows SysNotify] C:\WINDOWS\system32\mssecc.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\David\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Remocon Driver.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028MHUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab O20 - AppInit_DLLs: imeutijb.dll phbicsey.dll qbqqvi.dll tcgyjc.dll O20 - Winlogon Notify: iiffGYss - iiffGYss.dll (file missing) O20 - Winlogon Notify: urqQghgE - urqQghgE.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O24 - Desktop Component 0: (no name) - http://www.nabou.com/sublinks/pokemon/playing_cards/105.jpg O24 - Desktop Component 1: (no name) - http://content.ytmnd.com/content/d/d/a/dda...388906322cb.gif -- End of file - 17880 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.