Jump to content

Malwarebytes will not scan, Hijack this log attached


rundbay
 Share

Recommended Posts

I picked up the Spyware Protect 2009 infection. I could not install Malwarebytes so attempted to remove manually. Found numerous files to delete and am no longer getting popups but continue to have problems. I was able to install Malwarebytes after renaming the install file, but it still won't scan. Used the same trick to install Hijack this and it did run a log. Thanks for any help

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:02:54 PM, on 2/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Sony\Giga Pocket\shwserv.exe

C:\Program Files\iWin Games\iWinGamesInstaller.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\sony\usbsircs\usbsircs.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Sony\Giga Pocket\RM_SV.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.legendent.com/cgi-bin/bugreport...+18:16:21%0D%0A

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js)

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: {3f170567-9b5a-95c8-d464-b596fcae3216} - {6123eacf-695b-464d-8c59-a5b9765071f3} - C:\WINDOWS\system32\tcgyjc.dll (file missing)

O2 - BHO: (no name) - {6619893F-294E-4038-91D7-30475767EFB2} - (no file)

O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Windows SysNotify] C:\WINDOWS\system32\mssecc.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"

O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\David\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Remocon Driver.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028MHUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab

O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab

O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab

O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab

O20 - AppInit_DLLs: imeutijb.dll phbicsey.dll qbqqvi.dll tcgyjc.dll

O20 - Winlogon Notify: iiffGYss - iiffGYss.dll (file missing)

O20 - Winlogon Notify: urqQghgE - urqQghgE.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe

O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O24 - Desktop Component 0: (no name) - http://www.nabou.com/sublinks/pokemon/playing_cards/105.jpg

O24 - Desktop Component 1: (no name) - http://content.ytmnd.com/content/d/d/a/dda...388906322cb.gif

--

End of file - 17880 bytes

Link to post
Share on other sites

  • Root Admin

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

Here are the logs, ComboFix did not ask to install the recovery console, just went right to scanning...Thanks

ComboFix 09-02-12.03 - David 2009-02-12 19:37:22.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.218 [GMT -8:00]

Running from: c:\documents and settings\David\Desktop\2combofix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated)

FW: McAfee Personal Firewall *enabled*

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\David\Application Data\.#

c:\documents and settings\David\Application Data\.#\MBX@E70@B34180.###

c:\documents and settings\David\Application Data\.#\MBX@E70@B341B0.###

c:\documents and settings\David\Application Data\.#\MBX@E70@B341E0.###

c:\documents and settings\David\Application Data\FunWebProducts

c:\documents and settings\David\Application Data\FunWebProducts\Data\David\avatar.dat

c:\documents and settings\David\Application Data\gadcom

c:\documents and settings\David\Local Settings\Temporary Internet Files\fbk.sts

c:\program files\FunWebProducts

c:\program files\FunWebProducts\ScreenSaver\Images\019CF8F2.urr

c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html

c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

c:\program files\Internet Explorer\msimg32.dll

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL

c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL

c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL

c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV

c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL

c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL

c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL

c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S

c:\program files\MyWebSearch\bar\Cache\165F1906

c:\program files\MyWebSearch\bar\Cache\165F1B67

c:\program files\MyWebSearch\bar\Cache\165F1C13.bin

c:\program files\MyWebSearch\bar\Cache\165F1D2C.bin

c:\program files\MyWebSearch\bar\Cache\165F1E07.bin

c:\program files\MyWebSearch\bar\Cache\165F1F7E.bin

c:\program files\MyWebSearch\bar\Cache\165F2088.bin

c:\program files\MyWebSearch\bar\Cache\23944921.bin

c:\program files\MyWebSearch\bar\Cache\2394574A.bin

c:\program files\MyWebSearch\bar\Cache\23945844.bin

c:\program files\MyWebSearch\bar\Cache\2394594E.bin

c:\program files\MyWebSearch\bar\Cache\files.ini

c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S

c:\program files\MyWebSearch\bar\Game\CHESS.F3S

c:\program files\MyWebSearch\bar\Game\REVERSI.F3S

c:\program files\MyWebSearch\bar\History\search2

c:\program files\MyWebSearch\bar\icons\CM.ICO

c:\program files\MyWebSearch\bar\icons\MFC.ICO

c:\program files\MyWebSearch\bar\icons\PSS.ICO

c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

c:\program files\MyWebSearch\bar\icons\WB.ICO

c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO

c:\program files\MyWebSearch\bar\Message\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\DOG.F3S

c:\program files\MyWebSearch\bar\Notifier\FISH.F3S

c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\program files\MyWebSearch\bar\Notifier\MAID.F3S

c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S

c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S

c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

c:\windows\BM57c5e42d.txt

c:\windows\BM57c5e42d.xml

c:\windows\cookies.ini

c:\windows\pskt.ini

c:\windows\setup.exe

c:\windows\system32\adhrtmmh.ini

c:\windows\system32\deNnnUtv.ini

c:\windows\system32\deNnnUtv.ini2

c:\windows\system32\drivers\UACktivklrr.sys

c:\windows\system32\ehnfelhw.ini

c:\windows\system32\f3PSSavr.scr

c:\windows\system32\hwtrbhbm.ini

c:\windows\system32\kmmqbsse.ini

c:\windows\system32\KmUBKRqr.ini

c:\windows\system32\KmUBKRqr.ini2

c:\windows\system32\ktxmpdge.ini

c:\windows\system32\lgrjfjbw.ini

c:\windows\system32\mcrh.tmp

c:\windows\system32\mxbyvuxt.ini

c:\windows\system32\oxslppkr.ini

c:\windows\system32\twain32

c:\windows\system32\twain32\local.ds

c:\windows\system32\twain32\user.ds

c:\windows\system32\twain32\user.ds.lll

c:\windows\system32\UACfmynsxwk.log

c:\windows\system32\UACkqrnbjnq.dll

c:\windows\system32\UACmqlhhmlt.log

c:\windows\system32\UACpbdktuir.dll

c:\windows\system32\UACpuipsxkl.dat

c:\windows\system32\UACvwipptaq.dll

c:\windows\system32\UACwmowijbo.dll

c:\windows\system32\UACyltowkgo.log

c:\windows\system32\uqajaryd.ini

c:\windows\system32\useycood.ini

c:\windows\system32\wpv151233967690.cpx

c:\windows\system32\xubrtxsd.ini

c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://childhe.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_IWINGAMESINSTALLER

-------\Service_iWinGamesInstaller

((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))

.

2009-02-12 19:19 . 2009-02-12 19:53 54,156 --ah----- c:\windows\QTFont.qfn

2009-02-12 19:19 . 2009-02-12 19:19 1,409 --a------ c:\windows\QTFont.for

2009-02-11 20:02 . 2009-02-11 20:02 <DIR> d-------- c:\program files\Trend Micro

2009-02-08 17:23 . 2009-02-12 15:33 5,541 --a------ c:\windows\system32\uacinit.dll

2009-02-02 19:17 . 2009-02-02 19:17 <DIR> d-------- c:\program files\Common Files\SWF Studio

2009-01-16 21:36 . 2009-01-16 21:36 <DIR> d-------- c:\documents and settings\David\Application Data\Boomzap

2009-01-16 19:57 . 2009-01-16 19:57 <DIR> d-------- c:\documents and settings\David\Application Data\World-LooM

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-13 03:55 --------- d-----w c:\documents and settings\David\Application Data\OpenOffice.org2

2009-02-10 23:29 --------- d-----w c:\documents and settings\David\Application Data\ComcastToolbar

2009-02-04 04:49 --------- d-----w c:\program files\Warcraft III

2009-02-03 05:16 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-03 03:17 --------- d-----w c:\documents and settings\David\Application Data\PlayFirst

2009-02-03 03:17 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst

2009-02-03 03:15 --------- d-----w c:\program files\PlayFirst

2009-01-29 02:42 --------- d-----w c:\program files\World of Warcraft

2009-01-26 21:11 --------- d-----w c:\documents and settings\David\Application Data\AdobeUM

2009-01-14 04:50 --------- d-----w c:\program files\Google

2009-01-10 01:37 --------- d-----w c:\documents and settings\David\Application Data\Playrix Entertainment

2009-01-10 01:36 --------- d-----w c:\program files\Playrix Entertainment

2009-01-02 22:37 --------- d-----w c:\program files\Chill

2009-01-02 22:19 --------- d-----w c:\program files\iWin.com

2009-01-02 01:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-02 01:48 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache

2009-01-01 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse

2008-12-29 15:01 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\COMCASTTOOLBAR

2008-12-23 07:14 --------- d-----w c:\program files\Sallys Spa

2008-12-23 07:13 --------- d-----w c:\program files\Alawar

2008-12-23 06:35 --------- d-----w c:\documents and settings\David\Application Data\iWin

2008-12-23 06:35 --------- d-----w c:\documents and settings\All Users\Application Data\iWin

2008-12-23 06:05 --------- d-----w c:\documents and settings\David\Application Data\GameInvest

2008-12-21 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\NevoSoft Games

2008-12-17 05:00 --------- d-----w c:\program files\Project64 1.6

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}"= "c:\program files\AOL\AOL Toolbar 4.0\aoltb.dll" [2006-11-13 968240]

[HKEY_CLASSES_ROOT\clsid\{ea756889-2338-43db-8f07-d1ca6fb9c90d}]

[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{371A6A18-2D6A-4DF8-A4AA-61CA349B3C70}]

[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

2008-09-09 08:35 78848 --a------ c:\progra~1\IWINGA~1\IWINGA~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]

"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-06 26112]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"EPSON Stylus CX5200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-06-30 74752]

"HostManager"="c:\program files\Common Files\AOL\1152497802\ee\AOLSoftware.exe" [2006-09-25 50736]

"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\David\Start Menu\Programs\Startup\

OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-02 57344]

Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-08-16 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\SV_Httpd.exe"=

"c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\UPnPFramework.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=

"c:\\Program Files\\Pariah Multiplayer Demo\\System\\Pariah.exe"=

"c:\\Program Files\\Quake III Arena\\quake3.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Diablo II\\Diablo II.exe"=

"c:\\Program Files\\iWin Games\\iWinGames.exe"=

"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:UDP"= 6112:UDP:Warcraft

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-08-16 86098]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]

.

Contents of the 'Scheduled Tasks' folder

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-02-13 c:\windows\Tasks\jmyesjxs.job

- c:\windows\system32\nnnkkjhi.dll []

2009-01-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-02-02 c:\windows\Tasks\Uniblue SpyEraser Nag.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2008-12-09 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

.

- - - - ORPHANS REMOVED - - - -

BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

BHO-{6123eacf-695b-464d-8c59-a5b9765071f3} - c:\windows\system32\tcgyjc.dll

BHO-{6619893F-294E-4038-91D7-30475767EFB2} - (no file)

Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL

WebBrowser-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL

HKCU-Run-prunnet - c:\windows\system32\prunnet.exe

HKLM-Run-Windows SysNotify - c:\windows\system32\mssecc.exe

HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

Notify-iiffGYss - iiffGYss.dll

Notify-urqQghgE - urqQghgE.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www6.comcast.net/a/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.comcast.net

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = hxxp://www.legendent.com/cgi-bin/bugreport.cgi?version=829&error=Can't+find+'ini:Engine.Engine.GameEngine'+in+configuration+file%0D%0A%0D%0AHistory:+UObject::SafeLoadError+<-+UObject::StaticLoadClass+<-+InitEngine%0D%0A%0D%0ABuild:+Jan++7+2003+18:16:21%0D%0A

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028MHUS

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: turbotax.com

DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} - hxxp://download.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab

DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} - hxxp://download.playfirst.com/play/game/tastyplanet/tastyplanet.1.0.0.4.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab

DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab

DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://download.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.10.cab

DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-12 19:57:59

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\LastGood

c:\windows\system32\wuapi.dll.wusetup.431656.bak 549720 bytes executable

c:\windows\system32\wuauclt.exe.wusetup.433687.bak 53080 bytes executable

c:\windows\system32\wuaueng.dll.wusetup.437328.bak 1712984 bytes executable

scan completed successfully

hidden files: 4

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe

c:\program files\Sony\Giga Pocket\shwserv.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\Common Files\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\windows\system32\UAService7.exe

c:\windows\wanmpsvc.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\program files\OpenOffice.org 2.1\program\soffice.exe

c:\program files\OpenOffice.org 2.1\program\soffice.bin

c:\program files\Sony\Giga Pocket\RM_SV.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\progra~1\McAfee\MSC\mcuimgr.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2009-02-12 20:08:35 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-13 04:08:31

Pre-Run: 68,510,150,656 bytes free

Post-Run: 68,906,532,864 bytes free

356 --- E O F --- 2008-06-21 10:01:43

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:09:51 PM, on 2/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Sony\Giga Pocket\shwserv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\WINDOWS\wanmpsvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\sony\usbsircs\usbsircs.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\Sony\Giga Pocket\RM_SV.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.legendent.com/cgi-bin/bugreport...+18:16:21%0D%0A

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Remocon Driver.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028MHUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab

O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab

O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab

O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe

O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O24 - Desktop Component 0: (no name) - http://www.nabou.com/sublinks/pokemon/playing_cards/105.jpg

O24 - Desktop Component 1: (no name) - http://content.ytmnd.com/content/d/d/a/dda...388906322cb.gif

--

End of file - 15533 bytes

Link to post
Share on other sites

  • Root Admin

Are you sure you want this iWin game stuff on your computer?

Additionally, iWin provides a host of rich and effective marketing solutions for partners. We believe advertising can be a winning proposition for both players and marketers. We are one of the first casual game publishers to provide games for free in exchange for delivering targeted, relevant and compelling in-game advertising.

STEP 1

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.

Click on START -> CONTROL PANEL -> Display -> Desktop -> Customize Desktop... -> Web tab

Then uncheck and delete everything you find in there (except for "My Current Home Page")

Remove the checkmark from the the Lock Desktop Items box if it is checked.

Click OK and Exit the Display properties.

STEP 2

Your old Java is exploited and needs to be removed.

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

When we're done you can go back and install the latest version but for now please do not install any.

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply

Then look for the following Java folders and if found delete them.

C:\Program Files\Java

C:\Program Files\Common Files\Java

C:\Documents and Settings\All Users\Application Data\Java

C:\Documents and Settings\All Users\Application Data\Sun\Java

C:\Documents and Settings\username\Application Data\Java

C:\Documents and Settings\username\Application Data\Sun\Java

STEP 3

Your Adobe Acrobat Reader may have exploited code and needs to be removed and updated.

Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat

STEP 4

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::

File::
c:\windows\QTFont.qfn
c:\windows\QTFont.for
c:\windows\system32\uacinit.dll
c:\progra~1\IWINGA~1\IWINGA~1.DLL
c:\windows\Tasks\jmyesjxs.job
c:\windows\system32\nnnkkjhi.dll

DirLook::
c:\documents and settings\David\Application Data\Boomzap
c:\documents and settings\David\Application Data\World-LooM



Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 5

Download SDFix and save it to your Desktop.

Double click SDFix.exe and the files will be extracted to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Reboot the computer into Safe mode.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • Any Trojan Services and Registry Entries that it finds will be removed then you will be prompted to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open and a copy of the report will be saved in the SDFix folder as Report.txt
    (Report.txt will also be copied automatically to your Clipboard and ready for posting back in the forum).
  • Finally paste the contents of the Report.txt back here along with a fresh HijackThis log.

SDFix page at Bleepingcomputer.com

How to use SDFix

STEP 6

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

LOL...No I'm not sure I want the iWin stuff on the computer. I should probably mention that this machine is used primarily by my 2 teenage daughters. Anyway here are the logs, hopefully in the right order!

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Feb 13 18:30:18 2009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410201

------------------------------------

Finished reporting.

ComboFix 09-02-12.03 - David 2009-02-13 19:45:13.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.126 [GMT -8:00]

Running from: c:\documents and settings\David\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\David\Desktop\CFscript.txt

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

FW: McAfee Personal Firewall *enabled*

* Created a new restore point

FILE ::

c:\progra~1\IWINGA~1\IWINGA~1.DLL

c:\windows\QTFont.for

c:\windows\QTFont.qfn

c:\windows\system32\nnnkkjhi.dll

c:\windows\system32\uacinit.dll

c:\windows\Tasks\jmyesjxs.job

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\QTFont.for

c:\windows\QTFont.qfn

c:\windows\system32\uacinit.dll

c:\windows\Tasks\jmyesjxs.job

.

((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))

.

2009-02-13 19:15 . 2009-02-13 19:15 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-02-13 19:00 . 2009-02-13 19:00 <DIR> d-------- c:\program files\NOS

2009-02-13 19:00 . 2009-02-13 19:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

2009-02-12 20:06 . 2008-05-01 06:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-02-12 19:27 . 2009-02-12 20:09 <DIR> d-------- C:\2combofix

2009-02-11 20:02 . 2009-02-11 20:02 <DIR> d-------- c:\program files\Trend Micro

2009-02-02 19:17 . 2009-02-02 19:17 <DIR> d-------- c:\program files\Common Files\SWF Studio

2009-01-16 21:36 . 2009-01-16 21:36 <DIR> d-------- c:\documents and settings\David\Application Data\Boomzap

2009-01-16 19:57 . 2009-01-16 19:57 <DIR> d-------- c:\documents and settings\David\Application Data\World-LooM

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-14 04:02 --------- d-----w c:\documents and settings\David\Application Data\OpenOffice.org2

2009-02-14 03:26 --------- d-----w c:\documents and settings\David\Application Data\ComcastToolbar

2009-02-14 03:14 --------- d-----w c:\program files\Common Files\Adobe

2009-02-14 02:17 --------- d-----w c:\program files\Shockwave.com

2009-02-14 02:16 --------- d-----w c:\program files\GameHouse

2009-02-14 02:07 --------- d-----w c:\program files\iWin Games

2009-02-04 04:49 --------- d-----w c:\program files\Warcraft III

2009-02-03 05:16 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-03 03:17 --------- d-----w c:\documents and settings\David\Application Data\PlayFirst

2009-02-03 03:17 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst

2009-02-03 03:15 --------- d-----w c:\program files\PlayFirst

2009-01-29 02:42 --------- d-----w c:\program files\World of Warcraft

2009-01-26 21:11 --------- d-----w c:\documents and settings\David\Application Data\AdobeUM

2009-01-14 04:50 --------- d-----w c:\program files\Google

2009-01-10 01:37 --------- d-----w c:\documents and settings\David\Application Data\Playrix Entertainment

2009-01-10 01:36 --------- d-----w c:\program files\Playrix Entertainment

2009-01-02 22:37 --------- d-----w c:\program files\Chill

2009-01-02 22:19 --------- d-----w c:\program files\iWin.com

2009-01-02 01:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-02 01:48 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache

2009-01-01 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse

2008-12-29 15:01 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\COMCASTTOOLBAR

2008-12-23 07:14 --------- d-----w c:\program files\Sallys Spa

2008-12-23 07:13 --------- d-----w c:\program files\Alawar

2008-12-23 06:35 --------- d-----w c:\documents and settings\David\Application Data\iWin

2008-12-23 06:35 --------- d-----w c:\documents and settings\All Users\Application Data\iWin

2008-12-23 06:05 --------- d-----w c:\documents and settings\David\Application Data\GameInvest

2008-12-21 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\NevoSoft Games

2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll

2008-12-17 05:00 --------- d-----w c:\program files\Project64 1.6

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\documents and settings\David\Application Data\Boomzap ----

2009-01-16 21:43 296489 --a------ c:\documents and settings\David\Application Data\Boomzap\orchard_bzp.rms

2009-01-16 21:43 100282 --a------ c:\documents and settings\David\Application Data\Boomzap\orchard.log

---- Directory of c:\documents and settings\David\Application Data\World-LooM ----

2009-01-16 20:47 711 --a------ c:\documents and settings\David\Application Data\World-LooM\Fix-it-up Kate's Adventure\settings.xml

2009-01-16 20:47 4864 --a------ c:\documents and settings\David\Application Data\World-LooM\Fix-it-up Kate's Adventure\um.sav.dso

2009-01-16 19:57 2603 --a------ c:\documents and settings\David\Application Data\World-LooM\Fix-it-up Kate's Adventure\default.sav.dso

((((((((((((((((((((((((((((( SnapShot@2009-02-12_20.07.09.96 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll

+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe

+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll

+ 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll

+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys

+ 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll

+ 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys

+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys

+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll

+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys

+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys

+ 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll

+ 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll

+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe

+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll

+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll

+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll

+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll

+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe

+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe

+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll

+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll

+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll

+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll

+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll

+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe

+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll

+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll

- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys

- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2008-04-23 04:16:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll

+ 2008-04-23 04:16:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll

+ 2008-04-23 04:16:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll

+ 2008-04-23 04:16:28 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll

+ 2008-04-23 04:16:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll

+ 2008-04-22 07:39:58 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe

+ 2008-04-23 04:16:28 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll

+ 2008-04-23 04:16:28 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll

+ 2008-04-20 05:07:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll

+ 2008-04-23 04:16:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll

+ 2008-04-23 04:16:28 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll

+ 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll

+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll

+ 2008-04-23 04:16:28 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll

+ 2008-04-22 07:39:58 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe

+ 2008-04-22 07:40:18 625,664 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe

+ 2008-04-23 04:16:28 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll

+ 2008-04-23 04:16:28 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll

+ 2008-04-23 04:16:28 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll

+ 2008-04-24 05:16:30 3,591,680 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll

+ 2008-04-23 04:16:28 478,208 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll

+ 2008-04-23 04:16:28 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll

+ 2008-04-23 04:16:28 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll

+ 2008-04-23 04:16:28 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll

+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll

+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll

+ 2008-04-23 04:16:28 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll

+ 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll

+ 2008-04-23 04:16:29 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll

+ 2008-04-23 04:16:29 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll

+ 2009-02-13 11:01:15 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

+ 2007-12-12 23:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe

- 2008-04-23 04:16:28 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll

- 2009-02-13 03:27:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-02-14 03:12:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-02-13 03:27:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-02-14 03:12:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2009-02-13 03:27:12 81,920 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-14 03:12:37 81,920 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-23 04:16:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys

- 2008-02-20 05:32:43 148,992 -c----w c:\windows\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll

- 2008-04-23 04:16:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-04-23 04:16:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-07-07 20:32:22 253,952 -c----w c:\windows\system32\dllcache\es.dll

- 2008-04-23 04:16:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

- 2008-02-20 06:51:05 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll

+ 2008-10-23 13:01:36 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll

- 2008-04-23 04:16:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-04-22 07:39:58 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-04-23 04:16:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll

- 2008-04-23 04:16:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll

- 2008-04-20 05:07:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll

+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll

- 2008-04-23 04:16:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-04-23 04:16:28 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-04-23 04:16:28 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll

+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll

- 2008-04-23 04:16:28 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-04-22 07:39:58 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-04-22 07:40:18 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe

+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe

- 2007-08-21 06:15:44 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll

+ 2008-04-11 18:50:43 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll

- 2008-04-23 04:16:28 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-06-18 09:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe

- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys

+ 2008-06-24 16:23:05 74,240 -c----w c:\windows\system32\dllcache\mscms.dll

- 2008-04-23 04:16:28 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-04-23 04:16:28 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-04-24 05:16:30 3,591,680 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2009-01-17 05:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-04-23 04:16:28 478,208 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2008-04-23 04:16:28 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2008-04-23 04:16:28 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-06-20 17:41:10 245,248 -c----w c:\windows\system32\dllcache\mswsock.dll

- 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll

+ 2008-09-04 16:42:02 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll

- 2006-08-17 12:28:27 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll

+ 2008-10-15 16:57:55 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll

- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe

- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

+ 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

- 2008-04-23 04:16:28 102,912 -c----w c:\windows\system32\dllcache\occache.dll

+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll

- 2008-04-23 04:16:28 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys

+ 2008-12-11 11:57:21 333,184 -c----w c:\windows\system32\dllcache\srv.sys

- 2006-08-21 17:52:08 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:15:47 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll

- 2007-10-30 17:20:55 360,064 -c----w c:\windows\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys

- 2006-08-16 09:37:30 225,664 -c----w c:\windows\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys

- 2008-04-23 04:16:28 105,984 -c----w c:\windows\system32\dllcache\url.dll

+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll

- 2008-04-23 04:16:29 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-04-23 04:16:29 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

- 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\system32\dllcache\win32k.sys

+ 2008-09-15 11:57:41 1,846,016 -c----w c:\windows\system32\dllcache\win32k.sys

- 2008-04-23 04:16:29 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-06-18 13:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll

- 2006-10-19 04:47:22 2,450,944 -c----w c:\windows\system32\dllcache\wmvcore.dll

+ 2008-06-18 13:03:14 2,458,112 -c----w c:\windows\system32\dllcache\WMVCore.dll

- 2007-07-31 02:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll

+ 2008-10-16 22:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll

- 2008-02-20 05:32:43 148,992 ----a-w c:\windows\system32\dnsapi.dll

+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll

- 2004-08-04 06:14:14 138,496 ----a-w c:\windows\system32\drivers\afd.sys

+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys

- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys

+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys

- 2007-10-30 17:20:55 360,064 ----a-w c:\windows\system32\drivers\tcpip.sys

+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys

- 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys

- 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll

+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll

- 2008-04-23 04:16:28 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-04-09 10:10:26 221,632 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-02-13 11:13:01 221,632 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll

+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll

- 2008-04-23 04:16:28 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-04-22 07:39:58 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-04-23 04:16:28 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-04-23 04:16:28 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-04-20 05:07:51 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-04-23 04:16:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-04-23 04:16:28 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-04-23 04:16:28 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll

- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-04-23 04:16:28 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-04-22 07:39:58 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll

+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll

- 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2006-10-19 03:03:58 100,864 ----a-w c:\windows\system32\logagent.exe

+ 2008-06-18 09:09:22 100,864 ----a-w c:\windows\system32\logagent.exe

- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll

+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll

- 2008-04-23 04:16:28 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-04-23 04:16:28 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-04-24 05:16:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll

+ 2009-01-17 05:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll

- 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-04-23 04:16:28 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll

- 2004-08-04 07:56:44 245,248 ----a-w c:\windows\system32\mswsock.dll

+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll

- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll

+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll

- 2007-05-08 22:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll

+ 2008-10-01 00:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll

- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll

+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll

- 2007-02-28 08:38:57 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe

+ 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe

- 2007-02-28 09:08:48 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe

+ 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe

- 2008-04-23 04:16:28 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2007-11-30 11:18:51 17,272 ----a-w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll

- 2006-08-21 17:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll

+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll

- 2007-11-13 11:31:11 60,416 ----a-w c:\windows\system32\tzchange.exe

+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe

- 2008-04-23 04:16:28 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll

- 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-04-23 04:16:29 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll

- 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\win32k.sys

+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys

- 2006-10-19 04:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll

+ 2008-06-18 13:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll

- 2006-10-19 04:47:20 295,936 ----a-w c:\windows\system32\wmpeffects.dll

+ 2008-06-25 02:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll

- 2006-10-19 04:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll

+ 2008-06-18 13:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll

- 2007-07-31 02:18:40 33,624 ----a-w c:\windows\system32\wups.dll

+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\wups.dll

- 2007-07-31 02:19:12 43,352 ----a-w c:\windows\system32\wups2.dll

+ 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\wups2.dll

+ 2008-10-01 00:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll

+ 2008-10-01 00:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll

+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]

"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-06 26112]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"EPSON Stylus CX5200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-06-30 74752]

"HostManager"="c:\program files\Common Files\AOL\1152497802\ee\AOLSoftware.exe" [2006-09-25 50736]

"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\David\Start Menu\Programs\Startup\

OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-02 57344]

Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-08-16 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\SV_Httpd.exe"=

"c:\\Program Files\\Sony\\vaio media integrated server\\Platform\\UPnPFramework.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=

"c:\\Program Files\\Pariah Multiplayer Demo\\System\\Pariah.exe"=

"c:\\Program Files\\Quake III Arena\\quake3.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Diablo II\\Diablo II.exe"=

"c:\\Program Files\\iWin Games\\iWinGames.exe"=

"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:UDP"= 6112:UDP:Warcraft

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-08-16 86098]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-13 33752]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]

.

Contents of the 'Scheduled Tasks' folder

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-02-02 c:\windows\Tasks\Uniblue SpyEraser Nag.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2008-12-09 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www6.comcast.net/a/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.comcast.net

mWindow Title = Windows Internet Explorer provided by Comcast

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: turbotax.com

DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} - hxxp://download.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab

DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} - hxxp://download.playfirst.com/play/game/tastyplanet/tastyplanet.1.0.0.4.cab

DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab

DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://download.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.10.cab

DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-13 19:55:08

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe

c:\program files\Sony\Giga Pocket\shwserv.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\Common Files\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\windows\system32\UAService7.exe

c:\windows\wanmpsvc.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\program files\Sony\Giga Pocket\RM_SV.exe

c:\program files\OpenOffice.org 2.1\program\soffice.exe

c:\program files\OpenOffice.org 2.1\program\soffice.bin

c:\program files\McAfee\MPF\MpfSrv.exe

c:\progra~1\McAfee\MSC\mcuimgr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-02-13 20:09:42 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-14 04:09:21

ComboFix2.txt 2009-02-13 04:08:37

Pre-Run: 68,684,365,824 bytes free

Post-Run: 68,696,907,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

543 --- E O F --- 2009-02-13 11:06:10

SDFix: Version 1.240

Run by David on Fri 02/13/2009 at 08:38 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:11:13 PM, on 2/13/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Sony\Giga Pocket\shwserv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Sony\Giga Pocket\RM_SV.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\sony\usbsircs\usbsircs.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Support.com\bin\tgcmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Remocon Driver.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab

O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab

O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab

O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab

O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe

O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 14486 bytes

Malwarebytes' Anti-Malware 1.34

Database version: 1761

Windows 5.1.2600 Service Pack 2

2/13/2009 9:23:23 PM

mbam-log-2009-02-13 (21-23-23).txt

Scan type: Quick Scan

Objects scanned: 80653

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 105

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\malwaredestruct.server.1 (Rogue.MalwareDestructor) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\expertantivirus.addin.1 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\estkzelc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:28:55 PM, on 2/13/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Sony\Giga Pocket\shwserv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\WINDOWS\wanmpsvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\sony\usbsircs\usbsircs.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Remocon Driver.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab

O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab

O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab

O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab

O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe

O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 14346 bytes

Link to post
Share on other sites

  • Root Admin

Please run the following tool. Don't forget you MUST be in SAFE MODE in order to run the cleaning process.

Choose options 2 and 3 for cleaning in Safe Mode.

You may want to print the Web page because you won't have Internet access in Safe Mode

Please download and run this tool. Follow the instructions provided on the page

SmitFraudFix

When that is done then update and run MBAM again please.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Then run this tool please.

Please download Lop S&D

Double-click on Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt), typcially C:\lopR.txt

Link to post
Share on other sites

Here are the latest, thanks again for all your help.

Malwarebytes' Anti-Malware 1.34

Database version: 1761

Windows 5.1.2600 Service Pack 2

2/13/2009 11:28:11 PM

mbam-log-2009-02-13 (23-28-11).txt

Scan type: Quick Scan

Objects scanned: 80919

Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:35:12, on 2/13/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Sony\Giga Pocket\shwserv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\sony\usbsircs\usbsircs.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\WINDOWS\system32\wuauclt.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Remocon Driver.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab

O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab

O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab

O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab

O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe

O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 13724 bytes

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )

BIOS : BIOS Date: 04/09/04 13:44:32 Ver: 08.00.08

USER : David ( Administrator )

BOOT : Normal boot

Antivirus : McAfee VirusScan (Activated)

Firewall : McAfee Personal Firewall (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:143 Go (Free:63 Go)

D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

F:\ (USB)

G:\ (USB)

H:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( Fri 02/13/2009|23:43 )

--------------------\\ Listing folders in APPLIC~1

[02/13/2009|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[01/09/2007|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL

[01/08/2007|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads

[12/25/2007|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[12/25/2006|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[01/01/2009|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache

[08/15/2008|00:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\blg

[10/18/2008|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard

[03/30/2005|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Broderbund LLC

[03/30/2005|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Broderbund Software

[09/19/2008|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2

[09/19/2008|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames

[10/26/2008|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo

[12/31/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse

[12/20/2007|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii

[01/13/2009|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[06/05/2005|23:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Groove Games

[04/24/2005|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek

[01/05/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft

[04/11/2005|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit

[12/22/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin

[10/15/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin Games

[02/13/2009|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[12/24/2006|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee

[09/08/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[09/21/2008|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo

[11/09/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9

[12/20/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NevoSoft Games

[02/13/2009|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

[09/19/2008|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games

[04/16/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pdf995

[02/02/2009|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst

[12/31/2006|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayTime

[12/23/2007|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap

[01/29/2005|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks

[12/25/2005|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[09/19/2008|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games

[03/31/2004|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[09/14/2007|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan

[08/16/2004|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation

[04/28/2007|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games

[12/22/2006|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com

[12/24/2006|01:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[01/01/2009|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[02/02/2008|01:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uniblue

[08/16/2004|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform

[01/21/2007|23:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

[10/18/2008|17:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent

[07/16/2006|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[12/06/2007|00:52] C:\DOCUME~1\David\APPLIC~1\Adobe

[01/26/2009|13:11] C:\DOCUME~1\David\APPLIC~1\AdobeUM

[07/11/2008|21:07] C:\DOCUME~1\David\APPLIC~1\Alawar

[01/09/2007|19:11] C:\DOCUME~1\David\APPLIC~1\AOL

[09/11/2007|12:48] C:\DOCUME~1\David\APPLIC~1\Apple Computer

[04/05/2005|18:46] C:\DOCUME~1\David\APPLIC~1\ArcSoft

[11/08/2008|22:47] C:\DOCUME~1\David\APPLIC~1\BeachPartyCraze

[08/15/2008|00:40] C:\DOCUME~1\David\APPLIC~1\blg

[01/16/2009|21:36] C:\DOCUME~1\David\APPLIC~1\Boomzap

[02/13/2009|23:39] C:\DOCUME~1\David\APPLIC~1\ComcastToolbar

[07/30/2005|14:12] C:\DOCUME~1\David\APPLIC~1\Drag'n Drop CD+DVD

[01/22/2007|20:09] C:\DOCUME~1\David\APPLIC~1\EPSON

[11/09/2008|12:54] C:\DOCUME~1\David\APPLIC~1\GameHouse

[12/22/2008|22:05] C:\DOCUME~1\David\APPLIC~1\GameInvest

[11/21/2008|18:02] C:\DOCUME~1\David\APPLIC~1\Gamelab

[09/20/2008|15:32] C:\DOCUME~1\David\APPLIC~1\Go-Go Gourmet Chef of the Year

[10/14/2007|19:42] C:\DOCUME~1\David\APPLIC~1\Google

[04/24/2005|12:00] C:\DOCUME~1\David\APPLIC~1\GTek

[04/08/2005|15:55] C:\DOCUME~1\David\APPLIC~1\Help

[12/20/2007|20:24] C:\DOCUME~1\David\APPLIC~1\Home Sweet Home

[03/31/2004|13:07] C:\DOCUME~1\David\APPLIC~1\Identities

[01/17/2005|23:07] C:\DOCUME~1\David\APPLIC~1\InterVideo

[04/13/2008|14:58] C:\DOCUME~1\David\APPLIC~1\Intuit

[12/22/2008|22:35] C:\DOCUME~1\David\APPLIC~1\iWin

[10/15/2008|17:21] C:\DOCUME~1\David\APPLIC~1\iWinArcade

[08/06/2007|19:33] C:\DOCUME~1\David\APPLIC~1\Macromedia

[02/13/2009|21:14] C:\DOCUME~1\David\APPLIC~1\Malwarebytes

[01/08/2009|22:34] C:\DOCUME~1\David\APPLIC~1\Microsoft

[06/20/2005|17:49] C:\DOCUME~1\David\APPLIC~1\Mind Control Software

[01/24/2006|22:22] C:\DOCUME~1\David\APPLIC~1\Mozilla

[09/19/2008|16:15] C:\DOCUME~1\David\APPLIC~1\Oberon Games

[02/13/2009|23:34] C:\DOCUME~1\David\APPLIC~1\OpenOffice.org2

[11/06/2008|16:55] C:\DOCUME~1\David\APPLIC~1\PetShowCraze

[02/02/2009|19:17] C:\DOCUME~1\David\APPLIC~1\PlayFirst

[01/09/2009|17:37] C:\DOCUME~1\David\APPLIC~1\Playrix Entertainment

[04/16/2005|13:17] C:\DOCUME~1\David\APPLIC~1\SecuROM

[04/10/2007|17:18] C:\DOCUME~1\David\APPLIC~1\Sony Corporation

[11/21/2008|18:31] C:\DOCUME~1\David\APPLIC~1\SulusGames

[03/31/2004|16:02] C:\DOCUME~1\David\APPLIC~1\Symantec

[10/11/2005|16:32] C:\DOCUME~1\David\APPLIC~1\Template

[07/13/2008|21:01] C:\DOCUME~1\David\APPLIC~1\TheScruffs

[07/13/2008|00:43] C:\DOCUME~1\David\APPLIC~1\Total Eclipse

[02/02/2008|01:50] C:\DOCUME~1\David\APPLIC~1\Uniblue

[08/02/2008|18:19] C:\DOCUME~1\David\APPLIC~1\Ventrilo

[01/21/2007|23:12] C:\DOCUME~1\David\APPLIC~1\Viewpoint

[07/12/2008|22:06] C:\DOCUME~1\David\APPLIC~1\ViquaSoft

[02/13/2009|21:05] C:\DOCUME~1\David\APPLIC~1\WinRAR

[01/16/2009|19:57] C:\DOCUME~1\David\APPLIC~1\World-LooM

[01/29/2005|14:44] C:\DOCUME~1\David\APPLIC~1\You've Got Pictures Screensaver

[03/31/2004|13:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[08/16/2004|17:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[03/31/2004|15:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla

[03/31/2004|16:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[08/21/2008|14:48] C:\DOCUME~1\Keighley\APPLIC~1\Adobe

[01/02/2006|11:32] C:\DOCUME~1\Keighley\APPLIC~1\AdobeUM

[10/29/2006|10:17] C:\DOCUME~1\Keighley\APPLIC~1\AOL

[07/05/2006|19:04] C:\DOCUME~1\Keighley\APPLIC~1\ArcSoft

[05/08/2007|07:33] C:\DOCUME~1\Keighley\APPLIC~1\COMCASTTOOLBAR

[05/08/2007|07:33] C:\DOCUME~1\Keighley\APPLIC~1\Google

[04/09/2006|18:31] C:\DOCUME~1\Keighley\APPLIC~1\Help

[03/31/2004|13:07] C:\DOCUME~1\Keighley\APPLIC~1\Identities

[01/14/2005|19:20] C:\DOCUME~1\Keighley\APPLIC~1\Leadertech

[04/29/2007|09:43] C:\DOCUME~1\Keighley\APPLIC~1\Macromedia

[01/21/2006|13:54] C:\DOCUME~1\Keighley\APPLIC~1\Microsoft

[10/07/2004|10:24] C:\DOCUME~1\Keighley\APPLIC~1\Mozilla

[02/03/2006|18:33] C:\DOCUME~1\Keighley\APPLIC~1\PlayFirst

[03/31/2004|16:02] C:\DOCUME~1\Keighley\APPLIC~1\Symantec

[11/03/2006|21:52] C:\DOCUME~1\Keighley\APPLIC~1\You've Got Pictures Screensaver

[01/16/2005|13:43] C:\DOCUME~1\Kendall\APPLIC~1\Adobe

[06/26/2005|17:21] C:\DOCUME~1\Kendall\APPLIC~1\AdobeUM

[09/01/2006|10:56] C:\DOCUME~1\Kendall\APPLIC~1\AOL

[08/04/2005|10:55] C:\DOCUME~1\Kendall\APPLIC~1\ArcSoft

[06/27/2007|18:42] C:\DOCUME~1\Kendall\APPLIC~1\COMCASTTOOLBAR

[01/10/2007|17:16] C:\DOCUME~1\Kendall\APPLIC~1\Google

[11/20/2004|15:29] C:\DOCUME~1\Kendall\APPLIC~1\Help

[03/31/2004|13:07] C:\DOCUME~1\Kendall\APPLIC~1\Identities

[04/11/2005|19:21] C:\DOCUME~1\Kendall\APPLIC~1\Intuit

[06/27/2007|18:20] C:\DOCUME~1\Kendall\APPLIC~1\Macromedia

[06/15/2005|16:10] C:\DOCUME~1\Kendall\APPLIC~1\Microsoft

[01/12/2005|17:07] C:\DOCUME~1\Kendall\APPLIC~1\Mozilla

[03/31/2004|16:02] C:\DOCUME~1\Kendall\APPLIC~1\Symantec

[02/09/2005|15:30] C:\DOCUME~1\Kendall\APPLIC~1\You've Got Pictures Screensaver

[03/27/2008|17:52] C:\DOCUME~1\Kyla\APPLIC~1\Adobe

[03/28/2006|14:40] C:\DOCUME~1\Kyla\APPLIC~1\AdobeUM

[09/05/2006|19:01] C:\DOCUME~1\Kyla\APPLIC~1\AOL

[05/06/2007|18:12] C:\DOCUME~1\Kyla\APPLIC~1\Apple Computer

[03/27/2008|17:52] C:\DOCUME~1\Kyla\APPLIC~1\COMCASTTOOLBAR

[02/12/2007|20:23] C:\DOCUME~1\Kyla\APPLIC~1\Google

[12/14/2005|18:58] C:\DOCUME~1\Kyla\APPLIC~1\Help

[03/31/2004|13:07] C:\DOCUME~1\Kyla\APPLIC~1\Identities

[03/27/2008|12:46] C:\DOCUME~1\Kyla\APPLIC~1\InterVideo

[05/06/2007|18:03] C:\DOCUME~1\Kyla\APPLIC~1\Macromedia

[10/01/2006|17:25] C:\DOCUME~1\Kyla\APPLIC~1\Microsoft

[04/30/2006|00:00] C:\DOCUME~1\Kyla\APPLIC~1\Mozilla

[10/21/2006|15:53] C:\DOCUME~1\Kyla\APPLIC~1\Sony Corporation

[03/31/2004|16:02] C:\DOCUME~1\Kyla\APPLIC~1\Symantec

[10/01/2006|17:31] C:\DOCUME~1\Kyla\APPLIC~1\U3

[10/15/2006|11:46] C:\DOCUME~1\Kyla\APPLIC~1\You've Got Pictures Screensaver

[03/31/2004|13:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[01/09/2007|01:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/06/2004|21:07] C:\DOCUME~1\Owner\APPLIC~1\Symantec

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/09/2008 09:08][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser.job

[02/02/2009 15:36][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job

[02/07/2009 13:11][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[02/13/2009 23:37][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job

[01/15/2009 01:48][--a------] C:\WINDOWS\tasks\McDefragTask.job

[02/01/2009 01:00][--a------] C:\WINDOWS\tasks\McQcTask.job

[02/13/2009 23:33][--ah-----] C:\WINDOWS\tasks\SA.DAT

[03/31/2003 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/05/2005|15:38] C:\Program Files\1602 A.D

[12/24/2006|01:07] C:\Program Files\Activision

[02/13/2009|19:16] C:\Program Files\Adobe

[12/22/2008|23:13] C:\Program Files\Alawar

[04/12/2008|13:28] C:\Program Files\Amazon

[01/08/2007|23:55] C:\Program Files\AOL

[01/08/2007|23:57] C:\Program Files\AOL Toolbar

[12/25/2007|08:54] C:\Program Files\Apple Software Update

[02/22/2005|19:17] C:\Program Files\ArcSoft

[02/22/2006|17:31] C:\Program Files\Atari

[03/31/2004|14:36] C:\Program Files\ATI Technologies

[05/12/2008|18:20] C:\Program Files\AVYMEDIA

[10/15/2008|15:29] C:\Program Files\bfgclient

[03/15/2008|12:37] C:\Program Files\BoundAround_Demo

[03/30/2005|19:14] C:\Program Files\Calendar Creator

[02/22/2005|19:26] C:\Program Files\Canon

[01/02/2009|14:37] C:\Program Files\Chill

[12/24/2006|01:03] C:\Program Files\Comcast Play Games

[03/24/2007|12:59] C:\Program Files\ComcastToolbar

[02/13/2009|19:49] C:\Program Files\Common Files

[03/31/2004|13:06] C:\Program Files\ComPlus Applications

[03/15/2008|12:39] C:\Program Files\Cosmic Bugs

[09/25/2004|22:46] C:\Program Files\Crimsonland

[09/25/2004|11:59] C:\Program Files\Croteam

[01/06/2008|19:04] C:\Program Files\Dark Basic Software

[10/10/2008|16:23] C:\Program Files\Diablo

[10/14/2008|21:15] C:\Program Files\Diablo II

[09/23/2004|16:03] C:\Program Files\directx

[05/03/2005|20:10] C:\Program Files\Doom 3

[05/03/2005|19:13] C:\Program Files\Doom 3 Demo

[08/16/2004|17:59] C:\Program Files\drag'n drop cd+dvd

[07/19/2008|17:09] C:\Program Files\Empire Interactive

[02/22/2005|19:19] C:\Program Files\epic

[02/22/2005|19:14] C:\Program Files\EPSON

[09/25/2005|12:11] C:\Program Files\Expert Software

[06/28/2005|14:33] C:\Program Files\Feeding Frenzy

[09/25/2004|09:30] C:\Program Files\Fox

[03/15/2008|12:45] C:\Program Files\FrozenFruits

[05/17/2008|19:05] C:\Program Files\Game_Maker7

[10/25/2008|14:55] C:\Program Files\GameFiesta

[02/13/2009|18:16] C:\Program Files\GameHouse

[01/19/2007|07:46] C:\Program Files\GameSpy Arcade

[03/15/2008|12:48] C:\Program Files\Giant

[01/13/2009|20:50] C:\Program Files\Google

[03/15/2008|12:46] C:\Program Files\Gutterball 2

[03/26/2005|13:23] C:\Program Files\Hasbro Interactive

[03/15/2008|12:46] C:\Program Files\Icarus

[10/22/2005|19:41] C:\Program Files\id Software

[10/07/2004|10:17] C:\Program Files\Infogrames Interactive

[02/02/2009|21:16] C:\Program Files\InstallShield Installation Information

[03/31/2004|13:16] C:\Program Files\Intel

[05/26/2005|13:06] C:\Program Files\InterActual

[02/13/2009|03:03] C:\Program Files\Internet Explorer

[08/16/2004|17:52] C:\Program Files\InterVideo

[12/25/2007|09:00] C:\Program Files\iPod

[04/17/2006|18:21] C:\Program Files\ItsDeductible2005

[04/13/2005|13:41] C:\Program Files\ItsDeductibleEX

[12/25/2007|09:00] C:\Program Files\iTunes

[02/13/2009|18:07] C:\Program Files\iWin Games

[01/02/2009|14:19] C:\Program Files\iWin.com

[04/22/2007|20:32] C:\Program Files\KrazyDad

[01/29/2005|14:44] C:\Program Files\Learn2.com

[12/10/2007|22:20] C:\Program Files\LifeFX

[05/29/2005|12:01] C:\Program Files\LucasArts

[08/15/2005|12:14] C:\Program Files\Luxor

[02/13/2009|21:14] C:\Program Files\Malwarebytes' Anti-Malware

[08/23/2005|15:55] C:\Program Files\Mattel Interactive

[05/19/2005|16:53] C:\Program Files\Maxis

[09/02/2008|22:26] C:\Program Files\McAfee

[12/24/2006|01:33] C:\Program Files\McAfee.com

[12/25/2005|18:29] C:\Program Files\Media Guitar Basics

[02/13/2009|03:05] C:\Program Files\Messenger

[08/16/2004|18:03] C:\Program Files\Microsoft ActiveSync

[03/31/2004|13:07] C:\Program Files\microsoft frontpage

[10/27/2005|14:40] C:\Program Files\Microsoft Games

[08/16/2004|18:04] C:\Program Files\Microsoft Office

[08/16/2004|18:01] C:\Program Files\Microsoft Works

[03/31/2004|15:57] C:\Program Files\MoodLogic

[09/24/2004|22:27] C:\Program Files\Movie Maker

[03/31/2004|13:05] C:\Program Files\MSN

[01/09/2007|19:20] C:\Program Files\MSN Games

[03/31/2004|13:05] C:\Program Files\MSN Gaming Zone

[11/06/2004|18:58] C:\Program Files\MSXML 4.0

[09/24/2004|22:23] C:\Program Files\NetMeeting

[03/31/2004|15:54] C:\Program Files\Netscape

[02/13/2009|19:00] C:\Program Files\NOS

[06/20/2005|17:49] C:\Program Files\Oasis

[10/26/2008|18:23] C:\Program Files\Oberon Media

[01/09/2007|19:19] C:\Program Files\Online Services

[01/18/2007|20:08] C:\Program Files\OpenOffice.org 2.1

[06/13/2007|02:03] C:\Program Files\Outlook Express

[06/05/2005|23:38] C:\Program Files\Pariah Multiplayer Demo

[03/27/2007|10:58] C:\Program Files\Pivot Stickfigure Animator

[02/02/2009|19:15] C:\Program Files\PlayFirst

[01/09/2009|17:36] C:\Program Files\Playrix Entertainment

[03/15/2008|12:40] C:\Program Files\PopCap Games

[08/02/2007|21:56] C:\Program Files\Project64

[12/16/2008|21:00] C:\Program Files\Project64 1.6

[01/09/2007|19:15] C:\Program Files\Pure Networks

[08/13/2005|09:38] C:\Program Files\Quake III Arena

[03/31/2004|15:59] C:\Program Files\Quicken

[12/25/2007|08:57] C:\Program Files\QuickTime

[09/06/2004|19:01] C:\Program Files\Real

[10/17/2008|17:49] C:\Program Files\RealArcade

[06/20/2005|17:47] C:\Program Files\ReflexiveArcade

[09/25/2004|23:24] C:\Program Files\Return to Castle Wolfenstein

[08/15/2005|17:26] C:\Program Files\Rocket Bowl

[01/15/2007|21:16] C:\Program Files\Rockstar Games

[12/22/2008|23:14] C:\Program Files\Sallys Spa

[09/14/2007|18:41] C:\Program Files\Security Task Manager

[03/31/2004|16:00] C:\Program Files\Shield

[02/13/2009|18:17] C:\Program Files\Shockwave.com

[12/16/2006|18:59] C:\Program Files\Sierra

[08/16/2004|18:05] C:\Program Files\Sony

[08/06/2007|08:54] C:\Program Files\Starcraft

[04/24/2005|14:02] C:\Program Files\Strategy First

[05/11/2007|01:55] C:\Program Files\support.com

[12/24/2006|01:23] C:\Program Files\Symantec

[04/16/2007|16:39] C:\Program Files\TaxCut06

[01/09/2008|17:04] C:\Program Files\The Game Creators

[12/22/2006|09:56] C:\Program Files\The Learning Company

[12/24/2006|01:04] C:\Program Files\THQ

[02/11/2009|20:02] C:\Program Files\Trend Micro

[04/12/2008|13:33] C:\Program Files\TurboTax

[12/07/2005|20:07] C:\Program Files\Ubi Soft

[09/08/2004|21:15] C:\Program Files\Ubisoft

[02/02/2008|01:50] C:\Program Files\Uniblue

[03/31/2004|13:11] C:\Program Files\Uninstall Information

[11/03/2006|21:48] C:\Program Files\VCW VicMan's Photo Editor

[08/01/2008|17:35] C:\Program Files\Ventrilo

[12/10/2007|22:20] C:\Program Files\ViaVoice TTS

[09/06/2004|19:01] C:\Program Files\Viewpoint

[02/03/2009|20:49] C:\Program Files\Warcraft III

[04/24/2005|14:55] C:\Program Files\Web Publish

[10/18/2008|17:32] C:\Program Files\WildGames

[01/09/2007|01:15] C:\Program Files\Windows Defender

[04/27/2007|00:38] C:\Program Files\Windows Media Connect 2

[04/27/2007|00:38] C:\Program Files\Windows Media Player

[09/24/2004|22:23] C:\Program Files\Windows NT

[03/31/2004|13:05] C:\Program Files\WindowsUpdate

[01/28/2009|18:42] C:\Program Files\World of Warcraft

[03/31/2004|13:07] C:\Program Files\xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/13/2009|19:14] C:\Program Files\Common Files\Adobe

[02/13/2009|19:15] C:\Program Files\Common Files\Adobe AIR

[04/12/2008|13:46] C:\Program Files\Common Files\AnswerWorks 4.0

[01/09/2007|19:13] C:\Program Files\Common Files\AOL

[08/31/2006|17:53] C:\Program Files\Common Files\aolback

[12/25/2007|08:53] C:\Program Files\Common Files\Apple

[01/09/2008|17:07] C:\Program Files\Common Files\Bcgsoft

[12/04/2008|18:40] C:\Program Files\Common Files\Blizzard Entertainment

[03/30/2005|19:01] C:\Program Files\Common Files\Broderbund

[08/16/2004|18:03] C:\Program Files\Common Files\DESIGNER

[04/24/2005|14:06] C:\Program Files\Common Files\DirectX

[11/17/2006|21:35] C:\Program Files\Common Files\Download Manager

[02/22/2005|19:07] C:\Program Files\Common Files\EPSON

[06/05/2005|23:37] C:\Program Files\Common Files\Groove Games Shared

[08/16/2004|17:53] C:\Program Files\Common Files\InstallShield

[03/31/2004|15:59] C:\Program Files\Common Files\Intuit

[07/04/2008|17:01] C:\Program Files\Common Files\McAfee

[08/16/2004|18:05] C:\Program Files\Common Files\Microsoft Shared

[03/31/2004|13:06] C:\Program Files\Common Files\MSSoap

[02/09/2005|14:30] C:\Program Files\Common Files\NSV

[01/29/2005|14:43] C:\Program Files\Common Files\Nullsoft

[09/19/2008|16:12] C:\Program Files\Common Files\Oberon Media

[03/31/2004|05:03] C:\Program Files\Common Files\ODBC

[03/31/2004|15:59] C:\Program Files\Common Files\Palo Alto Software

[09/05/2004|20:30] C:\Program Files\Common Files\PocketSoft

[02/22/2005|19:15] C:\Program Files\Common Files\Python

[09/06/2004|19:01] C:\Program Files\Common Files\Real

[03/19/2007|09:06] C:\Program Files\Common Files\Scanner

[03/31/2004|13:06] C:\Program Files\Common Files\Services

[08/16/2004|17:55] C:\Program Files\Common Files\Sony Shared

[03/31/2004|05:03] C:\Program Files\Common Files\SpeechEngines

[02/02/2009|19:17] C:\Program Files\Common Files\SWF Studio

[12/24/2006|01:23] C:\Program Files\Common Files\Symantec Shared

[06/13/2007|02:03] C:\Program Files\Common Files\System

[08/01/2008|17:34] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 52 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\David\Cookies\david@advertising[1].txt

C:\DOCUME~1\David\Cookies\david@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-13 23:46:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Searching for other infections

No other infections found !

[F:138][D:0]-> C:\DOCUME~1\David\Cookies

[F:649][D:4]-> C:\DOCUME~1\David\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 02/13/2009|23:48 - Option : [1]

--------------------\\ Scan completed at 23:48:53

Link to post
Share on other sites

  • Root Admin

Please run this one more time before we declare you clean.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

Here are the latest logs

Malwarebytes' Anti-Malware 1.34

Database version: 1762

Windows 5.1.2600 Service Pack 2

2/14/2009 7:27:19 PM

mbam-log-2009-02-14 (19-27-19).txt

Scan type: Quick Scan

Objects scanned: 86724

Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:36:58, on 2/14/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Sony\Giga Pocket\shwserv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Sony\Giga Pocket\RM_SV.exe

C:\WINDOWS\system32\wuauclt.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\sony\usbsircs\usbsircs.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Support.com\bin\tgcmd.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAVID\Application Data\Mozilla\Profiles\default\9br8kbnx.slt\prefs.js)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152497802\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Remocon Driver.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://download.playfirst.com/play/game/sp...eb.1.0.0.17.cab

O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://download.playfirst.com/play/game/ta...net.1.0.0.4.cab

O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://download.playfirst.com/play/game/my...msi.1.0.0.8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://download.playfirst.com/play/game/di...h2.1.0.0.67.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://download.playfirst.com/play/game/dr...eb.1.0.0.10.cab

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjo...mesLauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download.playfirst.com/play/game/di...tg.1.0.0.32.cab

O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/pe...eb.1.0.0.15.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://playgames.comcast.net/online2/mahjo...ameLauncher.cab

O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://download.playfirst.com/play/game/sw...ia.1.0.0.22.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe

O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 14050 bytes

Link to post
Share on other sites

  • Root Admin

The logs look clean to me.

How is the compute running now?

Are there any signs of an infection?

Just a note that Open Office now has version 3.x in case you want to update.

If needed:Download and Update Java Runtime

The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 12.

  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 12 about half way down the page and click on the Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says jre-6u12-windows-i586-p.exe and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
  • Uncheck the Toolbar button (unless you want the toolbar)
  • Reboot your computer

Please run the following to remove any tools that might have been used during the scaning and cleaning of your system.

STEP 1

Uninstall ComboFix.exe

  • Click
    START
    then
    RUN
  • Now type
    Combofix /u
    (if you renamed Combofix.exe use that name instead)
    in the runbox and click OK. Note the
    space
    between the
    X
    and the
    /U
    , it needs to be there.

  • CF_Cleanup.png


  • When shown the disclaimer, Select "2"

Remove this folder C:\QooBox if the uninstall instructions don't work and delete Combofix.exe

STEP 2

Uninstall GMER

Click on
START - RUN
and type in or copy/paste
%windir%\gmer_uninstall.cmd
to remove GMER.

STEP 3

Uninstall other tools

Please
Download
OTMoveIt3
by Old Timer
and save it to your
Desktop
.
  • Double-click
    OTMoveIt3.exe
    to run it.
  • While connected to the Internet, Click on the green
    CleanUp!
    button and it will populate a list of items to clean from your system that we used or may have used.

  • It should ask if you want to clean up, select Yes and allow the system to clean up these items.

    NOW
    please reboot your computer to finish the cleanup process

Link to post
Share on other sites

  • Root Admin

Great, all looks good now. Glad to hear you're back to normal on the PC. Take care and stay safe out there.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.

Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • Check Turn off System Restore.

  • Click Apply, and then click OK.

  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • UN-Check *Turn off System Restore*.

  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster

Download it from
here

Find here the tutorial on how to use Spyware Blaster
here

Install WinPatrol

Download it from
here

Here you can find information about how WinPatrol works
here

Install FireTrust SiteHound

You can find information and download it from
here

Install hpHosts

Download it from
here

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,

tracking and malicious websites. This prevents your computer from connecting to these untrusted sites

by redirecting them to 127.0.0.1 which is your own local computer.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Visit Microsoft often to get the latest updates for your computer.

Note 1:

If you are running Windows XP
SP2
, you should upgrade to
SP3
.

Note 2:

Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.

The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.

I recommend
Online Armor Free

A little outdated but good reading on

how to prevent Malware

Keep safe online and happy surfing.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.