Jump to content

FROZEN MALWAREBUTES SCAN


Recommended Posts

Hello as instructed.....

Here is the Log file MALWAREBYTES just freezes up on me minutes into the scan.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:02, on 05/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldfserv.exe

C:\WINDOWS\system32\dldfcoms.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Dell AIO Printer 948\dldfmon.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Dell AIO Printer 948\memcard.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll

O2 - BHO: adssite - {1ee29c11-04a1-da11-cf9b-942effe90686} - C:\WINDOWS\system32\nsi8.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TrayStartup] C:\Program Files\BT Auto Backup\VaultClientTray.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"

O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86a3f0addf48dbbdc4af8019a8b3c8

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86a3f0addf48dbbdc4af8019a8b3c8

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131353467937

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab

O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe

O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SiteAdvisor Service - Silicon Integrated Systems Corporation - (no file)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

O24 - Desktop Component 0: (no name) - http://www.eurowoof.com/bears/p/th_pup.jpg

--

End of file - 13555 bytes

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Just re run the MALWAREBYTES seemed to work again???

got his log ...

Am I doing this right???

Malwarebytes' Anti-Malware 1.33

Database version: 1732

Windows 5.1.2600 Service Pack 3

05/02/2009 23:01:31

mbam-log-2009-02-05 (23-01-31).txt

Scan type: Quick Scan

Objects scanned: 66618

Time elapsed: 15 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ee29c11-04a1-da11-cf9b-942effe90686} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1ee29c11-04a1-da11-cf9b-942effe90686} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\user\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\nsi8.dll (Adware.BHO) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello as instructed.....

Here is the Log file MALWAREBYTES just freezes up on me minutes into the scan.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:02, on 05/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldfserv.exe

C:\WINDOWS\system32\dldfcoms.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Dell AIO Printer 948\dldfmon.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Dell AIO Printer 948\memcard.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll

O2 - BHO: adssite - {1ee29c11-04a1-da11-cf9b-942effe90686} - C:\WINDOWS\system32\nsi8.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll

O2 - BHO: Java

mbam_log_2009_02_05__23_01_31_.txt

mbam_log_2009_02_05__23_01_31_.txt

Link to post
Share on other sites

  • Root Admin

STEP 1

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.

  • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  • R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll
  • O2 - BHO: adssite - {1ee29c11-04a1-da11-cf9b-942effe90686} - C:\WINDOWS\system32\nsi8.dll
  • O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll
  • O2 - BHO: Java
Link to post
Share on other sites

hello did al you asked and here are the results...

However somethings are different..

YOOG is still inthe top right where google normally is and bottom right of tray the icons for Speaker MSN et c have all gone other than the clock and Norton.

Thank you

Here are the logs.........

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:05:28, on 06/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldfserv.exe

C:\WINDOWS\system32\dldfcoms.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Dell AIO Printer 948\dldfmon.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Dell AIO Printer 948\memcard.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TrayStartup] C:\Program Files\BT Auto Backup\VaultClientTray.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"

O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86a3f0addf48dbbdc4af8019a8b3c8

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86a3f0addf48dbbdc4af8019a8b3c8

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131353467937

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab

O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe

O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SiteAdvisor Service - Silicon Integrated Systems Corporation - (no file)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--

End of file - 13281 bytes

______________________________________________

ComboFix 09-02-05.02 - user 2009-02-06 12:58:10.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.949 [GMT 0:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

AV: Norton Security Online *On-access scanning enabled* (Updated)

FW: Norton Security Online *enabled*

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\user\Local Settings\Temporary Internet Files\Andy Layton Jame1.doc

.

((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))

.

2009-02-06 12:45 . 2009-02-06 12:45 <DIR> d-------- c:\program files\RegCure

2009-02-06 00:56 . 2009-02-06 00:56 54,156 --ah----- c:\windows\QTFont.qfn

2009-02-06 00:56 . 2009-02-06 00:56 1,409 --a------ c:\windows\QTFont.for

2009-02-05 22:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-02-05 22:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-02-05 19:16 . 2009-02-05 22:16 <DIR> d-------- c:\program files\trend micro

2009-02-05 17:16 . 2009-02-05 22:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-03 10:32 . 2009-02-05 13:16 85,668 --a------ c:\windows\SYSTEM32\767cb589-661b-bcb4-fd68-9303425bf4aa.exe

2009-01-31 04:33 . 2009-01-31 04:33 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes

2009-01-31 04:33 . 2009-01-31 04:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-31 00:31 . 2009-01-31 17:09 <DIR> d-------- c:\program files\VS Revo Group

2009-01-30 23:57 . 2009-01-30 23:57 <DIR> d--hs---- c:\documents and settings\user\IETldCache

2009-01-30 23:47 . 2009-01-30 23:50 <DIR> d--h-c--- c:\windows\ie8

2009-01-30 23:44 . 2009-01-11 05:00 79,360 --------- c:\windows\SYSTEM32\DLLCACHE\iecompat.dll

2009-01-25 14:38 . 2009-02-05 19:06 <DIR> d-------- C:\!KillBox

2009-01-25 04:34 . 2009-02-03 00:46 <DIR> d-------- C:\rsit

2009-01-15 02:22 . 2009-01-15 02:22 49,152 --------- c:\windows\SYSTEM32\msrating.dll.mui

2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows\SYSTEM32\mshta.exe.mui

2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows\SYSTEM32\iedkcs32.dll.mui

2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows\SYSTEM32\ie4uinit.exe.mui

2009-01-15 02:04 . 2009-01-15 02:04 18,944 --------- c:\windows\SYSTEM32\DLLCACHE\corpol.dll

2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-06 12:55 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-06 12:29 --------- d-----w c:\program files\Power_Karaoke

2009-02-05 13:55 --------- d-----w c:\program files\Common Files\Real

2009-02-05 13:54 --------- d-----w c:\program files\Real

2009-01-29 16:08 44,944 ------w c:\windows\system32\drivers\pxhelp20.sys

2009-01-15 02:17 636,264 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe

2009-01-15 02:17 392,040 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll

2009-01-15 02:13 5,888,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

2009-01-15 02:12 10,963,968 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

2009-01-15 02:06 236,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll

2009-01-15 02:06 105,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\url.dll

2009-01-15 02:06 1,182,720 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

2009-01-15 02:05 911,872 ----a-w c:\windows\SYSTEM32\wininet.dll

2009-01-15 02:05 911,872 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll

2009-01-15 02:05 43,008 ----a-w c:\windows\SYSTEM32\licmgr10.dll

2009-01-15 02:05 43,008 ----a-w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll

2009-01-15 02:05 193,536 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll

2009-01-15 02:05 109,056 ----a-w c:\windows\SYSTEM32\DLLCACHE\occache.dll

2009-01-15 02:04 755,200 ----a-w c:\windows\SYSTEM32\DLLCACHE\VGX.dll

2009-01-15 02:04 25,600 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

2009-01-15 02:04 18,944 ----a-w c:\windows\SYSTEM32\corpol.dll

2009-01-15 02:02 611,840 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll

2009-01-15 02:02 593,920 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll

2009-01-15 02:02 1,975,296 ----a-w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll

2009-01-15 02:01 66,560 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll

2009-01-15 02:01 59,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\icardie.dll

2009-01-15 02:01 54,272 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

2009-01-15 02:01 46,592 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll

2009-01-15 02:01 348,160 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll

2009-01-15 02:01 34,304 ----a-w c:\windows\SYSTEM32\imgutil.dll

2009-01-15 02:01 34,304 ----a-w c:\windows\SYSTEM32\DLLCACHE\imgutil.dll

2009-01-15 02:01 216,064 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll

2009-01-15 02:01 183,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

2009-01-15 02:00 48,128 ----a-w c:\windows\SYSTEM32\mshtmler.dll

2009-01-15 02:00 48,128 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmler.dll

2009-01-15 02:00 45,568 ----a-w c:\windows\SYSTEM32\mshta.exe

2009-01-15 02:00 45,568 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshta.exe

2009-01-15 01:53 68,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll

2009-01-15 01:50 156,160 ----a-w c:\windows\SYSTEM32\msls31.dll

2009-01-15 01:50 156,160 ----a-w c:\windows\SYSTEM32\DLLCACHE\msls31.dll

2009-01-15 01:35 445,440 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll

2009-01-11 23:25 --------- d-----w c:\program files\Corel

2009-01-11 23:25 --------- d-----w c:\documents and settings\user\Application Data\Corel

2009-01-11 23:12 2,516 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys

2009-01-10 04:17 --------- d-----w c:\program files\MSN Messenger

2009-01-10 01:13 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-10 01:13 60,808 ----a-w c:\windows\SYSTEM32\S32EVNT1.DLL

2009-01-10 01:13 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-10 01:13 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-10 01:13 --------- d-----w c:\program files\Symantec

2008-12-18 02:33 --------- d-----w c:\program files\Conduit

2008-12-17 11:03 --------- d-----w c:\program files\Common Files\Teleca Shared

2008-12-17 03:35 --------- d-----w c:\program files\Sony Ericsson

2008-12-17 03:35 --------- d-----w c:\documents and settings\user\Application Data\Teleca

2008-12-17 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson

2008-12-14 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-12-13 03:01 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-13 02:59 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software

2008-12-13 02:28 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys

2008-12-09 00:05 --------- d-----w c:\documents and settings\All Users\Application Data\Corel

2008-12-02 18:41 130,208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe

2008-11-10 05:43 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll

2008-10-20 18:05 2,076 ----a-w c:\program files\wixyfeza.txt

2008-10-20 17:26 19,699 ----a-w c:\documents and settings\user\Application Data\nesimah.pif

2008-10-20 17:26 15,787 ----a-w c:\documents and settings\user\Application Data\ukerac.sys

2008-10-20 17:26 15,615 ----a-w c:\documents and settings\All Users\Application Data\huky.scr

2008-10-20 17:26 14,642 ----a-w c:\documents and settings\user\Application Data\gunaf.com

2008-09-08 14:40 61,480 ----a-w c:\documents and settings\user\GoToAssistDownloadHelper.exe

2008-09-01 15:23 61,224 ----a-w c:\documents and settings\All Users\GoToAssistDownloadHelper.exe

2007-11-01 13:35 557,056 ----a-w c:\documents and settings\All Users\GoToAssist_phone__317_en.exe

2006-12-20 16:49 557,056 ----a-w c:\documents and settings\user\GoToAssist_phone__319_en.exe

2006-10-09 19:11 557,056 ----a-w c:\documents and settings\user\chatlnk.exe

2003-08-27 13:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll

2009-01-29 13:40 676,864 ----a-w c:\program files\mozilla firefox\components\4c6672bf-99bb-7a32-cb7b-45da0d04050a.dll

2008-12-30 12:13 655,872 ----a-w c:\program files\mozilla firefox\components\nsadssite.dll

2008-01-18 10:06 278,528 ----a-w c:\program files\mozilla firefox\components\nsBrowserCmp.dll

2008-06-29 23:51 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008063020080701\index.dat

.

((((((((((((((((((((((((((((( snapshot_2009-01-29_23.34.13.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-22 02:21:04 49,736 -c--a-w c:\windows\ie8\spuninst\iecustom.dll

+ 2009-01-15 02:23:42 59,880 -c--a-w c:\windows\ie8\spuninst\iecustom.dll

- 2008-06-12 10:27:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe

+ 2008-10-13 13:55:34 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe

- 2008-06-12 10:28:00 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll

+ 2008-10-13 13:55:34 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll

+ 2009-01-15 02:06:46 2,048 -c----w c:\windows\ie8updates\KB961813-IE8\iecompat.dll

+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\ie8updates\KB961813-IE8\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\ie8updates\KB961813-IE8\spuninst\updspapi.dll

- 2008-08-22 02:06:30 72,704 ----a-w c:\windows\SYSTEM32\admparse.dll

+ 2009-01-15 02:03:32 72,704 ----a-w c:\windows\SYSTEM32\admparse.dll

- 2008-08-22 02:06:16 128,512 ----a-w c:\windows\SYSTEM32\advpack.dll

+ 2009-01-15 02:03:12 128,512 ----a-w c:\windows\SYSTEM32\advpack.dll

- 2008-08-22 02:06:30 72,704 ----a-w c:\windows\SYSTEM32\DLLCACHE\admparse.dll

+ 2009-01-15 02:03:32 72,704 ----a-w c:\windows\SYSTEM32\DLLCACHE\admparse.dll

- 2008-08-22 02:06:16 128,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll

+ 2009-01-15 02:03:12 128,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll

- 2008-06-12 10:27:52 1,022,976 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll

+ 2008-10-13 13:55:30 1,022,976 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll

- 2008-08-22 02:06:24 162,304 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

+ 2009-01-15 02:03:28 172,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

- 2008-08-22 02:06:36 124,928 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll

+ 2009-01-15 02:03:42 125,952 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll

- 2008-08-22 02:06:40 228,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll

+ 2009-01-15 02:03:50 228,352 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll

- 2008-08-22 02:06:24 163,840 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll

+ 2009-01-15 02:03:20 163,840 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll

- 2008-07-29 21:58:08 3,670,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat

+ 2008-12-14 17:12:42 3,698,040 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat

- 2008-08-22 02:06:20 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll

+ 2009-01-15 02:03:14 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll

- 2008-08-22 02:06:24 71,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\iesetup.dll

+ 2009-01-15 02:03:18 71,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\iesetup.dll

- 2008-08-22 02:06:16 94,720 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll

+ 2009-01-15 02:03:14 94,720 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll

- 2008-08-22 02:06:30 552,960 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll

+ 2009-01-15 02:03:58 724,992 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll

- 2008-06-12 10:27:52 1,497,088 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll

+ 2008-10-13 13:55:30 1,497,088 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll

- 2008-06-12 10:27:52 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll

+ 2008-10-13 13:55:30 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll

- 2008-06-12 10:27:56 134,144 ------w c:\windows\SYSTEM32\DLLCACHE\sqmapi.dll

+ 2008-10-13 13:55:32 134,144 ------w c:\windows\SYSTEM32\DLLCACHE\sqmapi.dll

- 2008-08-22 02:06:36 434,176 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll

+ 2009-01-15 02:03:36 420,352 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll

- 2008-08-22 02:05:16 346,624 ----a-w c:\windows\SYSTEM32\dxtmsft.dll

+ 2009-01-15 02:01:22 348,160 ----a-w c:\windows\SYSTEM32\dxtmsft.dll

- 2008-08-22 02:05:10 217,088 ----a-w c:\windows\SYSTEM32\dxtrans.dll

+ 2009-01-15 02:01:16 216,064 ----a-w c:\windows\SYSTEM32\dxtrans.dll

- 2008-08-22 02:05:20 61,952 ----a-w c:\windows\SYSTEM32\icardie.dll

+ 2009-01-15 02:01:40 59,904 ----a-w c:\windows\SYSTEM32\icardie.dll

- 2008-06-12 10:27:42 26,112 ----a-w c:\windows\SYSTEM32\idndl.dll

+ 2008-10-13 13:55:22 26,112 ----a-w c:\windows\SYSTEM32\idndl.dll

- 2008-08-22 02:06:24 162,304 ----a-w c:\windows\SYSTEM32\ie4uinit.exe

+ 2009-01-15 02:03:28 172,544 ----a-w c:\windows\SYSTEM32\ie4uinit.exe

- 2008-08-22 02:06:36 124,928 ----a-w c:\windows\SYSTEM32\ieakeng.dll

+ 2009-01-15 02:03:42 125,952 ----a-w c:\windows\SYSTEM32\ieakeng.dll

- 2008-08-22 02:06:40 228,864 ----a-w c:\windows\SYSTEM32\ieaksie.dll

+ 2009-01-15 02:03:50 228,352 ----a-w c:\windows\SYSTEM32\ieaksie.dll

- 2008-08-22 02:06:24 163,840 ----a-w c:\windows\SYSTEM32\ieakui.dll

+ 2009-01-15 02:03:20 163,840 ----a-w c:\windows\SYSTEM32\ieakui.dll

- 2008-07-29 21:58:08 3,670,112 ----a-w c:\windows\SYSTEM32\ieapfltr.dat

+ 2008-12-14 17:12:42 3,698,040 ----a-w c:\windows\SYSTEM32\ieapfltr.dat

- 2008-08-22 01:42:22 443,392 ----a-w c:\windows\SYSTEM32\ieapfltr.dll

+ 2009-01-15 01:35:10 445,440 ----a-w c:\windows\SYSTEM32\ieapfltr.dll

- 2008-08-22 02:06:44 385,024 ----a-w c:\windows\SYSTEM32\iedkcs32.dll

+ 2009-01-15 02:17:22 392,040 ----a-w c:\windows\SYSTEM32\iedkcs32.dll

- 2008-08-22 02:10:34 11,985,408 ----a-w c:\windows\SYSTEM32\ieframe.dll

+ 2009-01-15 02:12:12 10,963,968 ----a-w c:\windows\SYSTEM32\ieframe.dll

- 2008-08-22 02:05:24 186,880 ----a-w c:\windows\SYSTEM32\iepeers.dll

+ 2009-01-15 02:01:52 183,808 ----a-w c:\windows\SYSTEM32\iepeers.dll

- 2008-08-22 02:06:20 55,808 ----a-w c:\windows\SYSTEM32\iernonce.dll

+ 2009-01-15 02:03:14 55,808 ----a-w c:\windows\SYSTEM32\iernonce.dll

- 2008-08-22 02:06:02 1,778,688 ----a-w c:\windows\SYSTEM32\iertutil.dll

+ 2009-01-15 02:02:50 1,975,296 ----a-w c:\windows\SYSTEM32\iertutil.dll

- 2008-08-22 02:06:24 71,680 ----a-w c:\windows\SYSTEM32\iesetup.dll

+ 2009-01-15 02:03:18 71,680 ----a-w c:\windows\SYSTEM32\iesetup.dll

- 2008-08-22 02:06:24 36,864 ----a-w c:\windows\SYSTEM32\ieudinit.exe

+ 2009-01-15 02:03:18 36,864 ----a-w c:\windows\SYSTEM32\ieudinit.exe

- 2008-08-22 01:58:12 181,760 ----a-w c:\windows\SYSTEM32\ieui.dll

+ 2009-01-15 01:50:50 164,352 ----a-w c:\windows\SYSTEM32\ieui.dll

- 2008-08-22 02:06:16 94,720 ----a-w c:\windows\SYSTEM32\inseng.dll

+ 2009-01-15 02:03:14 94,720 ----a-w c:\windows\SYSTEM32\inseng.dll

- 2008-08-22 02:06:30 552,960 ----a-w c:\windows\SYSTEM32\jscript.dll

+ 2009-01-15 02:03:58 724,992 ----a-w c:\windows\SYSTEM32\jscript.dll

- 2008-08-22 02:06:58 28,672 ----a-w c:\windows\SYSTEM32\jsproxy.dll

+ 2009-01-15 02:04:16 25,600 ----a-w c:\windows\SYSTEM32\jsproxy.dll

- 2008-08-05 16:55:38 265,720 ----a-w c:\windows\SYSTEM32\msdbg2.dll

+ 2008-10-10 12:42:06 265,720 ----a-w c:\windows\SYSTEM32\msdbg2.dll

- 2008-08-22 02:05:48 580,608 ----a-w c:\windows\SYSTEM32\msfeeds.dll

+ 2009-01-15 02:02:40 593,920 ----a-w c:\windows\SYSTEM32\msfeeds.dll

- 2008-08-22 02:05:22 53,760 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll

+ 2009-01-15 02:01:40 54,272 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll

- 2008-08-22 02:05:22 13,312 ----a-w c:\windows\SYSTEM32\msfeedssync.exe

+ 2009-01-15 02:01:42 13,312 ----a-w c:\windows\SYSTEM32\msfeedssync.exe

- 2008-12-14 13:59:44 5,699,584 ----a-w c:\windows\SYSTEM32\mshtml.dll

+ 2009-01-15 02:13:18 5,888,512 ----a-w c:\windows\SYSTEM32\mshtml.dll

- 2008-08-22 02:05:08 70,656 ----a-w c:\windows\SYSTEM32\mshtmled.dll

+ 2009-01-15 02:01:06 66,560 ----a-w c:\windows\SYSTEM32\mshtmled.dll

- 2008-08-22 02:07:50 193,536 ----a-w c:\windows\SYSTEM32\msrating.dll

+ 2009-01-15 02:05:34 193,536 ----a-w c:\windows\SYSTEM32\msrating.dll

- 2008-08-22 02:05:34 630,272 ----a-w c:\windows\SYSTEM32\mstime.dll

+ 2009-01-15 02:02:20 611,840 ----a-w c:\windows\SYSTEM32\mstime.dll

- 2008-06-12 10:27:44 24,576 ----a-w c:\windows\SYSTEM32\nlsdl.dll

+ 2008-10-13 13:55:22 24,576 ----a-w c:\windows\SYSTEM32\nlsdl.dll

- 2008-06-12 10:27:42 23,552 ----a-w c:\windows\SYSTEM32\normaliz.dll

+ 2008-10-13 13:55:22 23,552 ----a-w c:\windows\SYSTEM32\normaliz.dll

- 2008-08-22 02:07:50 116,224 ----a-w c:\windows\SYSTEM32\occache.dll

+ 2009-01-15 02:05:34 109,056 ----a-w c:\windows\SYSTEM32\occache.dll

- 2008-12-23 00:51:14 278,528 ----a-w c:\windows\SYSTEM32\pncrt.dll

+ 2009-02-05 13:54:44 278,528 ----a-w c:\windows\SYSTEM32\pncrt.dll

- 2008-12-23 00:51:15 6,656 ----a-w c:\windows\SYSTEM32\pndx5016.dll

+ 2009-02-05 13:54:46 6,656 ----a-w c:\windows\SYSTEM32\pndx5016.dll

- 2008-12-23 00:51:16 5,632 ----a-w c:\windows\SYSTEM32\pndx5032.dll

+ 2009-02-05 13:54:46 5,632 ----a-w c:\windows\SYSTEM32\pndx5032.dll

- 2008-08-22 02:05:14 45,056 ----a-w c:\windows\SYSTEM32\pngfilt.dll

+ 2009-01-15 02:01:18 46,592 ----a-w c:\windows\SYSTEM32\pngfilt.dll

- 2008-08-23 07:11:01 14,767,712 ----a-w c:\windows\SYSTEM32\Restore\rstrlog.dat

+ 2009-02-05 19:53:04 94,180 ----a-w c:\windows\SYSTEM32\Restore\rstrlog.dat

- 2008-12-23 00:51:24 185,920 ----a-w c:\windows\SYSTEM32\rmoc3260.dll

+ 2009-02-05 13:54:57 185,920 ----a-w c:\windows\SYSTEM32\rmoc3260.dll

- 2008-06-12 10:27:58 16,928 ------w c:\windows\SYSTEM32\spmsg.dll

+ 2008-10-13 13:55:34 16,928 ------w c:\windows\SYSTEM32\spmsg.dll

- 2008-06-12 10:27:58 26,144 ----a-w c:\windows\SYSTEM32\spupdsvc.exe

+ 2008-10-13 13:55:34 26,144 ----a-w c:\windows\SYSTEM32\spupdsvc.exe

- 2008-08-22 02:07:58 105,984 ----a-w c:\windows\SYSTEM32\url.dll

+ 2009-01-15 02:06:00 105,984 ----a-w c:\windows\SYSTEM32\url.dll

- 2008-08-22 02:08:22 1,206,784 ----a-w c:\windows\SYSTEM32\urlmon.dll

+ 2009-01-15 02:06:48 1,182,720 ----a-w c:\windows\SYSTEM32\urlmon.dll

- 2008-08-22 02:06:36 434,176 ----a-w c:\windows\SYSTEM32\vbscript.dll

+ 2009-01-15 02:03:36 420,352 ----a-w c:\windows\SYSTEM32\vbscript.dll

- 2008-08-22 02:08:08 236,544 ----a-w c:\windows\SYSTEM32\webcheck.dll

+ 2009-01-15 02:06:08 236,544 ----a-w c:\windows\SYSTEM32\webcheck.dll

- 2008-08-22 02:08:22 208,384 ----a-w c:\windows\SYSTEM32\WinFXDocObj.exe

+ 2009-01-15 02:06:22 208,384 ----a-w c:\windows\SYSTEM32\WinFXDocObj.exe

- 2008-06-12 10:28:02 121,856 ----a-w c:\windows\SYSTEM32\xmllite.dll

+ 2008-10-13 13:55:36 121,856 ----a-w c:\windows\SYSTEM32\xmllite.dll

+ 2009-02-06 11:54:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_750.dat

+ 2009-02-06 11:55:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a5c.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-08 98304]

"TrayStartup"="c:\program files\BT Auto Backup\VaultClientTray.exe" [2008-06-03 224376]

"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 455336]

"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-09-18 410280]

"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-09-20 312560]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-05 198160]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-02 91440]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-02 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-29 12:25 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk

backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Check-Up.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk

backup=c:\windows\pss\AOL Broadband Check-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

--a------ 2004-09-23 15:35 78960 c:\progra~1\COMMON~1\AOL\AOLSPY~2\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 04:42 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

--a------ 2004-03-15 00:04 122933 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

--a------ 2003-08-13 09:27 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

--a------ 2007-07-20 02:01 1891416 c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

--a------ 2003-09-03 19:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2003-11-03 12:46 4800512 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

--------- 2003-08-26 18:47 204800 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-02-08 16:45 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2009-02-05 13:54 214536 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 16:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]

--a------ 2007-10-26 14:42 509224 c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\eXplorerZ\\uninstall.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\SYSTEM32\\dldfcoms.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfpswx.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldftime.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfjswx.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfwbgw.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]

R2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldfserv.exe [2007-06-26 98952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-20 99376]

S3 LCcfltr;Logitech USB Filter Driver;c:\windows\SYSTEM32\DRIVERS\LCcfltr.sys [2004-07-09 14156]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2008-12-19 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-02-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-02 c:\windows\Tasks\Norton Security Online - Run Full System Scan - user.job

- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2009-02-06 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-02-06 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2008-08-09 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{3303E956-2A3A-48E0-BE39-2E0EF11A2F44} - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm

IE: &Search

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86a3f0addf48dbbdc4af8019a8b3c8

IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86a3f0addf48dbbdc4af8019a8b3c8

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\c1kp0bmn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Yoog Search

FF - prefs.js: browser.startup.homepage - hxxp://bt.yahoo.com

FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

FF - component: c:\program files\Mozilla Firefox\components\4c6672bf-99bb-7a32-cb7b-45da0d04050a.dll

FF - component: c:\program files\Mozilla Firefox\components\nsadssite.dll

FF - component: c:\program files\Mozilla Firefox\components\nsBrowserCmp.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: google.toolbar.linkdoctor.enabled - false

FF - user.js: browser.search.selectedEngine - Yoog Search

FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

FF - user.js: keyword.enabled - true

FF - user.js: browser.search.defaultenginename - Yoog Search

FF - user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 13:00:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

Completion time: 2009-02-06 13:02:48

ComboFix-quarantined-files.txt 2009-02-06 13:02:45

ComboFix2.txt 2009-01-29 23:35:57

ComboFix3.txt 2009-01-29 21:02:54

ComboFix4.txt 2009-01-28 16:07:23

ComboFix5.txt 2009-02-06 12:41:54

Pre-Run: 49,203,175,424 bytes free

Post-Run: 49,207,164,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

485 --- E O F --- 2009-01-31 04:53:38

log.txt

log.txt

Link to post
Share on other sites

  • Root Admin

STEP 1

Plase locate and delete this file.

c:\windows\SYSTEM32\767cb589-661b-bcb4-fd68-9303425bf4aa.exe

STEP 2

You need to edit your Preferences file for Firefox to fix the Yoog search issue.

See here for further details.

Your Firefox ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\c1kp0bmn.default\

prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

user.js: browser.search.defaultenginename - Yoog Search

user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=

STEP 3

Please run the following tool. Don't forget you MUST be in SAFE MODE in order to run the cleaning process.

Choose options 2 and 3 for cleaning in Safe Mode.

You may want to print the Web page because you won't have Internet access in Safe Mode

Please download and run this tool. Follow the instructions provided on the page

SmitFraudFix

STEP 4

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

hello I have completed everythingyou have asked me to do...

YOOG is still taking preference in the search bar tho.....

Here are the logs......

will check on this tomorrow or sunday

thanks.

Malwarebytes' Anti-Malware 1.33

Database version: 1736

Windows 5.1.2600 Service Pack 3

07/02/2009 03:10:38

mbam-log-2009-02-07 (03-10-38).txt

Scan type: Quick Scan

Objects scanned: 66225

Time elapsed: 21 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

____________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:17:15, on 07/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Dell AIO Printer 948\dldfmon.exe

C:\Program Files\Dell AIO Printer 948\memcard.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldfserv.exe

C:\WINDOWS\system32\dldfcoms.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\sessmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\trend micro\HijackThis\HijackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TrayStartup] C:\Program Files\BT Auto Backup\VaultClientTray.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"

O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?86a3f0addf48dbbdc4af8019a8b3c8

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?86a3f0addf48dbbdc4af8019a8b3c8

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131353467937

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab

O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe

O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SiteAdvisor Service - Silicon Integrated Systems Corporation - (no file)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--

End of file - 11494 bytes

Link to post
Share on other sites

  • Root Admin

To remove the Yoog Search issue, first scan your system with an UP TO DATE version of MBAM and fix any issues found.

    Remove Yoog Search from FireFox
  • Look in your Firefox profile folder for a file with a name like Yoog search.XML and delete it.
  • Typical path is like: C:\Documents and Settings\your name\Application Data\Mozilla\Firefox\Profiles\random name.default
  • On the address bar of Firefox you type: about:config and press the Enter key
  • Click on the "I will be careful, I promise" button.
  • Type in Yoog for the filter and a list of items that have Yoog in them should appear
  • For each entry that has been modified and now has Yoog in it you can RIGHT CLICK and choose RESET
    Unless there is some active infection replacing it, or a new method, then you should no longer have the Yoog Search
    Remove Yoog Search from Internet Explorer
  • For IE6
  • Launch IE and click on the SEARCH button
  • Click the CUSTOMIZE button
  • Click on the RESET button
  • For IE7
  • Click on Tools/Internet Options
  • In the middle under Search section click the Settings button
  • Highlight Yoog and click the Remove button.
    Unless there is some active infection replacing it, or a new method, then you should no longer have the Yoog Search
Link to post
Share on other sites

Hello again....

I have done what you asked.

# Remove Yoog Search from FireFoxLook in your Firefox profile folder for a file with a name like Yoog search.XML and delete it.

# Typical path is like: C:\Documents and Settings\your name\Application Data\Mozilla\Firefox\Profiles\random name.default

# On the address bar of Firefox you type: about:config and press the Enter key

# Click on the "I will be careful, I promise" button.

# Type in Yoog for the filter and a list of items that have Yoog in them should appear

# For each entry that has been modified and now has Yoog in it you can RIGHT CLICK and choose RESET

________________

Then I did this.......

# Remove Yoog Search from Internet ExplorerFor IE6

# Launch IE and click on the SEARCH button

# Click the CUSTOMIZE button

# Click on the RESET button

# For IE7

# Click on Tools/Internet Options

# In the middle under Search section click the Settings button

# Highlight Yoog and click the Remove button.

Had a job finding the search button and CUSTOMIZE but in end opened it

It would let me remove YOOG the option was NOT highlighted to do so all the others were available like YAHOO etc.

YOOG was listed as DEFAULT.

Anyway did EXCACTLY as you asked but its still there???

Now there is an ADSITE poping up and something about REDIRECT LOOP ???

I am getting confused now and being I am not a PC wizard please be specific from now on and give me what to do in IDIOT mode !! Cheers :D

Link to post
Share on other sites

  • Root Admin

Well for one you're running IE8 which is different and BETA - if you're a computer noobie you really should not install Beta software, that's looking for trouble. You will need to uninstall it before you can update to the release version now when it is ready.

Okay try to do this.

From within IE go to Tools/Internet Options/Advanced and click on the RESET button and see if that removes the Yoog search.

Now as long as IE8 hasn't moved that around you should be able to locate it that way.

Then run the following please.

Download to the desktop: Dr.Web CureIt

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
Link to post
Share on other sites

LOL

Not sure what you meant by this.....

"Well for one you're running IE8 which is different and BETA - if you're a computer noobie you really should not install Beta software, that's looking for trouble. You will need to uninstall it before you can update to the release version now when it is ready."

I have't changed anything and would't without proper guidance.

I LISTEN TO MERLIN u you see!!!

LOL

Andyway I am on the case now and doing what you asked....

Back in a mo... :D:D:D:D

Link to post
Share on other sites

Download to the desktop: Dr.Web CureIt

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan

* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

* Once the short scan has finished, Click Options > Change settings

THIS DOES@T HAPPEN

NO RESULTS FOUND.

* Choose the "Scan"-tab, remove the mark at "Heuristic analysis".

it scans and there were NO RESULTS.

Link to post
Share on other sites

Right done all you said again....

Nope its still there!

BUT I COULD BE MISSING SOMETHING!!

Here is Dr "whats his faces" report.....

Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;

_______________________________________

Malwarebytes' Anti-Malware 1.33

Database version: 1736

Windows 5.1.2600 Service Pack 3

07/02/2009 12:00:18

mbam-log-2009-02-07 (12-00-18).txt

Scan type: Quick Scan

Objects scanned: 66553

Time elapsed: 16 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AM STUMPED!

Are you?? :D

Link to post
Share on other sites

OK

While I was out this afternoon I did a FULL SCAN on MBAM,

YOOG is still there :D and as I said earlier,

I have managed to delete it from that area you asked all but one that will not allow me to do it.

Hope this helps, here is the reults....

Malwarebytes' Anti-Malware 1.33

Database version: 1736

Windows 5.1.2600 Service Pack 3

07/02/2009 16:59:44

mbam-log-2009-02-07 (16-59-44).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 190592

Time elapsed: 2 hour(s), 17 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ee29c11-04a1-da11-cf9b-942effe90686} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1ee29c11-04a1-da11-cf9b-942effe90686} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\nso8.dll (Adware.BHO) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Root Admin

Well I don't see why or how you're getting other infected files. Are there other computers connected to yours via a network or are you copying data with a flash drive? Visiting odd sites?

Please open IE and go to Tools/Internet Options/Advanced and click on the RESET button.

Then delete the copy of Combofix.exe on your desktop and download a new fresh copy and run it.

Additional links to download the tool:

ComboFix.exe

ComboFix.exe

ComboFix.exe

Link to post
Share on other sites

Hello again.

I am very careful as to what sites I visit nothing dodgy at all.

Dont use chat sites etc other than BEBO FACEBOOK that kinda thing.

PC not linked to any other PC or component we have an Xbox 360 Live but its NOT connected to the PC.

I have run a full scan now on MBAM and NORTON and the results are 0 no infections.

Its weird yeah?

Gonna have a go now reinstalling COMBO....

Just a question can I get back the IE I had by downloading it again?

This one seems to have a lot saying MSN blah blah blah internet explorer on the top left of page...

Thanks for having patience with me on this one!!

Please keep faith in me!!

Link to post
Share on other sites

Ok ....

dont know if this is any help to you ?

I am using a DELL DIMENSON 8300

I am on SKY BROADBAND but Browsing with BT Mozilla Firefox

I used to be with BT but changed over to SKY 3 months ago.

Here is the COMBO REPORT....

ComboFix 09-02-06.04 - user 2009-02-08 0:05:32.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.969 [GMT 0:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

AV: Norton Security Online *On-access scanning enabled* (Updated)

FW: Norton Security Online *enabled*

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))

.

2009-02-07 13:38 . 2009-02-07 13:38 85,668 --a------ c:\windows\SYSTEM32\767cb589-661b-bcb4-fd68-9303425bf4aa.exe

2009-02-07 12:15 . 2009-02-07 12:15 <DIR> d-------- c:\documents and settings\user\DoctorWeb

2009-02-06 00:56 . 2009-02-06 00:56 54,156 --ah----- c:\windows\QTFont.qfn

2009-02-06 00:56 . 2009-02-06 00:56 1,409 --a------ c:\windows\QTFont.for

2009-02-05 22:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-02-05 22:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-02-05 19:16 . 2009-02-05 22:16 <DIR> d-------- c:\program files\trend micro

2009-02-05 17:16 . 2009-02-05 22:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 04:33 . 2009-01-31 04:33 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes

2009-01-31 04:33 . 2009-01-31 04:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-31 00:31 . 2009-01-31 17:09 <DIR> d-------- c:\program files\VS Revo Group

2009-01-30 23:57 . 2009-01-30 23:57 <DIR> d--hs---- c:\documents and settings\user\IETldCache

2009-01-30 23:47 . 2008-04-14 04:41 81,920 --a------ c:\windows\SYSTEM32\ieencode.dll

2009-01-30 23:44 . 2009-01-11 05:00 79,360 --------- c:\windows\SYSTEM32\DLLCACHE\iecompat.dll

2009-01-25 14:38 . 2009-02-05 19:06 <DIR> d-------- C:\!KillBox

2009-01-25 04:34 . 2009-02-03 00:46 <DIR> d-------- C:\rsit

2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-08 00:03 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-07 01:59 --------- d-----w c:\program files\Google

2009-02-06 12:29 --------- d-----w c:\program files\Power_Karaoke

2009-02-05 13:55 --------- d-----w c:\program files\Common Files\Real

2009-02-05 13:54 --------- d-----w c:\program files\Real

2009-01-29 16:08 44,944 ------w c:\windows\system32\drivers\pxhelp20.sys

2009-01-11 23:25 --------- d-----w c:\program files\Corel

2009-01-11 23:12 2,516 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys

2009-01-10 04:17 --------- d-----w c:\program files\MSN Messenger

2009-01-10 01:13 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-10 01:13 60,808 ----a-w c:\windows\SYSTEM32\S32EVNT1.DLL

2009-01-10 01:13 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-10 01:13 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-10 01:13 --------- d-----w c:\program files\Symantec

2008-12-18 02:33 --------- d-----w c:\program files\Conduit

2008-12-17 11:03 --------- d-----w c:\program files\Common Files\Teleca Shared

2008-12-17 03:35 --------- d-----w c:\program files\Sony Ericsson

2008-12-17 03:35 --------- d-----w c:\documents and settings\user\Application Data\Teleca

2008-12-17 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson

2008-12-14 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-12-13 03:01 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-13 02:59 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software

2008-12-13 02:28 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys

2008-12-09 00:05 --------- d-----w c:\documents and settings\All Users\Application Data\Corel

2008-12-02 18:41 130,208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe

2008-11-10 05:43 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll

2008-10-20 18:05 2,076 ----a-w c:\program files\wixyfeza.txt

2008-10-20 17:26 19,699 ----a-w c:\documents and settings\user\Application Data\nesimah.pif

2008-10-20 17:26 15,787 ----a-w c:\documents and settings\user\Application Data\ukerac.sys

2008-10-20 17:26 15,615 ----a-w c:\documents and settings\All Users\Application Data\huky.scr

2008-10-20 17:26 14,642 ----a-w c:\documents and settings\user\Application Data\gunaf.com

2008-09-08 14:40 61,480 ----a-w c:\documents and settings\user\GoToAssistDownloadHelper.exe

2008-09-01 15:23 61,224 ----a-w c:\documents and settings\All Users\GoToAssistDownloadHelper.exe

2007-11-01 13:35 557,056 ----a-w c:\documents and settings\All Users\GoToAssist_phone__317_en.exe

2006-12-20 16:49 557,056 ----a-w c:\documents and settings\user\GoToAssist_phone__319_en.exe

2006-10-09 19:11 557,056 ----a-w c:\documents and settings\user\chatlnk.exe

2003-08-27 13:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll

2009-01-29 13:40 676,864 ----a-w c:\program files\mozilla firefox\components\4c6672bf-99bb-7a32-cb7b-45da0d04050a.dll

2008-12-30 12:13 655,872 ----a-w c:\program files\mozilla firefox\components\nsadssite.dll

2008-01-18 10:06 278,528 ----a-w c:\program files\mozilla firefox\components\nsBrowserCmp.dll

2008-06-29 23:51 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008063020080701\index.dat

.

((((((((((((((((((((((((((((( SnapShot_2009-02-06_13.01.12.62 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-09-06 16:43:16 213,216 ----a-w c:\windows\ie7\spuninst\spuninst.exe

- 2009-01-15 02:03:32 72,704 ----a-w c:\windows\SYSTEM32\admparse.dll

+ 2007-08-13 18:39:20 71,680 ----a-w c:\windows\SYSTEM32\admparse.dll

- 2009-01-15 02:03:12 128,512 ----a-w c:\windows\SYSTEM32\advpack.dll

+ 2008-06-23 16:57:27 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll

- 2009-01-15 02:04:28 18,944 ----a-w c:\windows\SYSTEM32\corpol.dll

+ 2008-04-14 04:41:52 35,328 ----a-w c:\windows\SYSTEM32\corpol.dll

- 2009-01-15 02:03:32 72,704 ----a-w c:\windows\SYSTEM32\DLLCACHE\admparse.dll

+ 2007-08-13 18:39:20 71,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\admparse.dll

- 2009-01-15 02:03:12 128,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll

+ 2008-06-23 16:57:27 124,928 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll

- 2009-01-15 02:01:22 348,160 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll

+ 2008-06-23 16:57:27 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll

- 2009-01-15 02:01:16 216,064 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll

+ 2008-06-23 16:57:27 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll

- 2009-01-15 01:53:40 68,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll

+ 2007-08-13 18:18:02 60,416 ----a-w c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll

- 2009-01-15 02:01:40 59,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\icardie.dll

+ 2008-06-23 16:57:28 63,488 ----a-w c:\windows\SYSTEM32\DLLCACHE\icardie.dll

- 2009-01-15 02:03:28 172,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

+ 2008-06-23 09:20:25 70,656 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

- 2009-01-15 02:03:42 125,952 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll

+ 2008-06-23 16:57:29 153,088 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll

- 2009-01-15 02:03:50 228,352 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll

+ 2008-06-23 16:57:29 230,400 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll

- 2009-01-15 02:03:20 163,840 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll

+ 2008-06-21 05:23:54 161,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll

- 2008-12-14 17:12:42 3,698,040 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat

+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat

- 2009-01-15 01:35:10 445,440 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll

+ 2008-06-23 16:57:29 383,488 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll

- 2009-01-15 02:17:22 392,040 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll

+ 2008-06-23 16:57:29 384,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll

- 2009-01-15 02:12:12 10,963,968 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

+ 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

- 2009-01-15 02:01:52 183,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

+ 2007-08-13 18:54:10 191,488 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

- 2009-01-15 02:03:14 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll

+ 2008-06-23 16:57:33 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll

- 2009-01-15 02:02:50 1,975,296 ----a-w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll

+ 2008-06-23 16:57:34 267,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll

- 2009-01-15 02:03:18 71,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\iesetup.dll

+ 2007-08-13 18:39:12 55,296 ----a-w c:\windows\SYSTEM32\DLLCACHE\iesetup.dll

- 2009-01-15 02:17:22 636,264 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe

+ 2008-06-23 09:20:52 625,664 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe

- 2009-01-15 02:01:26 34,304 ----a-w c:\windows\SYSTEM32\DLLCACHE\imgutil.dll

+ 2007-08-13 18:36:06 36,352 ----a-w c:\windows\SYSTEM32\DLLCACHE\imgutil.dll

- 2009-01-15 02:03:14 94,720 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll

+ 2007-08-13 18:39:02 92,672 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll

- 2009-01-15 02:03:58 724,992 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll

+ 2008-05-09 10:53:39 512,000 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll

- 2009-01-15 02:04:16 25,600 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

+ 2008-06-23 16:57:35 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

- 2009-01-15 02:05:34 43,008 ----a-w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll

+ 2007-08-13 18:44:18 40,960 ----a-w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll

- 2009-01-15 02:02:40 593,920 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll

+ 2008-06-23 16:57:36 459,264 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll

- 2009-01-15 02:01:40 54,272 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

+ 2008-06-23 16:57:36 52,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

- 2009-01-15 02:00:38 45,568 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshta.exe

+ 2007-08-13 18:32:30 45,568 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshta.exe

- 2009-01-15 02:13:18 5,888,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

+ 2008-06-24 09:57:40 3,592,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

- 2009-01-15 02:01:06 66,560 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll

+ 2008-06-23 16:57:39 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll

- 2009-01-15 02:00:46 48,128 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmler.dll

+ 2007-08-13 18:01:12 48,128 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmler.dll

- 2009-01-15 01:50:38 156,160 ----a-w c:\windows\SYSTEM32\DLLCACHE\msls31.dll

+ 2007-08-13 18:54:10 156,160 ----a-w c:\windows\SYSTEM32\DLLCACHE\msls31.dll

- 2009-01-15 02:05:34 193,536 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll

+ 2008-06-23 16:57:39 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll

- 2009-01-15 02:02:20 611,840 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll

+ 2008-06-23 16:57:40 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll

- 2009-01-15 02:05:34 109,056 ----a-w c:\windows\SYSTEM32\DLLCACHE\occache.dll

+ 2008-06-23 16:57:40 102,912 ----a-w c:\windows\SYSTEM32\DLLCACHE\occache.dll

- 2009-01-15 02:01:18 46,592 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll

+ 2008-06-23 16:57:40 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll

- 2009-01-15 02:06:00 105,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\url.dll

+ 2008-06-23 16:57:40 105,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\url.dll

- 2009-01-15 02:06:48 1,182,720 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

+ 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

- 2009-01-15 02:03:36 420,352 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll

+ 2008-05-09 10:53:40 430,080 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll

- 2009-01-15 02:04:56 755,200 ----a-w c:\windows\SYSTEM32\DLLCACHE\VGX.dll

+ 2007-07-12 23:31:54 765,952 ----a-w c:\windows\SYSTEM32\DLLCACHE\vgx.dll

- 2009-01-15 02:06:08 236,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll

+ 2008-06-23 16:57:41 233,472 ----a-w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll

- 2009-01-15 02:05:42 911,872 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll

+ 2008-06-23 16:57:41 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll

- 2009-01-15 02:01:22 348,160 ----a-w c:\windows\SYSTEM32\dxtmsft.dll

+ 2008-06-23 16:57:27 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll

- 2009-01-15 02:01:16 216,064 ----a-w c:\windows\SYSTEM32\dxtrans.dll

+ 2008-06-23 16:57:27 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll

- 2009-01-15 02:01:40 59,904 ----a-w c:\windows\SYSTEM32\icardie.dll

+ 2008-06-23 16:57:28 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll

- 2009-01-15 02:03:28 172,544 ----a-w c:\windows\SYSTEM32\ie4uinit.exe

+ 2008-06-23 09:20:25 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe

- 2009-01-15 02:03:42 125,952 ----a-w c:\windows\SYSTEM32\ieakeng.dll

+ 2008-06-23 16:57:29 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll

- 2009-01-15 02:03:50 228,352 ----a-w c:\windows\SYSTEM32\ieaksie.dll

+ 2008-06-23 16:57:29 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll

- 2009-01-15 02:03:20 163,840 ----a-w c:\windows\SYSTEM32\ieakui.dll

+ 2008-06-21 05:23:54 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll

- 2008-12-14 17:12:42 3,698,040 ----a-w c:\windows\SYSTEM32\ieapfltr.dat

+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dat

- 2009-01-15 01:35:10 445,440 ----a-w c:\windows\SYSTEM32\ieapfltr.dll

+ 2008-06-23 16:57:29 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll

- 2009-01-15 02:17:22 392,040 ----a-w c:\windows\SYSTEM32\iedkcs32.dll

+ 2008-06-23 16:57:29 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll

- 2009-01-15 02:12:12 10,963,968 ----a-w c:\windows\SYSTEM32\ieframe.dll

+ 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll

- 2009-01-15 02:01:52 183,808 ----a-w c:\windows\SYSTEM32\iepeers.dll

+ 2007-08-13 18:54:10 191,488 ----a-w c:\windows\SYSTEM32\iepeers.dll

- 2009-01-15 02:03:14 55,808 ----a-w c:\windows\SYSTEM32\iernonce.dll

+ 2008-06-23 16:57:33 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll

- 2009-01-15 02:02:50 1,975,296 ----a-w c:\windows\SYSTEM32\iertutil.dll

+ 2008-06-23 16:57:34 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll

- 2009-01-15 02:03:18 71,680 ----a-w c:\windows\SYSTEM32\iesetup.dll

+ 2007-08-13 18:39:12 55,296 ----a-w c:\windows\SYSTEM32\iesetup.dll

- 2009-01-15 01:50:50 164,352 ----a-w c:\windows\SYSTEM32\ieui.dll

+ 2007-08-13 18:54:10 180,736 ----a-w c:\windows\SYSTEM32\ieui.dll

- 2009-01-15 02:01:26 34,304 ----a-w c:\windows\SYSTEM32\imgutil.dll

+ 2007-08-13 18:36:06 36,352 ----a-w c:\windows\SYSTEM32\imgutil.dll

- 2009-01-15 02:03:14 94,720 ----a-w c:\windows\SYSTEM32\inseng.dll

+ 2007-08-13 18:39:02 92,672 ----a-w c:\windows\SYSTEM32\inseng.dll

- 2009-01-15 02:03:58 724,992 ----a-w c:\windows\SYSTEM32\jscript.dll

+ 2008-05-09 10:53:39 512,000 ----a-w c:\windows\SYSTEM32\jscript.dll

- 2009-01-15 02:04:16 25,600 ----a-w c:\windows\SYSTEM32\jsproxy.dll

+ 2008-06-23 16:57:35 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll

- 2009-01-15 02:05:34 43,008 ----a-w c:\windows\SYSTEM32\licmgr10.dll

+ 2007-08-13 18:44:18 40,960 ----a-w c:\windows\SYSTEM32\licmgr10.dll

- 2009-01-15 02:02:40 593,920 ----a-w c:\windows\SYSTEM32\msfeeds.dll

+ 2008-06-23 16:57:36 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll

- 2009-01-15 02:01:40 54,272 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll

+ 2008-06-23 16:57:36 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll

- 2009-01-15 02:01:42 13,312 ----a-w c:\windows\SYSTEM32\msfeedssync.exe

+ 2007-08-13 18:36:40 12,288 ----a-w c:\windows\SYSTEM32\msfeedssync.exe

- 2009-01-15 02:00:38 45,568 ----a-w c:\windows\SYSTEM32\mshta.exe

+ 2007-08-13 18:32:30 45,568 ----a-w c:\windows\SYSTEM32\mshta.exe

- 2009-01-15 02:13:18 5,888,512 ----a-w c:\windows\SYSTEM32\mshtml.dll

+ 2008-06-24 09:57:40 3,592,192 ----a-w c:\windows\SYSTEM32\mshtml.dll

- 2009-01-15 02:01:06 66,560 ----a-w c:\windows\SYSTEM32\mshtmled.dll

+ 2008-06-23 16:57:39 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll

- 2009-01-15 02:00:46 48,128 ----a-w c:\windows\SYSTEM32\mshtmler.dll

+ 2007-08-13 18:01:12 48,128 ----a-w c:\windows\SYSTEM32\mshtmler.dll

- 2009-01-15 01:50:38 156,160 ----a-w c:\windows\SYSTEM32\msls31.dll

+ 2007-08-13 18:54:10 156,160 ----a-w c:\windows\SYSTEM32\msls31.dll

- 2009-01-15 02:05:34 193,536 ----a-w c:\windows\SYSTEM32\msrating.dll

+ 2008-06-23 16:57:39 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll

- 2009-01-15 02:02:20 611,840 ----a-w c:\windows\SYSTEM32\mstime.dll

+ 2008-06-23 16:57:40 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll

- 2009-01-15 02:05:34 109,056 ----a-w c:\windows\SYSTEM32\occache.dll

+ 2008-06-23 16:57:40 102,912 ----a-w c:\windows\SYSTEM32\occache.dll

- 2009-01-15 02:01:18 46,592 ----a-w c:\windows\SYSTEM32\pngfilt.dll

+ 2008-06-23 16:57:40 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll

+ 2006-01-09 09:36:06 40,960 ----a-w c:\windows\SYSTEM32\swsc.exe

- 2009-01-15 02:06:00 105,984 ----a-w c:\windows\SYSTEM32\url.dll

+ 2008-06-23 16:57:40 105,984 ----a-w c:\windows\SYSTEM32\url.dll

- 2009-01-15 02:06:48 1,182,720 ----a-w c:\windows\SYSTEM32\urlmon.dll

+ 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\SYSTEM32\urlmon.dll

- 2009-01-15 02:03:36 420,352 ----a-w c:\windows\SYSTEM32\vbscript.dll

+ 2008-05-09 10:53:40 430,080 ----a-w c:\windows\SYSTEM32\vbscript.dll

- 2009-01-15 02:06:08 236,544 ----a-w c:\windows\SYSTEM32\webcheck.dll

+ 2008-06-23 16:57:41 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll

- 2009-01-15 02:06:22 208,384 ----a-w c:\windows\SYSTEM32\WinFXDocObj.exe

+ 2007-08-13 18:45:16 206,336 ----a-w c:\windows\SYSTEM32\winfxdocobj.exe

- 2009-01-15 02:05:42 911,872 ----a-w c:\windows\SYSTEM32\wininet.dll

+ 2008-06-23 16:57:41 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll

+ 2009-02-07 23:27:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4a8.dat

+ 2009-02-07 23:28:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_928.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-08 98304]

"TrayStartup"="c:\program files\BT Auto Backup\VaultClientTray.exe" [2008-06-03 224376]

"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 455336]

"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-09-18 410280]

"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-09-20 312560]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-05 198160]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-02 91440]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-02 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-29 12:25 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk

backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Check-Up.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk

backup=c:\windows\pss\AOL Broadband Check-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

--a------ 2004-09-23 15:35 78960 c:\progra~1\COMMON~1\AOL\AOLSPY~2\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 04:42 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

--a------ 2004-03-15 00:04 122933 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

--a------ 2003-08-13 09:27 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

--a------ 2007-07-20 02:01 1891416 c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

--a------ 2003-09-03 19:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2003-11-03 12:46 4800512 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

--------- 2003-08-26 18:47 204800 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-02-08 16:45 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2009-02-05 13:54 214536 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 16:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]

--a------ 2007-10-26 14:42 509224 c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\eXplorerZ\\uninstall.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\SYSTEM32\\dldfcoms.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfpswx.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldftime.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfjswx.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfwbgw.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]

R2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldfserv.exe [2007-06-26 98952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-20 99376]

S3 LCcfltr;Logitech USB Filter Driver;c:\windows\SYSTEM32\DRIVERS\LCcfltr.sys [2004-07-09 14156]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

2008-12-19 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-02-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-02 c:\windows\Tasks\Norton Security Online - Run Full System Scan - user.job

- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2008-08-09 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []

.

.

------- Supplementary Scan -------

.

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\c1kp0bmn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=

FF - prefs.js: browser.startup.homepage - hxxp://bt.yahoo.com

FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

FF - component: c:\program files\Mozilla Firefox\components\4c6672bf-99bb-7a32-cb7b-45da0d04050a.dll

FF - component: c:\program files\Mozilla Firefox\components\nsadssite.dll

FF - component: c:\program files\Mozilla Firefox\components\nsBrowserCmp.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Yoog Search

FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

FF - user.js: keyword.enabled - true

FF - user.js: browser.search.defaultenginename - Yoog Search

FF - user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-08 00:07:47

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

Completion time: 2009-02-08 0:10:08

ComboFix-quarantined-files.txt 2009-02-08 00:10:05

ComboFix2.txt 2009-02-06 13:02:49

ComboFix3.txt 2009-01-29 23:35:57

ComboFix4.txt 2009-01-29 21:02:54

ComboFix5.txt 2009-02-08 00:02:21

Pre-Run: 49,009,590,272 bytes free

Post-Run: 48,991,477,760 bytes free

457 --- E O F --- 2009-02-07 13:06:56

Link to post
Share on other sites

  • Root Admin

What is in this folder?

c:\documents and settings\user\IETldCache

STEP 1

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::

File::
c:\documents and settings\All Users\Application Data\huky.scr
c:\documents and settings\user\Application Data\gunaf.com
c:\documents and settings\user\Application Data\nesimah.pif
c:\program files\Common Files\SM1updtr.dll
c:\program files\mozilla firefox\components\4c6672bf-99bb-7a32-cb7b-45da0d04050a.dll
c:\program files\mozilla firefox\components\nsadssite.dll
c:\program files\Mozilla Firefox\components\nsBrowserCmp.dll
c:\program files\wixyfeza.txt
c:\progra~1\Yahoo!\YOP\yop.exe
c:\windows\bwUnin-8.1.1.87-8876480SL.exe
c:\windows\QTFont.for
c:\windows\QTFont.qfn
c:\windows\SYSTEM32\767cb589-661b-bcb4-fd68-9303425bf4aa.exe

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

STEP 2

In IE go to Tools/Internet Options/Advanced and click on the RESET button.

STEP 3

To remove the Yoog Search issue.

    Remove Yoog Search from FireFox
  • Look in your Firefox profile folder for a file with a name like Yoog search.XML and delete it.
  • Typical path is like: C:\Documents and Settings\your name\Application Data\Mozilla\Firefox\Profiles\random name.default
  • On the address bar of Firefox you type: about:config and press the Enter key
  • Click on the "I will be careful, I promise" button.
  • Type in Yoog for the filter and a list of items that have Yoog in them should appear
  • For each entry that has been modified and now has Yoog in it you can RIGHT CLICK and choose RESET
    Unless there is some active infection replacing it, or a new method, then you should no longer have the Yoog Search

STEP 4

    Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup216.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

STEP 5

Post back the Combofix log and let me know how the computer is running and if you're still having the Yoog Search issue or not.

Link to post
Share on other sites

Hello again...

Right I have done it all and at the moment YOOG is NOT in the saerch bar !!

BUT I HAVE NOT REBOOTED PC usually comes back when I do!!

Here is the COMBO file......

ComboFix 09-02-06.04 - user 2009-02-08 10:55:36.7 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.931 [GMT 0:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\user\Desktop\CFscript.txt

AV: Norton Security Online *On-access scanning disabled* (Updated)

FW: Norton Security Online *disabled*

* Created a new restore point

FILE ::

c:\documents and settings\All Users\Application Data\huky.scr

c:\documents and settings\user\Application Data\gunaf.com

c:\documents and settings\user\Application Data\nesimah.pif

c:\progra~1\Yahoo!\YOP\yop.exe

c:\program files\Common Files\SM1updtr.dll

c:\program files\mozilla firefox\components\4c6672bf-99bb-7a32-cb7b-45da0d04050a.dll

c:\program files\mozilla firefox\components\nsadssite.dll

c:\program files\Mozilla Firefox\components\nsBrowserCmp.dll

c:\program files\wixyfeza.txt

c:\windows\bwUnin-8.1.1.87-8876480SL.exe

c:\windows\QTFont.for

c:\windows\QTFont.qfn

c:\windows\SYSTEM32\767cb589-661b-bcb4-fd68-9303425bf4aa.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\huky.scr

c:\documents and settings\user\Application Data\gunaf.com

c:\documents and settings\user\Application Data\nesimah.pif

c:\documents and settings\user\Application Data\urlredir.cfg

c:\progra~1\Yahoo!\YOP\yop.exe

c:\program files\Common Files\SM1updtr.dll

c:\program files\mozilla firefox\components\4c6672bf-99bb-7a32-cb7b-45da0d04050a.dll

c:\program files\mozilla firefox\components\nsadssite.dll

c:\program files\Mozilla Firefox\components\nsBrowserCmp.dll

c:\program files\wixyfeza.txt

c:\windows\bwUnin-8.1.1.87-8876480SL.exe

c:\windows\QTFont.for

c:\windows\QTFont.qfn

c:\windows\SYSTEM32\767cb589-661b-bcb4-fd68-9303425bf4aa.exe

.

((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))

.

2009-02-07 12:15 . 2009-02-07 12:15 <DIR> d-------- c:\documents and settings\user\DoctorWeb

2009-02-05 22:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-02-05 22:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-02-05 19:16 . 2009-02-05 22:16 <DIR> d-------- c:\program files\trend micro

2009-02-05 17:16 . 2009-02-05 22:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 04:33 . 2009-01-31 04:33 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes

2009-01-31 04:33 . 2009-01-31 04:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-31 00:31 . 2009-01-31 17:09 <DIR> d-------- c:\program files\VS Revo Group

2009-01-30 23:57 . 2009-01-30 23:57 <DIR> d--hs---- c:\documents and settings\user\IETldCache

2009-01-30 23:47 . 2008-04-14 04:41 81,920 --a------ c:\windows\SYSTEM32\ieencode.dll

2009-01-30 23:44 . 2009-01-11 05:00 79,360 --------- c:\windows\SYSTEM32\DLLCACHE\iecompat.dll

2009-01-25 14:38 . 2009-02-05 19:06 <DIR> d-------- C:\!KillBox

2009-01-25 04:34 . 2009-02-03 00:46 <DIR> d-------- C:\rsit

2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-08 11:01 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-07 01:59 --------- d-----w c:\program files\Google

2009-02-06 12:29 --------- d-----w c:\program files\Power_Karaoke

2009-02-05 13:55 --------- d-----w c:\program files\Common Files\Real

2009-02-05 13:54 --------- d-----w c:\program files\Real

2009-01-29 16:08 44,944 ------w c:\windows\system32\drivers\pxhelp20.sys

2009-01-11 23:25 --------- d-----w c:\program files\Corel

2009-01-10 04:17 --------- d-----w c:\program files\MSN Messenger

2009-01-10 01:13 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-10 01:13 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-10 01:13 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-10 01:13 --------- d-----w c:\program files\Symantec

2008-12-18 02:33 --------- d-----w c:\program files\Conduit

2008-12-17 11:03 --------- d-----w c:\program files\Common Files\Teleca Shared

2008-12-17 03:35 --------- d-----w c:\program files\Sony Ericsson

2008-12-17 03:35 --------- d-----w c:\documents and settings\user\Application Data\Teleca

2008-12-17 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson

2008-12-14 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-12-13 03:01 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-13 02:59 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software

2008-12-13 02:28 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-09 00:05 --------- d-----w c:\documents and settings\All Users\Application Data\Corel

2008-10-20 17:26 15,787 ----a-w c:\documents and settings\user\Application Data\ukerac.sys

2008-09-08 14:40 61,480 ----a-w c:\documents and settings\user\GoToAssistDownloadHelper.exe

2008-09-01 15:23 61,224 ----a-w c:\documents and settings\All Users\GoToAssistDownloadHelper.exe

2007-11-01 13:35 557,056 ----a-w c:\documents and settings\All Users\GoToAssist_phone__317_en.exe

2006-12-20 16:49 557,056 ----a-w c:\documents and settings\user\GoToAssist_phone__319_en.exe

2006-10-09 19:11 557,056 ----a-w c:\documents and settings\user\chatlnk.exe

2008-06-29 23:51 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008063020080701\index.dat

.

((((((((((((((((((((((((((((( SnapShot_2009-02-08_ 0.08.39.62 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-15 06:04:15 86,090 ----a-w c:\windows\SYSTEM32\PERFC009.DAT

+ 2009-02-08 10:30:57 87,360 ----a-w c:\windows\SYSTEM32\PERFC009.DAT

- 2008-12-15 06:04:15 498,790 ----a-w c:\windows\SYSTEM32\PERFH009.DAT

+ 2009-02-08 10:30:57 501,300 ----a-w c:\windows\SYSTEM32\PERFH009.DAT

+ 2009-02-08 11:00:22 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4b0.dat

+ 2009-02-08 11:00:46 16,384 ----atw c:\windows\temp\Perflib_Perfdata_a30.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-08 98304]

"TrayStartup"="c:\program files\BT Auto Backup\VaultClientTray.exe" [2008-06-03 224376]

"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 455336]

"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-09-18 410280]

"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-09-20 312560]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-05 198160]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-02 91440]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-02 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-29 12:25 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk

backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Check-Up.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk

backup=c:\windows\pss\AOL Broadband Check-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

--a------ 2004-09-23 15:35 78960 c:\progra~1\COMMON~1\AOL\AOLSPY~2\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 04:42 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

--a------ 2004-03-15 00:04 122933 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

--a------ 2003-08-13 09:27 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

--a------ 2007-07-20 02:01 1891416 c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

--a------ 2003-09-03 19:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2003-11-03 12:46 4800512 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

--------- 2003-08-26 18:47 204800 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-02-08 16:45 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2009-02-05 13:54 214536 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 16:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\eXplorerZ\\uninstall.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\SYSTEM32\\dldfcoms.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfpswx.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldftime.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfjswx.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=

"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldfwbgw.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]

R2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldfserv.exe [2007-06-26 98952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-20 99376]

S3 LCcfltr;Logitech USB Filter Driver;c:\windows\SYSTEM32\DRIVERS\LCcfltr.sys [2004-07-09 14156]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

2008-12-19 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-02-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-02 c:\windows\Tasks\Norton Security Online - Run Full System Scan - user.job

- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2008-08-09 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe

.

------- Supplementary Scan -------

.

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\c1kp0bmn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Yoog Search

FF - prefs.js: browser.startup.homepage - hxxp://bt.yahoo.com

FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Yoog Search

FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

FF - user.js: keyword.enabled - true

FF - user.js: browser.search.defaultenginename - Yoog Search

FF - user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-08 11:01:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\SYSTEM32\dldfcoms.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\SYSTEM32\nvsvc32.exe

c:\windows\SYSTEM32\PSIService.exe

c:\windows\SYSTEM32\TCPSVCS.EXE

c:\windows\SYSTEM32\snmp.exe

c:\progra~1\Yahoo!\browser\ycommon.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

c:\windows\SYSTEM32\sessmgr.exe

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

c:\program files\Symantec\LiveUpdate\AUPDATE.EXE

c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe

c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe

c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe

c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe

c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe

.

**************************************************************************

.

Completion time: 2009-02-08 11:09:07 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-08 11:09:03

ComboFix2.txt 2009-02-08 00:10:09

ComboFix3.txt 2009-02-06 13:02:49

ComboFix4.txt 2009-01-29 23:35:57

ComboFix5.txt 2009-02-08 10:54:49

Pre-Run: 48,885,211,136 bytes free

Post-Run: 48,881,774,592 bytes free

316 --- E O F --- 2009-02-07 13:06:56

Link to post
Share on other sites

  • Root Admin

The old log still shows you have Yoog set in Firefox.

Did you run the removal procedures for Firefox?

    Remove Yoog Search from FireFox
  • Look in your Firefox profile folder for a file with a name like Yoog search.XML and delete it.
  • Typical path is like: C:\Documents and Settings\your name\Application Data\Mozilla\Firefox\Profiles\random name.default
  • On the address bar of Firefox you type: about:config and press the Enter key
  • Click on the "I will be careful, I promise" button.
  • Type in Yoog for the filter and a list of items that have Yoog in them should appear
  • For each entry that has been modified and now has Yoog in it you can RIGHT CLICK and choose RESET
    Unless there is some active infection replacing it, or a new method, then you should no longer have the Yoog Search

Please delete the CFScript.txt file and then delete your copy of Combofix.exe once more and download a NEW copy and run it again.

Additional links to download the tool:

ComboFix.exe

ComboFix.exe

ComboFix.exe

Link to post
Share on other sites

I have checked this and when I type in YOOG there is NOTHING coming up???

I thought that meant it had gone??

and when I boot up the PC its not in the firefox search bar anymore??

NOTHING APPEARS when I do this...

* On the address bar of Firefox you type: about:config and press the Enter key

* Click on the "I will be careful, I promise" button.

* Type in Yoog for the filter and a list of items that have Yoog in them should appear

* For each entry that has been modified and now has Yoog in it you can RIGHT CLICK and choose RESET

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.