I'm kevinf80 and I will be helping with any malware issues you may have with your system.
Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.
Please proceed as follows :-
Step 1
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
O1 - Hosts: 207.7.142.44 iwalton.com O1 - Hosts: 207.7.142.44 www.iwalton.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file) O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
Now
close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
Reboot.
Step 2
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Don`t forget
Combofix must be saved to your desktop.
<--Very important
Ensure you have
disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<---Very important
Please include the
C:\ComboFix.txt in your next reply for further review.
Examples of how to disable realtime protection available at the following link :-
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
*EXTRA NOTES*
If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
Step 3
Download Security Check by screen317 from
HERE or
HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Thank you so much for your help on this. I'm not as familiar with this system as my old one so I'm not sure what's on it, but I did uninstall p2p software that I could see and ran the Combofix and the Security Checks. I am turing my firewall back on and my Norton AntiVirus to make sure nothing else comes in but here are the notes you requested.
Again, thank you
Melisse
Results of screen317's Security Check version 0.99.6 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Norton Internet Security ``````````````````````````````` Anti-malware/Other Utilities Check: Spyware Doctor 7.0 Windows Defender Signatures Adobe Flash Player 10.0.22.87 Adobe Reader 7.0.9 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
ComboFix 10-12-03.01 - Sean 12/03/2010 22:06:39.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1298 [GMT -8:00] Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk] backup=c:\windows\pss\SmartCapture.lnkCommon Startup backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk] backup=c:\windows\pss\Norton Disk Doctor.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180ClientStubInstall HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion
We need to install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. It may also be useful in the future.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named to the Desktop.
Note: If you have SP2 or SP3, use the SP2 package.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console
at the next prompt, click 'No' we do not want to run ComboFix scan at this stage.
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Step 3
Run ESET Online Scan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Leave the tick out of remove found threats
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push
You can refer to this animation by neomage if needed. Frequently asked questions available HerePlease read them before running the scan.
Also be aware this scan can take several hours to complete depending on the size of your system.
Recovery Console - now it is confirmed there. I did what the instructions said to drag the file icon over to combofix and combofix started so I "assumed" it had done the console install. Couldn't tell you if the dialog boxes came up, but now it does show as there.
Below is all the data from the different logs:
This is from Combofix:
ComboFix 10-12-03.03 - Sean 12/04/2010 11:33:34.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1467 [GMT -8:00] Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sean\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
c:\docume~1\Sean\LOCALS~1\Temp\IadHide4.dll c:\documents and settings\Sean\Local Settings\Temp\IadHide4.dll c:\windows\Imgtask.exe
. ((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 ))))))))))))))))))))))))))))))) .
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk] backup=c:\windows\pss\SmartCapture.lnkCommon Startup backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk] backup=c:\windows\pss\Norton Disk Doctor.lnkStartup
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 4A056E8C13940D4F389E08A543F233C6
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{2850BDC7-2330-4E31-9FA0-88268846539A} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
Registry Values Infected: (No malicious items detected)
Registry Data Items Infected: (No malicious items detected)
Folders Infected: (No malicious items detected)
Files Infected: (No malicious items detected)
This is from ESET:
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan C:\Documents and Settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe probably a variant of Win32/Genetik trojan C:\Documents and Settings\Sean\My Documents\Azureus Downloads\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE\keygen.exe probably a variant of Win32/TrojanDownloader.Obfuscated.GAHTPOW trojan C:\Qoobox\Quarantine\C\WINDOWS\Imgtask.exe.vir Win32/AutoRun.AEU worm C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1231\A0235291.exe Win32/AutoRun.AEU worm
We have very strict forum rules regarding illega/cracked software, I also did include that very warning in my opening post. From the ESET log the following is flagged:
C:\Documents and Settings\Sean\My Documents\Azureus Downloads\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE\keygen.exe probably a variant of Win32/TrojanDownloader.Obfuscated.GAHTPOW trojan
As you can see this is an illegal download with a key generator to avoid paying for a licence. As per forum policy my help stops here, the thread will be referred to Admin and subsequently locked.
Kevin and if the Administrator, if monitoring. I do not use pirated software. I have licenses for all the software I have on this machine and I've been honest about what I have relayed to you. I relayed in the beginning this system was given to me and I moved my software from my system to this one not realizing it was loaded with viruses and such and it still has problem and I ask that you help me. I am dead in the water without your help. PLEASE, PLEASE DON'T JUST LEAVE ME OUT HERE AFTER WE HAVE STARTED THIS PROCESS!!! IF YOU DO I'M STUCK AND DON'T KNOW WHAT TO DO NEXT.
I`ve asked Admin to hold off locking your thread, i`m prepared to accept your word, Dell are very strict and may not. We`ll see what happens. As follows please:
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in between the dotted lines below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Post the CF log in your reply, also let me know how your system is responding and if you have any specific issues or concerns.
Also be aware you cannot run two Antivirus programs together. You have Norton I.S. and Spywaredoctor with AV. You will have to uninstall SpywareDoctor AV.
Kevin - thank you and I do thank the admin people (either way). You see what is booting and I don't have much software on the system, but what I have is mine--licensed and paid for. Anything that was here prior, I do not know, but I guess I would have to take responsibility if the admin people decide otherwise. I don't want you taking any chances that they would cause you difficulty so I would understand if the thread is locked. I unloaded allot and deleted allot since putting my software on the system and found more yesterday that was removed. Tried to install NVidia driver and still not working. Tried to update windows and it still fails to update--it just says it didn't install. Also, regarding Spywaredoctor, I downloaded the software and ran the spyware scan but didn't buy the AV because I already had Norton on the system first. Was intending to uninstall it anyway because I had already purchased Norton. Thank you again. I will wait to hear back. I don't know what Azureus is. What is it?
Here is the log info:
ComboFix 10-12-04.03 - Sean 12/05/2010 19:00:54.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1459 [GMT -8:00] Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE :: "c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe" "c:\documents and settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe" .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe c:\documents and settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe c:\documents and settings\Sean\My Documents\Azureus Downloads c:\documents and settings\Sean\My Documents\Azureus Downloads\3OH!3 - WANT available now - DONT TRUST ME.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 01 intro.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 02 in_dying_days.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 03 my_fears_have_become_phobias.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 04 hester_prynne.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 05 pouring_reign.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 06 the_brighter_side_of_suffering.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 07 the_beautiful_mistake.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 08 strife_(chug_chug).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 09 beneath_the_surface.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 10 legends_never_die.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\Readme.txt c:\documents and settings\Sean\My Documents\Azureus Downloads\BB.APDouble.wmv c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\benny_benassi-best_of_benny_benassi-(2007)-back.jpg c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\benny_benassi-best_of_benny_benassi-(2007)-front.jpg c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\101-benny_benassi-whos_your_daddy.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\102-benny_benassi-stop_go.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\103-benny_benassi-b_tone.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\104-benny_benassi-satisfaction.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\105-benny_benassi-time.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\106-benny_benassi-able_to_love.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\107-benny_benassi-get_loose.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\108-benny_benassi-put_your_hands_up.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\109-benny_benassi-i_love_my_sex.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\110-benny_benassi-love_is_gonna_save_us.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\111-benny_benassi-no_matter_what_you_do.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\112-benny_benassi-feel_alive.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\113-benny_benassi-rocket_in_the_sky.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\114-benny_benassi-every_single_day.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\201-benny_benassi-in_tango_(sfaction_extended).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\202-benny_benassi-get_better_(sfaction_reloaded_mix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\203-benny_benassi-no_no_no_(sfaction_mix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\204-benny_benassi-miles_of_love_(beeside_radio_edit).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\205-benny_benassi-love_is_gonna_save_us_(remix_2007).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\206-benny_benassi-whos_your_daddy_(fuzzy_hair_remix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\207-benny_benassi-stop_go_(b_side_mix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\208-benny_benassi-no_matter_what_you_do_(vision_x_long_mix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\209-benny_benassi-satisfaction_(b.deep_remix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\210-benny_benassi-illusion_(sfaction_mix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\211-benny_benassi-rocket_in_the_sky_(club_mix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\212-benny_benassi-feel_alive_(fuzzy_hair_vocal_mix).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\213-benny_benassi-bootleg_megamix.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\Thumbs.db c:\documents and settings\Sean\My Documents\Azureus Downloads\Flo-Rida_Ft_Wynter_Gordon-Sugar.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\01-God Forbid-Article I- The Twilight of Civilization, Section I- The End of the Worl.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\02-God Forbid-Article I- The Twilight of Civilization, Section 2- Chains of Humanity.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\03-God Forbid-Article I- The Twilight of Civilization, Section 3- Into the Wasteland.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\04-God Forbid-Article II- In the Darkest Hour, There Was One, Section 4- The Lonely D.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\05-God Forbid-Article II- In the Darkest Hour, There Was One, Section 5- Divinity.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\06-God Forbid-Article II- In the Darkest Hour, There Was One, Section 6- Under This F.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\07-God Forbid-Article II- In the Darkest Hour, There Was One, Section 7- To the Falle.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\08-God Forbid-Article III- Devolution, Section 8- Welcome to the Apocalypse (Preamble.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\09-God Forbid-Article III- Devolution, Section 9- Constitution of Treason.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\10-God Forbid-Article III- Devolution, Section 10- Crucify Your Beliefs.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\AlbumArt.jpg c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\Rockbits.url c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\Tracked_by_Demonoid_com.txt c:\documents and settings\Sean\My Documents\Azureus Downloads\Kelly Clarkson - My Life Would Suck Without You.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Keri Hilson ft Kanye West ft Ne-Yo - Knock You Down.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Know Your Enemy.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Lady Gaga ft. Colby O Donis - Just Dance.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.m3u c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.nfo c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.sfv c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00.Click here for more music.url c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00.Promoleak.com ANd DJLeak.com PROMO USE ONLY.txt c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\01-maino_ft_t-pain-all_the_above_(radio)-whoa.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\02-maino_ft_t-pain-all_the_above_(instrumental)-whoa.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\03-maino_ft_t-pain-all_the_above_(explicit)-whoa.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.m3u c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.nfo c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.sfv c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\01-ne-yo-closer.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\02-ne-yo-nobody.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\03-ne-yo-single.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\04-ne-yo-mad.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\05-ne-yo-miss_independent.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\06-ne-yo-why_does_she_stay.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\07-ne-yo-fade_into_the_background.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\08-ne-yo-so_you_can_cry.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\09-ne-yo-part_of_the_list.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\10-ne-yo-back_to_what_you_know.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\11-ne-yo-lie_to_me.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\12-ne-yo-stop_this_world.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\ne-yo-year_of_the_gentleman-(2008)-front.jpg c:\documents and settings\Sean\My Documents\Azureus Downloads\The All American Rejects - Gives You Hell.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Fray - You Found Me.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\01 Who Said We're Wack.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\02 Santana DVX (feat. E-40).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\03 Jizz In My Pants.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\04 I'm On A Boat (feat. T-Pain).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\05 Sax Man (feat. Jack Black).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\06 Lazy Sunday (feat. Chris Parnell).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\07 Normal Guy (Interlude).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\08 Boombox (feat. Julian Casablancas.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\09 Shrooms (Interlude).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\10 Like A Boss.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\11 We Like Sportz.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\12 Dreamgirl (feat. Norah Jones).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\13 Ras Trent.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\14 *** In A Box (feat. Justin Timbe.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\15 The Old Saloon (Interlude).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\16 Punch You In The Jeans.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\17 Space Olympics.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\18 Natalie's Rap (feat. Natalie Port.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\19 Incredibad.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\AlbumArtSmall.jpg c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\cover.jpg c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\Folder.jpg c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\01. Troublesome 96'.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\02. Brenda's Got A Baby.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\03. I Ain't Mad At Cha.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\04. I Get Around.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\05. Changes.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\06. California Love (Original Version).mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\07. Picture Me Rollin'.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\08. How Long Will They Mourn Me.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\09. Toss It Up.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\10. Dear Mama.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\11. All About U.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\12. To Live & Die In L.A..mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\13. Heartz Of Men.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\14. Keep Ya Head Up.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\15. 2 Of Amerikaz Most Wanted.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\16. Temptations.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\17. God Bless The Dead.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\18. Hail Mary.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\19. Me Against The World.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\20. How Do U Want It.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\21. So Many Tears.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\22. Unconditional Love.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\23. Trapped.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\24. Life Goes On.mp3 c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\25. Hit 'Em Up.mp3
. ((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 ))))))))))))))))))))))))))))))) .
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk] backup=c:\windows\pss\SmartCapture.lnkCommon Startup backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk] backup=c:\windows\pss\Norton Disk Doctor.lnkStartup
Azureus is a program used for d/l torrents from P2P sites (file sharing), whilst the program maybe classed as legal, its activities aint. As follows please:
Step 1
Please re-open HiJackThis and scan only. Check the boxes next to the entry listed below.
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot
Step 2
Please download OTM by OldTimer. Alternative Mirror Save it to your desktop. Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): -------------------------------------------------------------------
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Step 3
Re-open Malwarebytes and check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
kevinf80_1d0ac6
1.1K Posts
0
December 2nd, 2010 15:00
I'm kevinf80 and I will be helping with any malware issues you may have with your system.
Please proceed as follows :-
Step 1
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
O1 - Hosts: 207.7.142.44 iwalton.com
O1 - Hosts: 207.7.142.44 www.iwalton.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot.
Step 2
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Combofix
Don`t forget Combofix must be saved to your desktop. <--Very important
Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important
Please include the C:\ComboFix.txt in your next reply for further review.
Examples of how to disable realtime protection available at the following link :-
Disable realtime protection
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
*EXTRA NOTES*
Step 3
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
What i`d like to see in your reply :-
Kevin
caherbear
11 Posts
0
December 3rd, 2010 22:00
Hi Kevin
Thank you so much for your help on this. I'm not as familiar with this system as my old one so I'm not sure what's on it, but I did uninstall p2p software that I could see and ran the Combofix and the Security Checks. I am turing my firewall back on and my Norton AntiVirus to make sure nothing else comes in but here are the notes you requested.
Again, thank you
Melisse
Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Doctor 7.0
Windows Defender Signatures
Adobe Flash Player 10.0.22.87
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
ComboFix 10-12-03.01 - Sean 12/03/2010 22:06:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1298 [GMT -8:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Sean\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Sean\Local Settings\Temp\IadHide4.dll
c:\program files\Common Files\inetget
c:\windows\system32\_003275_.tmp.dll
c:\windows\system32\_003276_.tmp.dll
c:\windows\system32\_003277_.tmp.dll
c:\windows\system32\_003278_.tmp.dll
c:\windows\system32\_003280_.tmp.dll
c:\windows\system32\_003281_.tmp.dll
c:\windows\system32\_003282_.tmp.dll
c:\windows\system32\_003283_.tmp.dll
c:\windows\system32\_003285_.tmp.dll
c:\windows\system32\_003286_.tmp.dll
c:\windows\system32\_003287_.tmp.dll
c:\windows\system32\_003288_.tmp.dll
c:\windows\system32\_003290_.tmp.dll
c:\windows\system32\_003291_.tmp.dll
c:\windows\system32\_003294_.tmp.dll
c:\windows\system32\_003295_.tmp.dll
c:\windows\system32\_003297_.tmp.dll
c:\windows\system32\_003298_.tmp.dll
c:\windows\system32\_003299_.tmp.dll
c:\windows\system32\_003301_.tmp.dll
c:\windows\system32\_003302_.tmp.dll
c:\windows\system32\_003303_.tmp.dll
c:\windows\system32\_003304_.tmp.dll
c:\windows\system32\_003305_.tmp.dll
c:\windows\system32\_003306_.tmp.dll
c:\windows\system32\_003308_.tmp.dll
c:\windows\system32\_003309_.tmp.dll
c:\windows\system32\_003310_.tmp.dll
c:\windows\system32\_003311_.tmp.dll
c:\windows\system32\_003312_.tmp.dll
c:\windows\system32\_003315_.tmp.dll
c:\windows\system32\_003316_.tmp.dll
c:\windows\system32\_003317_.tmp.dll
c:\windows\system32\_003318_.tmp.dll
c:\windows\system32\_003319_.tmp.dll
c:\windows\system32\_003320_.tmp.dll
c:\windows\system32\_003321_.tmp.dll
c:\windows\system32\_003322_.tmp.dll
c:\windows\system32\_003324_.tmp.dll
c:\windows\system32\_003325_.tmp.dll
c:\windows\system32\_003326_.tmp.dll
c:\windows\system32\_003327_.tmp.dll
c:\windows\system32\_003328_.tmp.dll
c:\windows\system32\_003329_.tmp.dll
c:\windows\system32\_003330_.tmp.dll
c:\windows\system32\_003331_.tmp.dll
c:\windows\system32\_003333_.tmp.dll
c:\windows\system32\_003334_.tmp.dll
c:\windows\system32\_003335_.tmp.dll
c:\windows\system32\_003336_.tmp.dll
c:\windows\system32\_003339_.tmp.dll
c:\windows\system32\_003340_.tmp.dll
c:\windows\system32\_003344_.tmp.dll
c:\windows\system32\_003345_.tmp.dll
c:\windows\system32\_003347_.tmp.dll
c:\windows\system32\_003350_.tmp.dll
c:\windows\system32\_003352_.tmp.dll
c:\windows\system32\_003353_.tmp.dll
c:\windows\system32\_003354_.tmp.dll
c:\windows\system32\_003355_.tmp.dll
c:\windows\system32\_003358_.tmp.dll
c:\windows\system32\_003359_.tmp.dll
c:\windows\system32\_003360_.tmp.dll
c:\windows\system32\_003361_.tmp.dll
c:\windows\system32\_003362_.tmp.dll
c:\windows\system32\_003367_.tmp.dll
c:\windows\system32\_003369_.tmp.dll
c:\windows\system32\Data
c:\windows\system32\drivers\oreans32.sys
c:\windows\system32\Packet.dll
c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LSASS
-------\Legacy_USNJSVC
-------\Service_usnjsvc
-------\Legacy_oreans32
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.
2010-12-04 03:50 . 2010-12-04 03:50 -------- d-----w- C:\0ea602513249ed22e8382964b7a741
2010-12-04 03:21 . 2010-12-04 03:22 -------- d-----w- C:\52877e3b958102365cea9b
2010-12-02 05:10 . 2010-12-02 05:10 -------- d-----w- C:\c1048a79a9488be177a5
2010-12-02 04:56 . 2010-12-02 04:56 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-02 04:56 . 2010-12-02 04:56 -------- d-----w- c:\program files\Trend Micro
2010-12-02 02:01 . 2010-12-02 02:01 -------- d-----w- C:\4cff4245cc575733e0e2655562
2010-12-01 14:50 . 2010-12-01 15:12 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\NPE
2010-12-01 02:01 . 2010-12-01 02:01 -------- d-----w- C:\6e2f003d31b06c8d60edeb19d41f6c
2010-11-30 07:17 . 2010-11-30 07:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-11-30 03:02 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-30 03:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-30 02:31 . 2010-11-30 02:31 -------- d-----w- c:\documents and settings\Sean\Application Data\Tific
2010-11-30 02:30 . 2010-11-30 02:30 -------- d-----w- C:\33650413c6799b40b0477e76
2010-11-29 05:21 . 2010-02-02 18:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-11-29 05:15 . 2010-02-05 17:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-29 05:14 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-29 05:14 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-29 05:14 . 2010-02-05 17:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-29 05:14 . 2010-12-04 04:46 -------- d-----w- c:\program files\Spyware Doctor
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-29 05:14 . 2010-11-29 05:14 -------- d-----w- c:\documents and settings\Sean\Application Data\PC Tools
2010-11-29 05:10 . 2010-11-29 05:13 -------- d-----w- c:\documents and settings\Sean\Application Data\GetRightToGo
2010-11-29 02:40 . 2006-10-22 20:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-11-28 23:34 . 2010-11-28 23:34 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\PCHealth
2010-11-28 23:25 . 2006-04-10 22:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-11-28 23:25 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-11-28 23:22 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-11-28 22:27 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 22:27 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 22:27 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 22:20 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-11-28 22:17 . 2010-11-29 03:53 -------- d-----w- c:\windows\ServicePackFiles
2010-11-28 22:15 . 2010-11-28 22:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-11-28 22:12 . 2006-10-22 23:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-11-28 20:40 . 2010-11-28 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer
2010-11-28 20:38 . 2008-04-02 23:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-11-28 20:38 . 2008-04-02 23:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-11-28 20:38 . 2008-04-02 23:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-11-28 20:38 . 2010-11-29 02:46 -------- d-----w- c:\program files\Norton Utilities 14
2010-11-28 20:22 . 2010-11-28 20:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-28 20:22 . 2010-11-28 20:22 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-28 20:22 . 2010-11-28 20:22 -------- d-----w- c:\program files\Symantec
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\windows\system32\drivers\NIS
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Norton Internet Security
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Windows Sidebar
2010-11-28 19:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-28 19:26 . 2010-11-28 19:27 -------- d-----w- c:\windows\NV10921556.TMP
2010-11-28 19:25 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-11-28 19:23 . 2010-11-28 19:23 -------- d-----w- C:\NVIDIA
2010-11-28 18:01 . 2010-11-28 18:01 -------- d-----w- c:\program files\Hewlett-Packard
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intuit
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ServiceTest
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Unused Desktop Shortcuts
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\PrivacIE
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IETldCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IECompatCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.thumbnails
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.gimp-2.4
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Laplink
2010-11-28 03:07 . 2010-11-28 03:07 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Windows Live Writer
2010-11-28 03:06 . 2010-11-28 03:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-11-28 03:04 . 2010-11-28 03:05 -------- d-----w- C:\RV
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\PROVW21
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----r- C:\MSOCache
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\esfax
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\EPSONREG
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\Envision
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\DVDFab_Temp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\drvrtmp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\92f970bc563b815c829108
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\44781b6fa44d731cd457aca8a8
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Seiko
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Motive
2010-11-28 02:47 . 2010-11-28 02:47 -------- d--h--w- c:\windows\ie8
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\DRIVERS
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\.jagex_cache_32
2010-11-28 02:41 . 2010-11-28 02:42 -------- d-----w- c:\program files\Windows Live Toolbar
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live Favorites
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Western Digital
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Webroot
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\WebEx
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VZBB Toolbar
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VSO
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\Virtual Earth 3D
2010-11-28 02:37 . 2010-11-28 02:39 -------- d-----w- c:\program files\Verizon Online
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\verizon
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TurboTax
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TomTom International B.V
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TechSmith
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\SupportSoft
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Smart Label
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Samsung
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Research In Motion
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Reference Assemblies
2010-11-28 02:33 . 2010-11-28 02:36 -------- d-----w- c:\program files\QUICKEN
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Pure Networks
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm Digital Media
2010-11-28 02:30 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\OfficeUpdate11
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\NortonInstaller
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Nero
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MsnMusic
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSECache
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSBuild
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Motive
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft.NET
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-28 02:28 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft Picture It! 9
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-11-28 02:24 . 2010-11-28 02:28 -------- d-----w- c:\program files\iTunes
2010-11-28 02:24 . 2010-11-28 02:24 -------- d-----w- c:\program files\ItsDeductible2005
2010-11-28 02:21 . 2010-11-28 02:24 -------- d-----w- c:\program files\HP
2010-11-28 02:20 . 2010-11-28 02:20 -------- d-----w- c:\program files\Flip Video
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 20:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-10 17:51 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-10 17:51 389120 ----a-w- c:\windows\system32\html.iec
2003-08-27 21:19 . 2005-09-12 01:53 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 20480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-11-28 4093288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 132248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-24 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-12-24 581632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk]
backup=c:\windows\pss\SmartCapture.lnkCommon Startup
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk]
backup=c:\windows\pss\Norton Disk Doctor.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180ClientStubInstall
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136534396\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-04-14 02:51 385024 ----a-w- c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 20:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 20:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 20:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-08 23:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"GEARSecurity"=2 (0x2)
"WinDefend"=2 (0x2)
"Norton Ghost"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"gusvc"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 9:14 PM 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/28/2010 12:22 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/28/2010 12:22 PM 666672]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/28/2010 9:21 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/28/2010 9:21 PM 59664]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 6:20 PM 691248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/28/2010 9:15 PM 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/28/2010 12:22 PM 134704]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/28/2010 12:22 PM 126904]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 10:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 10:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 10:32 AM 482304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2010 4:06 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101130.001\IDSXpx86.sys [10/19/2010 12:36 PM 341880]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 6:10 PM 347648]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter(R);Belkin Belkin 11Mbps Wireless USB Network Adapter(R) Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\bkusbxp.sys --> c:\windows\system32\DRIVERS\bkusbxp.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/27/2010 2:54 PM 4736]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/28/2010 9:14 PM 70408]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/27/2010 2:54 PM 8960]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 9:14 PM 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/28/2010 9:21 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 wuddvvondl;wuddvvondl;\??\c:\program files\Mozilla Firefox\wuddvvondl.sys --> c:\program files\Mozilla Firefox\wuddvvondl.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
2010-12-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: { {1F958B09-3312-7f0e-9723-4C1324C57B20}
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
AddRemove-Lavasoft VX2 Cleaner - c:\progra~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 22:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2637955601-3924065142-218781117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(800)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-12-03 22:41:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-04 06:41
Pre-Run: 404,484,096 bytes free
Post-Run: 4,186,816,512 bytes free
- - End Of File - - 95FA479832112946D3F02C36FEE61DA6
kevinf80_1d0ac6
1.1K Posts
0
December 4th, 2010 02:00
Hiya caherbear,
Proceed as follows please :-
Step 1
We need to install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. It may also be useful in the future.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named to the Desktop.
Note: If you have SP2 or SP3, use the SP2 package.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Step 2
Alernative D/L mirror
Alternative D/L mirror
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Step 3
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.
Also be aware this scan can take several hours to complete depending on the size of your
system.
What i`d like in your reply :-
Kevin
caherbear
11 Posts
0
December 4th, 2010 15:00
Hi Kevin
Recovery Console - now it is confirmed there. I did what the instructions said to drag the file icon over to combofix and combofix started so I "assumed" it had done the console install. Couldn't tell you if the dialog boxes came up, but now it does show as there.
Below is all the data from the different logs:
This is from Combofix:
ComboFix 10-12-03.03 - Sean 12/04/2010 11:33:34.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1467 [GMT -8:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Sean\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Sean\Local Settings\Temp\IadHide4.dll
c:\windows\Imgtask.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.
2010-12-04 07:11 . 2010-12-04 07:34 -------- d-----w- C:\9a08679f2544edbe6ef9ff
2010-12-04 03:50 . 2010-12-04 03:50 -------- d-----w- C:\0ea602513249ed22e8382964b7a741
2010-12-04 03:21 . 2010-12-04 03:22 -------- d-----w- C:\52877e3b958102365cea9b
2010-12-02 05:10 . 2010-12-02 05:10 -------- d-----w- C:\c1048a79a9488be177a5
2010-12-02 04:56 . 2010-12-02 04:56 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-02 04:56 . 2010-12-02 04:56 -------- d-----w- c:\program files\Trend Micro
2010-12-02 02:01 . 2010-12-02 02:01 -------- d-----w- C:\4cff4245cc575733e0e2655562
2010-12-01 14:50 . 2010-12-01 15:12 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\NPE
2010-12-01 02:01 . 2010-12-01 02:01 -------- d-----w- C:\6e2f003d31b06c8d60edeb19d41f6c
2010-11-30 07:17 . 2010-11-30 07:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-11-30 03:02 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-30 03:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-30 02:31 . 2010-11-30 02:31 -------- d-----w- c:\documents and settings\Sean\Application Data\Tific
2010-11-30 02:30 . 2010-11-30 02:30 -------- d-----w- C:\33650413c6799b40b0477e76
2010-11-29 05:21 . 2010-02-02 18:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-11-29 05:15 . 2010-02-05 17:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-29 05:14 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-29 05:14 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-29 05:14 . 2010-02-05 17:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-29 05:14 . 2010-12-04 04:46 -------- d-----w- c:\program files\Spyware Doctor
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-29 05:14 . 2010-11-29 05:14 -------- d-----w- c:\documents and settings\Sean\Application Data\PC Tools
2010-11-29 05:10 . 2010-11-29 05:13 -------- d-----w- c:\documents and settings\Sean\Application Data\GetRightToGo
2010-11-28 23:34 . 2010-11-28 23:34 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\PCHealth
2010-11-28 23:25 . 2006-04-10 22:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-11-28 23:25 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-11-28 23:22 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-11-28 22:27 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 22:27 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 22:27 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 22:20 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-11-28 22:17 . 2010-11-29 03:53 -------- d-----w- c:\windows\ServicePackFiles
2010-11-28 22:15 . 2010-11-28 22:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-11-28 20:40 . 2010-11-28 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer
2010-11-28 20:38 . 2008-04-02 23:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-11-28 20:38 . 2008-04-02 23:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-11-28 20:38 . 2008-04-02 23:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-11-28 20:38 . 2010-11-29 02:46 -------- d-----w- c:\program files\Norton Utilities 14
2010-11-28 20:22 . 2010-11-28 20:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-28 20:22 . 2010-11-28 20:22 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-28 20:22 . 2010-11-28 20:22 -------- d-----w- c:\program files\Symantec
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\windows\system32\drivers\NIS
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Norton Internet Security
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Windows Sidebar
2010-11-28 19:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-28 19:26 . 2010-11-28 19:27 -------- d-----w- c:\windows\NV10921556.TMP
2010-11-28 19:25 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-11-28 19:23 . 2010-11-28 19:23 -------- d-----w- C:\NVIDIA
2010-11-28 18:01 . 2010-11-28 18:01 -------- d-----w- c:\program files\Hewlett-Packard
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intuit
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ServiceTest
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Unused Desktop Shortcuts
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\PrivacIE
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IETldCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IECompatCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.thumbnails
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.gimp-2.4
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Laplink
2010-11-28 03:07 . 2010-11-28 03:07 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Windows Live Writer
2010-11-28 03:06 . 2010-11-28 03:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-11-28 03:04 . 2010-11-28 03:05 -------- d-----w- C:\RV
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\PROVW21
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----r- C:\MSOCache
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\esfax
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\EPSONREG
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\Envision
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\DVDFab_Temp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\drvrtmp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\92f970bc563b815c829108
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\44781b6fa44d731cd457aca8a8
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Seiko
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Motive
2010-11-28 02:47 . 2010-11-28 02:47 -------- d--h--w- c:\windows\ie8
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\DRIVERS
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\.jagex_cache_32
2010-11-28 02:41 . 2010-11-28 02:42 -------- d-----w- c:\program files\Windows Live Toolbar
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live Favorites
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Western Digital
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Webroot
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\WebEx
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VZBB Toolbar
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VSO
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\Virtual Earth 3D
2010-11-28 02:37 . 2010-11-28 02:39 -------- d-----w- c:\program files\Verizon Online
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\verizon
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TurboTax
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TomTom International B.V
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TechSmith
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\SupportSoft
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Smart Label
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Samsung
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Research In Motion
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Reference Assemblies
2010-11-28 02:33 . 2010-11-28 02:36 -------- d-----w- c:\program files\QUICKEN
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Pure Networks
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm Digital Media
2010-11-28 02:30 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\OfficeUpdate11
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\NortonInstaller
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Nero
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MsnMusic
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSECache
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSBuild
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Motive
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft.NET
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-28 02:28 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft Picture It! 9
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-11-28 02:28 . 2010-11-28 02:28 -------- d-----w- c:\program files\Microsoft AntiSpyware
2010-11-28 02:24 . 2010-11-28 02:28 -------- d-----w- c:\program files\iTunes
2010-11-28 02:24 . 2010-11-28 02:24 -------- d-----w- c:\program files\ItsDeductible2005
2010-11-28 02:21 . 2010-11-28 02:24 -------- d-----w- c:\program files\HP
2010-11-28 02:20 . 2010-11-28 02:20 -------- d-----w- c:\program files\Flip Video
2010-11-28 02:20 . 2010-11-28 02:20 -------- d-----w- c:\program files\Fax Machine
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 20:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-10 17:51 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-10 17:51 389120 ----a-w- c:\windows\system32\html.iec
2003-08-27 21:19 . 2005-09-12 01:53 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 20480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-11-28 4093288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 132248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-24 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-12-24 581632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk]
backup=c:\windows\pss\SmartCapture.lnkCommon Startup
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk]
backup=c:\windows\pss\Norton Disk Doctor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136534396\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-04-14 02:51 385024 ----a-w- c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-08 23:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"GEARSecurity"=2 (0x2)
"WinDefend"=2 (0x2)
"Norton Ghost"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"gusvc"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 9:14 PM 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/28/2010 12:22 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/28/2010 12:22 PM 666672]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/28/2010 9:21 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/28/2010 9:21 PM 59664]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 6:20 PM 691248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/28/2010 9:15 PM 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/28/2010 12:22 PM 134704]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/28/2010 12:22 PM 126904]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 10:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 10:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 10:32 AM 482304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2010 4:06 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101130.001\IDSXpx86.sys [10/19/2010 12:36 PM 341880]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 6:10 PM 347648]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter(R);Belkin Belkin 11Mbps Wireless USB Network Adapter(R) Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\bkusbxp.sys --> c:\windows\system32\DRIVERS\bkusbxp.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/27/2010 2:54 PM 4736]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/28/2010 9:14 PM 70408]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/27/2010 2:54 PM 8960]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 9:14 PM 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/28/2010 9:21 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 wuddvvondl;wuddvvondl;\??\c:\program files\Mozilla Firefox\wuddvvondl.sys --> c:\program files\Mozilla Firefox\wuddvvondl.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
2010-12-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: { {1F958B09-3312-7f0e-9723-4C1324C57B20}
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - nwiz.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 11:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2637955601-3924065142-218781117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(748)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Norton Utilities 14\update.exe
.
**************************************************************************
.
Completion time: 2010-12-04 11:57:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-04 19:57
ComboFix2.txt 2010-12-04 06:41
Pre-Run: 3,584,061,440 bytes free
Post-Run: 3,816,243,200 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 4A056E8C13940D4F389E08A543F233C6
Below from Malwarebytes:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5245
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
12/4/2010 12:49:21 PM
mbam-log-2010-12-04 (12-49-21).txt
Scan type: Quick scan
Objects scanned: 173308
Time elapsed: 8 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850BDC7-2330-4E31-9FA0-88268846539A} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
This is from ESET:
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
C:\Documents and Settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Sean\My Documents\Azureus Downloads\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE\keygen.exe probably a variant of Win32/TrojanDownloader.Obfuscated.GAHTPOW trojan
C:\Qoobox\Quarantine\C\WINDOWS\Imgtask.exe.vir Win32/AutoRun.AEU worm
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1231\A0235291.exe Win32/AutoRun.AEU worm
kevinf80_1d0ac6
1.1K Posts
0
December 5th, 2010 02:00
Hello caherbear,
We have very strict forum rules regarding illega/cracked software, I also did include that very warning in my opening post. From the ESET log the following is flagged:
C:\Documents and Settings\Sean\My Documents\Azureus Downloads\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE\keygen.exe probably a variant of Win32/TrojanDownloader.Obfuscated.GAHTPOW trojan
As you can see this is an illegal download with a key generator to avoid paying for a licence. As per forum policy my help stops here, the thread will be referred to Admin and subsequently locked.
kevinf80
caherbear
11 Posts
0
December 5th, 2010 08:00
Kevin and if the Administrator, if monitoring. I do not use pirated software. I have licenses for all the software I have on this machine and I've been honest about what I have relayed to you. I relayed in the beginning this system was given to me and I moved my software from my system to this one not realizing it was loaded with viruses and such and it still has problem and I ask that you help me. I am dead in the water without your help. PLEASE, PLEASE DON'T JUST LEAVE ME OUT HERE AFTER WE HAVE STARTED THIS PROCESS!!! IF YOU DO I'M STUCK AND DON'T KNOW WHAT TO DO NEXT.
kevinf80_1d0ac6
1.1K Posts
0
December 5th, 2010 10:00
I`ve asked Admin to hold off locking your thread, i`m prepared to accept your word, Dell are very strict and may not. We`ll see what happens. As follows please:
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in between the dotted lines below into it:
------------------------------------------------------------------------------------------------------------------------------------------
KillAll::
Folder::
C:\Documents and Settings\Sean\My Documents\Azureus Downloads
File::
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe
C:\Documents and Settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe
RegNull::
[HKEY_USERS\S-1-5-21-2637955601-3924065142-218781117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
-------------------------------------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Post the CF log in your reply, also let me know how your system is responding and if you have any specific issues or concerns.
Also be aware you cannot run two Antivirus programs together. You have Norton I.S. and Spywaredoctor with AV. You will have to uninstall SpywareDoctor AV.
Kevin
caherbear
11 Posts
0
December 5th, 2010 19:00
Kevin - thank you and I do thank the admin people (either way). You see what is booting and I don't have much software on the system, but what I have is mine--licensed and paid for. Anything that was here prior, I do not know, but I guess I would have to take responsibility if the admin people decide otherwise. I don't want you taking any chances that they would cause you difficulty so I would understand if the thread is locked. I unloaded allot and deleted allot since putting my software on the system and found more yesterday that was removed. Tried to install NVidia driver and still not working. Tried to update windows and it still fails to update--it just says it didn't install. Also, regarding Spywaredoctor, I downloaded the software and ran the spyware scan but didn't buy the AV because I already had Norton on the system first. Was intending to uninstall it anyway because I had already purchased Norton. Thank you again. I will wait to hear back. I don't know what Azureus is. What is it?
Here is the log info:
ComboFix 10-12-04.03 - Sean 12/05/2010 19:00:54.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1459 [GMT -8:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe"
"c:\documents and settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe
c:\documents and settings\Sean\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe
c:\documents and settings\Sean\My Documents\Azureus Downloads
c:\documents and settings\Sean\My Documents\Azureus Downloads\3OH!3 - WANT available now - DONT TRUST ME.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 01 intro.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 02 in_dying_days.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 03 my_fears_have_become_phobias.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 04 hester_prynne.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 05 pouring_reign.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 06 the_brighter_side_of_suffering.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 07 the_beautiful_mistake.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 08 strife_(chug_chug).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 09 beneath_the_surface.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\As Blood Runs Black - Allegiance 10 legends_never_die.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\As Blood Runs Black - Allegiance [RH]\Readme.txt
c:\documents and settings\Sean\My Documents\Azureus Downloads\BB.APDouble.wmv
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\benny_benassi-best_of_benny_benassi-(2007)-back.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\benny_benassi-best_of_benny_benassi-(2007)-front.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\101-benny_benassi-whos_your_daddy.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\102-benny_benassi-stop_go.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\103-benny_benassi-b_tone.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\104-benny_benassi-satisfaction.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\105-benny_benassi-time.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\106-benny_benassi-able_to_love.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\107-benny_benassi-get_loose.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\108-benny_benassi-put_your_hands_up.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\109-benny_benassi-i_love_my_sex.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\110-benny_benassi-love_is_gonna_save_us.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\111-benny_benassi-no_matter_what_you_do.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\112-benny_benassi-feel_alive.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\113-benny_benassi-rocket_in_the_sky.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD1\114-benny_benassi-every_single_day.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\201-benny_benassi-in_tango_(sfaction_extended).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\202-benny_benassi-get_better_(sfaction_reloaded_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\203-benny_benassi-no_no_no_(sfaction_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\204-benny_benassi-miles_of_love_(beeside_radio_edit).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\205-benny_benassi-love_is_gonna_save_us_(remix_2007).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\206-benny_benassi-whos_your_daddy_(fuzzy_hair_remix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\207-benny_benassi-stop_go_(b_side_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\208-benny_benassi-no_matter_what_you_do_(vision_x_long_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\209-benny_benassi-satisfaction_(b.deep_remix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\210-benny_benassi-illusion_(sfaction_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\211-benny_benassi-rocket_in_the_sky_(club_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\212-benny_benassi-feel_alive_(fuzzy_hair_vocal_mix).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\CD2\213-benny_benassi-bootleg_megamix.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Benny.Benassi.Best.Of.Benny.Benassi.2007.[WwW.LoKoTorrents.CoM]\Thumbs.db
c:\documents and settings\Sean\My Documents\Azureus Downloads\Flo-Rida_Ft_Wynter_Gordon-Sugar.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\01-God Forbid-Article I- The Twilight of Civilization, Section I- The End of the Worl.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\02-God Forbid-Article I- The Twilight of Civilization, Section 2- Chains of Humanity.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\03-God Forbid-Article I- The Twilight of Civilization, Section 3- Into the Wasteland.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\04-God Forbid-Article II- In the Darkest Hour, There Was One, Section 4- The Lonely D.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\05-God Forbid-Article II- In the Darkest Hour, There Was One, Section 5- Divinity.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\06-God Forbid-Article II- In the Darkest Hour, There Was One, Section 6- Under This F.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\07-God Forbid-Article II- In the Darkest Hour, There Was One, Section 7- To the Falle.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\08-God Forbid-Article III- Devolution, Section 8- Welcome to the Apocalypse (Preamble.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\09-God Forbid-Article III- Devolution, Section 9- Constitution of Treason.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\10-God Forbid-Article III- Devolution, Section 10- Crucify Your Beliefs.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\AlbumArt.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\Rockbits.url
c:\documents and settings\Sean\My Documents\Azureus Downloads\God Forbid - Constitution of Treason\Tracked_by_Demonoid_com.txt
c:\documents and settings\Sean\My Documents\Azureus Downloads\Kelly Clarkson - My Life Would Suck Without You.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Keri Hilson ft Kanye West ft Ne-Yo - Knock You Down.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Know Your Enemy.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Lady Gaga ft. Colby O Donis - Just Dance.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.m3u
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.nfo
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00-maino_ft_t-pain-all_the_above-(promo_cds)-2009-whoa.sfv
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00.Click here for more music.url
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\00.Promoleak.com ANd DJLeak.com PROMO USE ONLY.txt
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\01-maino_ft_t-pain-all_the_above_(radio)-whoa.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\02-maino_ft_t-pain-all_the_above_(instrumental)-whoa.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Maino_Ft_T-Pain-All_The_Above-(Promo_CDS)-2009\03-maino_ft_t-pain-all_the_above_(explicit)-whoa.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.m3u
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.nfo
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\00-ne-yo-year_of_the_gentleman-2008-flm.sfv
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\01-ne-yo-closer.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\02-ne-yo-nobody.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\03-ne-yo-single.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\04-ne-yo-mad.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\05-ne-yo-miss_independent.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\06-ne-yo-why_does_she_stay.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\07-ne-yo-fade_into_the_background.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\08-ne-yo-so_you_can_cry.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\09-ne-yo-part_of_the_list.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\10-ne-yo-back_to_what_you_know.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\11-ne-yo-lie_to_me.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\12-ne-yo-stop_this_world.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Ne-Yo - Year Of The Gentleman (2008) - R&B [www.torrentazos.com]\ne-yo-year_of_the_gentleman-(2008)-front.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\The All American Rejects - Gives You Hell.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Fray - You Found Me.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\01 Who Said We're Wack.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\02 Santana DVX (feat. E-40).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\03 Jizz In My Pants.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\04 I'm On A Boat (feat. T-Pain).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\05 Sax Man (feat. Jack Black).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\06 Lazy Sunday (feat. Chris Parnell).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\07 Normal Guy (Interlude).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\08 Boombox (feat. Julian Casablancas.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\09 Shrooms (Interlude).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\10 Like A Boss.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\11 We Like Sportz.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\12 Dreamgirl (feat. Norah Jones).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\13 Ras Trent.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\14 *** In A Box (feat. Justin Timbe.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\15 The Old Saloon (Interlude).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\16 Punch You In The Jeans.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\17 Space Olympics.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\18 Natalie's Rap (feat. Natalie Port.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\19 Incredibad.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\AlbumArtSmall.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\cover.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\The Lonely Island.Incredibad[2009]MP3@320kbps.NeRoZ\Folder.jpg
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\01. Troublesome 96'.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\02. Brenda's Got A Baby.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\03. I Ain't Mad At Cha.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\04. I Get Around.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\05. Changes.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\06. California Love (Original Version).mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\07. Picture Me Rollin'.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\08. How Long Will They Mourn Me.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\09. Toss It Up.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\10. Dear Mama.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\11. All About U.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\12. To Live & Die In L.A..mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\13. Heartz Of Men.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\14. Keep Ya Head Up.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\15. 2 Of Amerikaz Most Wanted.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\16. Temptations.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\17. God Bless The Dead.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\18. Hail Mary.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\19. Me Against The World.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\20. How Do U Want It.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\21. So Many Tears.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\22. Unconditional Love.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\23. Trapped.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\24. Life Goes On.mp3
c:\documents and settings\Sean\My Documents\Azureus Downloads\Tupac - Greatest Hits\25. Hit 'Em Up.mp3
.
((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
.
2010-12-06 02:23 . 2005-09-20 17:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-12-05 16:31 . 2010-12-05 16:31 -------- d-----w- c:\program files\Bonjour
2010-12-05 00:34 . 2006-10-22 20:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-12-05 00:34 . 2006-10-22 23:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-12-04 20:53 . 2010-12-04 20:53 -------- d-----w- c:\program files\ESET
2010-12-04 20:30 . 2010-12-04 20:30 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2010-12-04 20:30 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-04 20:30 . 2010-12-04 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-04 20:30 . 2010-12-04 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 20:30 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 07:11 . 2010-12-04 07:34 -------- d-----w- C:\9a08679f2544edbe6ef9ff
2010-12-04 03:50 . 2010-12-04 03:50 -------- d-----w- C:\0ea602513249ed22e8382964b7a741
2010-12-04 03:21 . 2010-12-04 03:22 -------- d-----w- C:\52877e3b958102365cea9b
2010-12-02 05:10 . 2010-12-02 05:10 -------- d-----w- C:\c1048a79a9488be177a5
2010-12-02 04:56 . 2010-12-02 04:56 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-02 04:56 . 2010-12-02 04:56 -------- d-----w- c:\program files\Trend Micro
2010-12-02 02:01 . 2010-12-02 02:01 -------- d-----w- C:\4cff4245cc575733e0e2655562
2010-12-01 14:50 . 2010-12-01 15:12 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\NPE
2010-12-01 02:01 . 2010-12-01 02:01 -------- d-----w- C:\6e2f003d31b06c8d60edeb19d41f6c
2010-11-30 07:17 . 2010-11-30 07:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-11-30 03:02 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-30 03:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-30 02:31 . 2010-11-30 02:31 -------- d-----w- c:\documents and settings\Sean\Application Data\Tific
2010-11-30 02:30 . 2010-11-30 02:30 -------- d-----w- C:\33650413c6799b40b0477e76
2010-11-29 05:21 . 2010-02-02 18:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-29 05:21 . 2010-02-02 18:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-11-29 05:15 . 2010-02-05 17:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-29 05:14 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-29 05:14 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-29 05:14 . 2010-02-05 17:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-29 05:14 . 2010-12-04 04:46 -------- d-----w- c:\program files\Spyware Doctor
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-29 05:14 . 2010-11-29 05:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-29 05:14 . 2010-11-29 05:14 -------- d-----w- c:\documents and settings\Sean\Application Data\PC Tools
2010-11-29 05:10 . 2010-11-29 05:13 -------- d-----w- c:\documents and settings\Sean\Application Data\GetRightToGo
2010-11-28 23:34 . 2010-11-28 23:34 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\PCHealth
2010-11-28 23:25 . 2006-04-10 22:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-11-28 23:25 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-11-28 23:22 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-11-28 22:27 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 22:27 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 22:27 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 22:20 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-11-28 22:17 . 2010-11-29 03:53 -------- d-----w- c:\windows\ServicePackFiles
2010-11-28 22:15 . 2010-11-28 22:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-11-28 20:40 . 2010-11-28 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer
2010-11-28 20:38 . 2008-04-02 23:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-11-28 20:38 . 2008-04-02 23:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-11-28 20:38 . 2008-04-02 23:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-11-28 20:38 . 2010-11-29 02:46 -------- d-----w- c:\program files\Norton Utilities 14
2010-11-28 20:22 . 2010-11-28 20:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-28 20:22 . 2010-11-28 20:22 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-28 20:22 . 2010-11-28 20:22 -------- d-----w- c:\program files\Symantec
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\windows\system32\drivers\NIS
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Norton Internet Security
2010-11-28 20:21 . 2010-11-28 20:21 -------- d-----w- c:\program files\Windows Sidebar
2010-11-28 19:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-28 19:26 . 2010-11-28 19:27 -------- d-----w- c:\windows\NV10921556.TMP
2010-11-28 19:25 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-11-28 19:23 . 2010-11-28 19:23 -------- d-----w- C:\NVIDIA
2010-11-28 18:01 . 2010-11-28 18:01 -------- d-----w- c:\program files\Hewlett-Packard
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intuit
2010-11-28 05:14 . 2010-11-28 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ServiceTest
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Unused Desktop Shortcuts
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\PrivacIE
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IETldCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-sh--w- c:\documents and settings\Sean\IECompatCache
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.thumbnails
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\.gimp-2.4
2010-11-28 05:13 . 2010-11-28 05:13 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Laplink
2010-11-28 03:07 . 2010-11-28 03:07 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Windows Live Writer
2010-11-28 03:06 . 2010-11-28 03:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-11-28 03:04 . 2010-11-28 03:05 -------- d-----w- C:\RV
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\PROVW21
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----r- C:\MSOCache
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\esfax
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\EPSONREG
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\Envision
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\DVDFab_Temp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\drvrtmp
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\92f970bc563b815c829108
2010-11-28 03:04 . 2010-11-28 03:04 -------- d-----w- C:\44781b6fa44d731cd457aca8a8
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Seiko
2010-11-28 02:49 . 2010-11-28 02:49 -------- d-----w- c:\windows\Motive
2010-11-28 02:47 . 2010-11-28 02:47 -------- d--h--w- c:\windows\ie8
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\DRIVERS
2010-11-28 02:46 . 2010-11-28 02:46 -------- d-----w- c:\windows\.jagex_cache_32
2010-11-28 02:41 . 2010-11-28 02:42 -------- d-----w- c:\program files\Windows Live Toolbar
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-28 02:41 . 2010-11-28 02:41 -------- d-----w- c:\program files\Windows Live Favorites
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Western Digital
2010-11-28 02:40 . 2010-11-28 02:40 -------- d-----w- c:\program files\Webroot
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\WebEx
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VZBB Toolbar
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\VSO
2010-11-28 02:39 . 2010-11-28 02:39 -------- d-----w- c:\program files\Virtual Earth 3D
2010-11-28 02:37 . 2010-11-28 02:39 -------- d-----w- c:\program files\Verizon Online
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\verizon
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TurboTax
2010-11-28 02:37 . 2010-11-28 02:37 -------- d-----w- c:\program files\TomTom International B.V
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\TechSmith
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\SupportSoft
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Smart Label
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Samsung
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Research In Motion
2010-11-28 02:36 . 2010-11-28 02:36 -------- d-----w- c:\program files\Reference Assemblies
2010-11-28 02:33 . 2010-11-28 02:36 -------- d-----w- c:\program files\QUICKEN
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Pure Networks
2010-11-28 02:32 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm Digital Media
2010-11-28 02:30 . 2010-11-28 02:32 -------- d-----w- c:\program files\Palm
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\OfficeUpdate11
2010-11-28 02:30 . 2010-11-28 02:30 -------- d-----w- c:\program files\NortonInstaller
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Nero
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MsnMusic
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSECache
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\MSBuild
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Motive
2010-11-28 02:29 . 2010-11-28 02:29 -------- d-----w- c:\program files\Microsoft.NET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-18 20:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-10 17:51 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 19:17 . 2010-09-08 19:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 19:17 . 2010-09-08 19:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57 . 2004-08-10 17:51 389120 ----a-w- c:\windows\system32\html.iec
2003-08-27 21:19 . 2005-09-12 01:53 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-25 20480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-11-28 4093288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 132248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-24 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-12-24 581632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartCapture.lnk]
backup=c:\windows\pss\SmartCapture.lnkCommon Startup
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^Norton Disk Doctor.lnk]
backup=c:\windows\pss\Norton Disk Doctor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136534396\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-04-14 02:51 385024 ----a-w- c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-08 23:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"GEARSecurity"=2 (0x2)
"WinDefend"=2 (0x2)
"Norton Ghost"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"gusvc"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136534396\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 9:14 PM 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/28/2010 12:22 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/28/2010 12:22 PM 666672]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/28/2010 9:21 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/28/2010 9:21 PM 59664]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 6:20 PM 691248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/28/2010 9:15 PM 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/28/2010 12:22 PM 134704]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/28/2010 12:22 PM 126904]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 10:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 10:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 10:32 AM 482304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2010 4:06 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101130.001\IDSXpx86.sys [10/19/2010 12:36 PM 341880]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 6:10 PM 347648]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter(R);Belkin Belkin 11Mbps Wireless USB Network Adapter(R) Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\bkusbxp.sys --> c:\windows\system32\DRIVERS\bkusbxp.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/27/2010 2:54 PM 4736]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/28/2010 9:14 PM 70408]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/27/2010 2:54 PM 8960]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 9:14 PM 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/28/2010 9:21 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 wuddvvondl;wuddvvondl;\??\c:\program files\Mozilla Firefox\wuddvvondl.sys --> c:\program files\Mozilla Firefox\wuddvvondl.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
2010-12-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: { {1F958B09-3312-7f0e-9723-4C1324C57B20}
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 19:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2637955601-3924065142-218781117-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(800)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
c:\docume~1\Sean\LOCALS~1\Temp\IadHide4.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-05 19:24:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-06 03:24
ComboFix2.txt 2010-12-04 19:57
ComboFix3.txt 2010-12-04 06:41
Pre-Run: 13,866,393,600 bytes free
Post-Run: 14,179,913,728 bytes free
- - End Of File - - 2D17A21F1AA483B0750133EFEB5BEFC9
kevinf80_1d0ac6
1.1K Posts
0
December 5th, 2010 23:00
Hiya caherbear,
Azureus is a program used for d/l torrents from P2P sites (file sharing), whilst the program maybe classed as legal, its activities aint. As follows please:
Step 1
Please re-open HiJackThis and scan only. Check the boxes next to the entry listed below.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot
Step 2
Please download OTM by OldTimer.
Alternative Mirror
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
-------------------------------------------------------------------
:Files
c:\program files\Mozilla Firefox\wuddvvondl.sys
ipconfig /flushdns /c
:Services
wuddvvondl
:Commands
[EmptyFlash]
[Purity]
[ResetHosts]
[EmptyTemp]
---------------------------------------------------------------------
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Step 3
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
What i`d like in your reply :-
Kevin