Need help cleaning up my wife's computer. hjt log included - Page 2

launch · 11-Apr-2008, 08:20 PM **#16**

00013512 adware/searchaid Adware No 0 Yes No c:\windows\n_zuzjpk.dat
00013512 adware/searchaid Adware No 0 Yes No c:\windows\n_zvdaca.txt
00013512 adware/searchaid Adware No 0 Yes No c:\windows\n_zvkoeq.log
00013512 adware/searchaid Adware No 0 Yes No c:\windows\n_zxlnnn.txt
00018331 adware/gator Adware No 0 Yes No c:\program files\common files\gmt
00018331 adware/gator Adware No 0 Yes No c:\program files\common files\cmeii
00018331 adware/gator Adware No 0 Yes No c:\gatorpatch.log
00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\fleok
00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\saie_kyf.dat
00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\saie_gdf.dat
00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\saieau.dat
00020942 adware/exact.bargainbuddy Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\savenow
00029264 adware/beginto Adware No 0 Yes No c:\windows\system32\dsktrf.dll
00029678 Adware/Gator Adware No 0 Yes No C:\Program Files\Common Files\GMT\egIEEngine.dll
00032724 adware/portalscan Adware No 0 Yes No c:\windows\system32\winupdt.bin
00039209 adware/virtualbouncer Adware No 0 Yes No c:\program files\vbouncer
00039209 adware/virtualbouncer Adware No 0 Yes No c:\documents and settings\all users\application data\vbouncer
00041446 application/myway HackTools No 0 Yes No hkey_local_machine\software\mysearch
00041446 application/myway HackTools No 0 Yes No c:\program files\mysearch
00043761 adware/addestroyer Adware No 0 Yes No c:\program files\addestroyer
00047865 adware/midaddle Adware No 0 Yes No c:\windows\addit.exe
00047935 Adware/TopRebates Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[djtopr1150.exe]
00048303 adware/powersearch Adware No 0 Yes No c:\windows\system32\stlb2.xml
00048606 Adware/AdDestroyer Adware No 0 Yes No C:\Program Files\VBouncer\AdDestroyerInner.EXE
00048606 Adware/AdDestroyer Adware No 0 Yes No C:\Program Files\VBouncer\BundleOuter.EXE
00048620 Adware/TopRebates Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r
00048622 Adware/VirtualBouncer Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\bundles\wrapperouter.exe.vir
00103967 adware/dealhelper Adware No 0 Yes No c:\windows\system32\newmsrdk
00103967 adware/dealhelper Adware No 0 Yes No c:\windows\system32\dealhelper
00117758 HackTool/Jkill.A HackTools No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[jkill.exe]
00118398 Adware/TopRebates Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[disp1150.exe]
00119468 Adware/TopRebates Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[WebRebates0.exe]
00120519 Adware/TopRebates Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[WebRebates1.exe]
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\loan for debt consolidation.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\broadband comparison.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\ab scissor.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\loan for people with bad credit.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\marketing email.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\credit report.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\crm software.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\mortgage insurance.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\debt credit card.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\escorts.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\nevada corporations.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\online betting site.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\online gambling casino.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\online instant loan.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\order phentermine.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\payroll advance.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\personal loans online.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\personal loans with bad credit.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\prescription drugs rx online.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\refinancing my mortgage.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\tahoe vacation rental.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\unsecured bad credit loans.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\fha.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\health insurance.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\videos.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\help desk software.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\mortgage life insurance.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\what is hydrocodone.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\insurance home.url
00134558 spyware/petro-line Spyware No 1 Yes No c:\documents and settings\jen\favorites\sites about\credit counseling.url
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@trafficmp[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Application Data\Mozilla\Firefox\Profiles\2be7mvp4.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Jen\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Jen\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Jen\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Jen\Desktop\SDFix(2).exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\Process.exe
00139558 Adware/BTGrab Adware No 0 Yes No C:\WINDOWS\INF\btgrab.inf
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@tribalfusion[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@bs.serving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Application Data\Mozilla\Firefox\Profiles\2be7mvp4.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Application Data\Mozilla\Firefox\Profiles\2be7mvp4.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Application Data\Mozilla\Firefox\Profiles\2be7mvp4.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@bluestreak[1].txt
00198845 Adware/Beginto Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\1stpublisher.exe.vir[winbbb.dat]
00199066 dialer.clr Dialers No 0 Yes No c:\windows\netes.exe
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@ads.addynamix[2].txt
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Jen\Desktop\SmitfraudFix\restart.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Jen\SmitfraudFix\restart.exe
00527202 Application/PRScheduler HackTools No 0 Yes No C:\DOCUMENTS AND SETTINGS\JEN\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER.EXE
00583761 Adware/VirtualBouncer Adware No 0 Yes No C:\Program Files\VBouncer\VBouncerInner.EXE
00614557 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\bundles\pounder.exe.vir
01048319 Spyware/ClearSearch Spyware No 1 Yes No C:\Program Files\rav1z7zv\yfvo0cwg.DLL
01649983 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Jen\Desktop\CursorManiaSetup2.2.60.6.ZCfox000.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Jen\Desktop\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Jen\SmitfraudFix\Reboot.exe
02551966 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\backups_old\backups.zip[backups/UADCcw.exe]
02830496 Generic Malware Virus/Trojan No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[f_popo1150c_ub.htm]
02839209 Generic Malware Virus/Trojan No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[popo1150c.htm]
02839400 Generic Malware Virus/Trojan No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[spec1150c.htm]
02839485 Generic Malware Virus/Trojan No 0 No No C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vi r[foot1150c_ub.htm]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@advancedcleaner[1].txt
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Jen\Cookies\jen@advancedcleaner[3].txt
02912731 Application/AdvancedCleaner Spyware No 0 Yes No C:\SDFix\backups_old\backups.zip[backups/UADC.exe]
;========================================================================== =========================================================================== ==============================
SUSPECTS
Sent Location -
;========================================================================== =========================================================================== ==============================
;========================================================================== =========================================================================== ==============================
VULNERABILITIES
Id Severity Description -
;========================================================================== =========================================================================== ==============================
;========================================================================== =========================================================================== ==============================

**Byteman** · 10:57 PM

Hi, The McAfee scan results> you did not select Clean as an action to take I think....unless you deleted the items....the scan results show they were Cleanable, but not cleaned? Don't do a scan with McAfee...maybe after what we do here, OK....

Next:

Start up Hijackthis....choose Scan......in your scan results window, put checks into boxes next to any of the items in my list that you have:

O4 - HKLM\..\Run: [q42gyx3] C:\WINDOWS\system32\q42gyx3.exe
O4 - HKCU\..\Run: [q42gyx3] C:\WINDOWS\system32\q42gyx3.exe
O2 - BHO: (no name) - {E464D507-70C1-E654-A743-720591F1BB59} - C:\WINDOWS\system32\sdkor.dll (file missing)
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - http://www105.coolsavings.com/LTC/download/cscmv4X.cab

*When you have those checked, CLOSE all other windows so that nothing is open but Hijackthis....close THIS browser window....then, click "Fix checked"

Close Hijackthis.

Next:

We are going to run ComboFix again, so I will put the full directions here....also, you [color]will download a new ComboFix file...as it should be a newer version now that we need to use[/color]

Please read all through the info so you know what will be done.
Directions and tips for using ComboFix:
http://www.bleepingcomputer.com/comb...o-use-combofix

There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.
Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[list=1][*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

((We are using a script, that will start ComboFix and do the fixing for you....just follow the steps to create the Notepad script, etc and do what it says:

Open notepad and copy/paste the text in the codebox below into it:
Save this as CFScript.txt and, Save As Type: All Files (*.*)

Quote:

Killall::
File::
C:\WINDOWS\system32\sdkor.dll
C:\WINDOWS\system32\q42gyx3.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E464D507-70C1-E654-A743-720591F1BB59}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"q42gyx3"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"q42gyx3"=-

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Download SUPERAntiSpyware Free for Home Users
alternate site
Double-click SUPERAntiSpyware.exe to install and use the default settings for installation.
Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.

Run SUPERAntiSpyware and update the definitions before scanning by selecting "Check for Udates".

When done, select "Scan for Harmful Software".

There are three scanning options available. Choose "Perform Complete Scan" and click "Next".

When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".

Place a checkmark next to items you wish to remove/quarantine and Click "Next".

A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

If asked to Reboot, please do.

After Reboot, double-click on SuperAnti-Spyware icon on your Desktop.

Click Preferences, Click the Statistics/Logs Tab.

Under Scanner logs, Double-click SuperAnti-Spyware Scan Log.

It will open in your default text editor (such as Notepad or WordPad).

Please Highlight everything in the Notepad, then right-click and choose copy.

In your next reply, please post those results and include a fresh Hijackthis log made after all the above is done.

Select close to exit the program.

Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.

launch · 17-Apr-2008, 10:13 PM **#18**

again. thank you for all your help. each time i follow your directions the computer gets much faster. here are the new logs.

thanks again.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/17/2008 at 07:56 PM

Application Version : 4.0.1154

Core Rules Database Version : 3440
Trace Rules Database Version: 1432

Scan type : Complete Scan
Total Scan Time : 01:02:29

Memory items scanned : 417
Memory threats detected : 0
Registry items scanned : 7806
Registry threats detected : 50
File items scanned : 81339
File threats detected : 292

Parasite.CoolWebSearch Variant
HKLM\Software\Classes\CLSID\{24F52FD3-D9CD-C5B4-2108-1DBD812D6F79}
HKLM\Software\Classes\CLSID\{3122ABBE-6828-8CEE-E5A1-60205805E8A5}
HKLM\Software\Classes\CLSID\{35DDF22C-ABD8-BB4D-7430-A00C122605A3}
HKLM\Software\Classes\CLSID\{6010C235-44CA-0E4F-FA79-866A45706484}
HKLM\Software\Classes\CLSID\{7E72B2B4-7AE5-BB09-3BA7-1D12564CA011}
HKLM\Software\Classes\CLSID\{A7463545-A0D8-73A1-95B5-1803A21D325B}
HKLM\Software\Classes\CLSID\{BE11BEE1-13AF-C553-014B-E5A1433E7C91}
HKLM\Software\Classes\CLSID\{C448539A-1A24-DCB9-3152-D2DCA94E1831}
HKLM\Software\Classes\CLSID\{CC67ADD3-8236-844B-5732-907E26BCF629}
HKLM\Software\Classes\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4}
HKLM\Software\Classes\CLSID\{FB2B91F2-20FB-CDCE-D34A-E50E5910E44F}
HKCR\CLSID\{24F52FD3-D9CD-C5B4-2108-1DBD812D6F79}
HKCR\CLSID\{24F52FD3-D9CD-C5B4-2108-1DBD812D6F79}\Data
HKCR\CLSID\{3122ABBE-6828-8CEE-E5A1-60205805E8A5}
HKCR\CLSID\{3122ABBE-6828-8CEE-E5A1-60205805E8A5}\Data
HKCR\CLSID\{35DDF22C-ABD8-BB4D-7430-A00C122605A3}
HKCR\CLSID\{35DDF22C-ABD8-BB4D-7430-A00C122605A3}\Data
HKCR\CLSID\{6010C235-44CA-0E4F-FA79-866A45706484}
HKCR\CLSID\{6010C235-44CA-0E4F-FA79-866A45706484}\Data
HKCR\CLSID\{7E72B2B4-7AE5-BB09-3BA7-1D12564CA011}
HKCR\CLSID\{7E72B2B4-7AE5-BB09-3BA7-1D12564CA011}\Data
HKCR\CLSID\{A7463545-A0D8-73A1-95B5-1803A21D325B}
HKCR\CLSID\{A7463545-A0D8-73A1-95B5-1803A21D325B}\Data
HKCR\CLSID\{BE11BEE1-13AF-C553-014B-E5A1433E7C91}
HKCR\CLSID\{BE11BEE1-13AF-C553-014B-E5A1433E7C91}\Data
HKCR\CLSID\{C448539A-1A24-DCB9-3152-D2DCA94E1831}
HKCR\CLSID\{C448539A-1A24-DCB9-3152-D2DCA94E1831}\Data
HKCR\CLSID\{CC67ADD3-8236-844B-5732-907E26BCF629}
HKCR\CLSID\{CC67ADD3-8236-844B-5732-907E26BCF629}\Data
HKCR\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4}
HKCR\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4}\Data
HKCR\CLSID\{FB2B91F2-20FB-CDCE-D34A-E50E5910E44F}
HKCR\CLSID\{FB2B91F2-20FB-CDCE-D34A-E50E5910E44F}\Data

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{699F0284-5E43-7CF2-9AD1-BC8BD54FA38C}
HKLM\Software\Classes\CLSID\{C15E8A09-A419-0B02-2618-8EBE6AA23677}
HKLM\Software\Classes\CLSID\{C88C5868-A520-9D6E-B1C4-AA3EABDBF5E4}
HKLM\Software\Classes\CLSID\{D75C75FF-652B-22AE-1729-0F2B93683D04}
HKLM\Software\Classes\CLSID\{E4D353C5-F038-4827-9CDA-ABDCF49E5AB5}
HKCR\CLSID\{C88C5868-A520-9D6E-B1C4-AA3EABDBF5E4}
HKCR\CLSID\{C88C5868-A520-9D6E-B1C4-AA3EABDBF5E4}\Data
HKCR\CLSID\{E4D353C5-F038-4827-9CDA-ABDCF49E5AB5}
HKCR\CLSID\{E4D353C5-F038-4827-9CDA-ABDCF49E5AB5}\Data
HKCR\CLSID\{C15E8A09-A419-0B02-2618-8EBE6AA23677}
HKCR\CLSID\{C15E8A09-A419-0B02-2618-8EBE6AA23677}\Data
HKCR\CLSID\{699F0284-5E43-7CF2-9AD1-BC8BD54FA38C}
HKCR\CLSID\{699F0284-5E43-7CF2-9AD1-BC8BD54FA38C}\Data
HKCR\CLSID\{D75C75FF-652B-22AE-1729-0F2B93683D04}
HKCR\CLSID\{D75C75FF-652B-22AE-1729-0F2B93683D04}\Data

Adware.Tracking Cookie
C:\Documents and Settings\Jen\Cookies\jen@specificclick[1].txt
C:\Documents and Settings\Jen\Cookies\jen@secure.advancedcleaner[1].txt
C:\Documents and Settings\Jen\Cookies\jen@adlegend[1].txt
C:\Documents and Settings\Jen\Cookies\jen@realmedia[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.techguy[2].txt
C:\Documents and Settings\Jen\Cookies\jen@privacy.pcprivacytool[2].txt
C:\Documents and Settings\Jen\Cookies\jen@bs.serving-sys[2].txt
C:\Documents and Settings\Jen\Cookies\jen@media.adrevolver[1].txt
C:\Documents and Settings\Jen\Cookies\jen@collective-media[2].txt
C:\Documents and Settings\Jen\Cookies\jen@zedo[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.pointroll[1].txt
C:\Documents and Settings\Jen\Cookies\jen@advancedcleaner[3].txt
C:\Documents and Settings\Jen\Cookies\jen@tribalfusion[2].txt
C:\Documents and Settings\Jen\Cookies\jen@insightexpressai[1].txt
C:\Documents and Settings\Jen\Cookies\jen@errclean[1].txt
C:\Documents and Settings\Jen\Cookies\jen@atdmt[2].txt
C:\Documents and Settings\Jen\Cookies\jen@serving-sys[2].txt
C:\Documents and Settings\Jen\Cookies\jen@revsci[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ad.yieldmanager[1].txt
C:\Documents and Settings\Jen\Cookies\jen@gomyhit[1].txt
C:\Documents and Settings\Jen\Cookies\jen@bluestreak[2].txt
C:\Documents and Settings\Jen\Cookies\jen@apmebf[1].txt
C:\Documents and Settings\Jen\Cookies\jen@fastclick[2].txt
C:\Documents and Settings\Jen\Cookies\jen@adopt.specificclick[1].txt
C:\Documents and Settings\Jen\Cookies\jen@secure.errclean[2].txt
C:\Documents and Settings\Jen\Cookies\jen@sale.trustedantivirus[1].txt
C:\Documents and Settings\Jen\Cookies\jen@casalemedia[2].txt
C:\Documents and Settings\Jen\Cookies\jen@www.advancedcleaner[1].txt
C:\Documents and Settings\Jen\Cookies\jen@adopt.euroclick[2].txt
C:\Documents and Settings\Jen\Cookies\jen@questionmarket[2].txt
C:\Documents and Settings\Jen\Cookies\jen@ehg-airtran.hitbox[2].txt
C:\Documents and Settings\Jen\Cookies\jen@newp15[2].txt
C:\Documents and Settings\Jen\Cookies\jen@trustedantivirus[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.addynamix[2].txt
C:\Documents and Settings\Jen\Cookies\jen@media6degrees[1].txt
C:\Documents and Settings\Jen\Cookies\jen@trafficmp[1].txt
C:\Documents and Settings\Jen\Cookies\jen@adinterax[2].txt
C:\Documents and Settings\Jen\Cookies\jen@adserver[1].txt
C:\Documents and Settings\Jen\Cookies\jen@advertising[2].txt
C:\Documents and Settings\Jen\Cookies\jen@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jen\Cookies\jen@cf1p15[1].txt
C:\Documents and Settings\Jen\Cookies\jen@doubleclick[1].txt
C:\Documents and Settings\Jen\Cookies\jen@hitbox[1].txt

Trojan.SmartFinder
HKCR\CLSID\{5C2CADF9-FD40-CA02-757E-8C7E5C5C1763}
HKCR\CLSID\{5C2CADF9-FD40-CA02-757E-8C7E5C5C1763}\Data

Adware.Spyware Labs/Virtual Bouncer
C:\Program Files\AdDestroyer\AdDestroyer.WAV
C:\Program Files\AdDestroyer\UNWISE.EXE
C:\Program Files\AdDestroyer
C:\Program Files\VBouncer\AdDestroyerInner.EXE
C:\Program Files\VBouncer\BundleOuter.EXE
C:\Program Files\VBouncer\Setup.INI
C:\Program Files\VBouncer\UNWISE.EXE
C:\Program Files\VBouncer\VBouncerInner.EXE
C:\Program Files\VBouncer

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\BIG BOOBS GIRLS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\BIG DICK GAYS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\BLACK GAYS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\BLACK SEXY GIRLS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\BLOWJOB.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\EURO GIRLS - SEX FANTASY.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\EURO SLUTS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\EXTREME SEX.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\GAY FANTASY.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\GAY TWINKS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\GIRL-ON-GIRL LESBIAN.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\HARDCORE FETISH PORN.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\HARDCORE GAY SEX.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\HARDCORE TEEN SEX.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\HOT LIVE SEX.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\MEGA BIG BOOBS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\MEGA BOYS SEX SHOW.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\MEGAGIRLS ONLINE!.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\PISS SEX.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\PORN WEBCAMS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\WORLD OF HARDCORE PORN.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\YOUNG AND SEXY TEENS.URL
C:\DOCUMENTS AND SETTINGS\JEN\FAVORITES\YOUNG TEEN GAYS.URL

WebRebates Silent Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\BUNDLES\WEBREBATES_AUTO_INSTALLSILENT.EXE.VI R

Adware.Spyware Labs
C:\QOOBOX\QUARANTINE\C\WINDOWS\BUNDLES\WRAPPEROUTER.EXE.VIR

Trojan.CoolWebSearch Variant
C:\WINDOWS\ADDDZ.DLL
C:\WINDOWS\ADDYO32.DLL
C:\WINDOWS\ADDZP.DLL
C:\WINDOWS\APIBA32.DLL
C:\WINDOWS\APIBJ32.DLL
C:\WINDOWS\APIEI32.DLL
C:\WINDOWS\APIME32.DLL
C:\WINDOWS\APIMP.DLL
C:\WINDOWS\APINH32.DLL
C:\WINDOWS\APIUG32.DLL
C:\WINDOWS\APPAS32.DLL
C:\WINDOWS\APPEK32.DLL
C:\WINDOWS\APPHL32.DLL
C:\WINDOWS\APPTA32.DLL
C:\WINDOWS\APPUP.DLL
C:\WINDOWS\APPWH32.DLL
C:\WINDOWS\ATLSZ32.DLL
C:\WINDOWS\ATLVA32.DLL
C:\WINDOWS\CRFD.DLL
C:\WINDOWS\CRMT32.DLL
C:\WINDOWS\CRQS32.DLL
C:\WINDOWS\CRUN.DLL
C:\WINDOWS\D3FV32.DLL
C:\WINDOWS\D3QC32.DLL
C:\WINDOWS\D3TO32.DLL
C:\WINDOWS\D3VA32.DLL
C:\WINDOWS\IEPS32.DLL
C:\WINDOWS\IPLS32.DLL
C:\WINDOWS\IPZA32.DLL
C:\WINDOWS\JAVAHJ32.DLL
C:\WINDOWS\JAVAKV.DLL
C:\WINDOWS\JAVAMZ.DLL
C:\WINDOWS\JAVATJ32.DLL
C:\WINDOWS\JAVAVB32.DLL
C:\WINDOWS\JAVAZJ.DLL
C:\WINDOWS\MFCBA.DLL
C:\WINDOWS\MFCGN32.DLL
C:\WINDOWS\MFCTB.DLL
C:\WINDOWS\MSNM32.DLL
C:\WINDOWS\MSPU.DLL
C:\WINDOWS\MSSW.DLL
C:\WINDOWS\MSTT.DLL
C:\WINDOWS\NETCR.DLL
C:\WINDOWS\NETDV.DLL
C:\WINDOWS\NETNC32.DLL
C:\WINDOWS\NETYK.DLL
C:\WINDOWS\NTEC.DLL
C:\WINDOWS\NTLI32.DLL
C:\WINDOWS\N_AOBDAV.DAT
C:\WINDOWS\N_ATFZRL.LOG
C:\WINDOWS\N_AZTRCC.TXT
C:\WINDOWS\N_BBJKQI.TXT
C:\WINDOWS\N_BJSBIV.TXT
C:\WINDOWS\N_CNJGOV.TXT
C:\WINDOWS\N_DIRQBJ.DAT
C:\WINDOWS\N_DYTWZX.TXT
C:\WINDOWS\N_EAZHOL.LOG
C:\WINDOWS\N_EVAKFD.DAT
C:\WINDOWS\N_FAFANF.LOG
C:\WINDOWS\N_FWEYVJ.LOG
C:\WINDOWS\N_GCJMES.TXT
C:\WINDOWS\N_GFYYTX.TXT
C:\WINDOWS\N_GKUUIP.LOG
C:\WINDOWS\N_GNMSBX.DAT
C:\WINDOWS\N_GVQSML.TXT
C:\WINDOWS\N_GWEDBP.LOG
C:\WINDOWS\N_GWYDEZ.LOG
C:\WINDOWS\N_GYNEQF.DAT
C:\WINDOWS\N_IEKOUA.LOG
C:\WINDOWS\N_IELICN.TXT
C:\WINDOWS\N_INFNBY.LOG
C:\WINDOWS\N_INNLCC.TXT
C:\WINDOWS\N_ISCMAX.LOG
C:\WINDOWS\N_IYNWBB.DAT
C:\WINDOWS\N_IZRNHG.LOG
C:\WINDOWS\N_JBYIMV.DAT
C:\WINDOWS\N_JFEAGZ.TXT
C:\WINDOWS\N_JMZVGB.TXT
C:\WINDOWS\N_JNYTAH.DAT
C:\WINDOWS\N_JQSRNG.DAT
C:\WINDOWS\N_JXYHYE.LOG
C:\WINDOWS\N_KBCBVU.TXT
C:\WINDOWS\N_KEWNRC.DAT
C:\WINDOWS\N_KGSZLS.DAT
C:\WINDOWS\N_KQJKMH.LOG
C:\WINDOWS\N_KSAYEI.DAT
C:\WINDOWS\N_KSKABW.TXT
C:\WINDOWS\N_LGYRGP.TXT
C:\WINDOWS\N_LHENXC.TXT
C:\WINDOWS\N_LNOEQK.DAT
C:\WINDOWS\N_LONBYJ.LOG
C:\WINDOWS\N_MARTDQ.LOG
C:\WINDOWS\N_MBFDUK.LOG
C:\WINDOWS\N_MLRJVZ.LOG
C:\WINDOWS\N_MQSGOH.TXT
C:\WINDOWS\N_MSFGYP.DAT
C:\WINDOWS\N_MSUSQN.TXT
C:\WINDOWS\N_MWWPIR.TXT
C:\WINDOWS\N_MYQFTD.TXT
C:\WINDOWS\N_NCCFFA.TXT
C:\WINDOWS\N_NIHKEZ.LOG
C:\WINDOWS\N_NOHZNL.DAT
C:\WINDOWS\N_NQVCJS.LOG
C:\WINDOWS\N_NUCYFI.TXT
C:\WINDOWS\N_OGJUIE.TXT
C:\WINDOWS\N_OMNPQZ.TXT
C:\WINDOWS\N_PKVDQY.LOG
C:\WINDOWS\N_PNREMO.TXT
C:\WINDOWS\N_PNUBJS.TXT
C:\WINDOWS\N_QDPLWV.DAT
C:\WINDOWS\N_QPNPIC.TXT
C:\WINDOWS\N_QPYYHI.TXT
C:\WINDOWS\N_QWFNFB.TXT
C:\WINDOWS\N_QYUHKU.LOG
C:\WINDOWS\N_RBTBSJ.LOG
C:\WINDOWS\N_RLTJFR.LOG
C:\WINDOWS\N_RRRFNR.LOG
C:\WINDOWS\N_RXYFJS.TXT
C:\WINDOWS\N_SFXXDO.TXT
C:\WINDOWS\N_SMZGFJ.DAT
C:\WINDOWS\N_SQJMNC.LOG
C:\WINDOWS\N_TDKHPP.DAT
C:\WINDOWS\N_TDSBLY.LOG
C:\WINDOWS\N_TFDIJK.TXT
C:\WINDOWS\N_TKHVTD.LOG
C:\WINDOWS\N_TOPNZK.DAT
C:\WINDOWS\N_TTSOMN.DAT
C:\WINDOWS\N_UCTACH.TXT
C:\WINDOWS\N_VFLWGA.TXT
C:\WINDOWS\N_VGFDNQ.DAT
C:\WINDOWS\N_VNDACW.DAT
C:\WINDOWS\N_VQUEZY.LOG
C:\WINDOWS\N_VUXMDB.TXT
C:\WINDOWS\N_VVJXPG.DAT
C:\WINDOWS\N_VXFGIY.DAT
C:\WINDOWS\N_WERJZW.DAT
C:\WINDOWS\N_WWYYJL.DAT
C:\WINDOWS\N_XGFWZM.LOG
C:\WINDOWS\N_XKEILI.TXT
C:\WINDOWS\N_XUDQPU.TXT
C:\WINDOWS\N_YCDSFN.TXT
C:\WINDOWS\N_YTPKFX.LOG
C:\WINDOWS\N_YZRMVJ.DAT
C:\WINDOWS\N_ZBTJZK.LOG
C:\WINDOWS\N_ZGEFZR.TXT
C:\WINDOWS\N_ZJOWOJ.TXT
C:\WINDOWS\N_ZJQIMB.LOG
C:\WINDOWS\N_ZLLOQO.TXT
C:\WINDOWS\N_ZQVQLO.DAT
C:\WINDOWS\N_ZSDNGW.TXT
C:\WINDOWS\N_ZTSLHR.DAT
C:\WINDOWS\N_ZUZJPK.DAT
C:\WINDOWS\N_ZZEICL.TXT
C:\WINDOWS\SDKDG32.DLL
C:\WINDOWS\SDKEY32.DLL
C:\WINDOWS\SDKXO.DLL
C:\WINDOWS\SYSDD32.DLL
C:\WINDOWS\SYSJD.DLL
C:\WINDOWS\SYSKV32.DLL
C:\WINDOWS\SYSTEM32\ADDMX32.DLL
C:\WINDOWS\SYSTEM32\APICI32.DLL
C:\WINDOWS\SYSTEM32\APIMH.DLL
C:\WINDOWS\SYSTEM32\APISH.DLL
C:\WINDOWS\SYSTEM32\APITH.DLL
C:\WINDOWS\SYSTEM32\APIXO.DLL
C:\WINDOWS\SYSTEM32\APPMF.DLL
C:\WINDOWS\SYSTEM32\APPUG.DLL
C:\WINDOWS\SYSTEM32\APPVZ.DLL
C:\WINDOWS\SYSTEM32\APPYY32.DLL
C:\WINDOWS\SYSTEM32\ATLAA.DLL
C:\WINDOWS\SYSTEM32\ATLDC.DLL
C:\WINDOWS\SYSTEM32\ATLNP32.DLL
C:\WINDOWS\SYSTEM32\ATLVN32.DLL
C:\WINDOWS\SYSTEM32\ATLYB.DLL
C:\WINDOWS\SYSTEM32\ATLYI.DLL
C:\WINDOWS\SYSTEM32\CRBR.DLL
C:\WINDOWS\SYSTEM32\CRFI.DLL
C:\WINDOWS\SYSTEM32\CRGQ32.DLL
C:\WINDOWS\SYSTEM32\CRVC.DLL
C:\WINDOWS\SYSTEM32\D3FL32.DLL
C:\WINDOWS\SYSTEM32\IEHO32.DLL
C:\WINDOWS\SYSTEM32\IEYB.DLL
C:\WINDOWS\SYSTEM32\IPFL.DLL
C:\WINDOWS\SYSTEM32\IPSA.DLL
C:\WINDOWS\SYSTEM32\JAVAHE.DLL
C:\WINDOWS\SYSTEM32\JAVAHK.DLL
C:\WINDOWS\SYSTEM32\JAVAQC.DLL
C:\WINDOWS\SYSTEM32\JAVAXC32.DLL
C:\WINDOWS\SYSTEM32\JAVAZY32.DLL
C:\WINDOWS\SYSTEM32\MFCAK32.DLL
C:\WINDOWS\SYSTEM32\MFCGW.DLL
C:\WINDOWS\SYSTEM32\MFCLD32.DLL
C:\WINDOWS\SYSTEM32\MFCLF.DLL
C:\WINDOWS\SYSTEM32\MFCPD.DLL
C:\WINDOWS\SYSTEM32\MFCQP.DLL
C:\WINDOWS\SYSTEM32\MSBJ.DLL
C:\WINDOWS\SYSTEM32\MSUE32.DLL
C:\WINDOWS\SYSTEM32\MSYU32.DLL
C:\WINDOWS\SYSTEM32\NETJO32.DLL
C:\WINDOWS\SYSTEM32\NETMH.DLL
C:\WINDOWS\SYSTEM32\NETPC32.DLL
C:\WINDOWS\SYSTEM32\NETQN32.DLL
C:\WINDOWS\SYSTEM32\NETSV32.DLL
C:\WINDOWS\SYSTEM32\NTAV.DLL
C:\WINDOWS\SYSTEM32\NTBU32.DLL
C:\WINDOWS\SYSTEM32\NTQG32.DLL
C:\WINDOWS\SYSTEM32\NTUW.DLL
C:\WINDOWS\SYSTEM32\NTYO32.DLL
C:\WINDOWS\SYSTEM32\SDKEO32.DLL
C:\WINDOWS\SYSTEM32\SYSRA.DLL
C:\WINDOWS\SYSTEM32\SYSSD.DLL
C:\WINDOWS\SYSTEM32\SYSXO.DLL
C:\WINDOWS\SYSTEM32\WINDZ32.DLL
C:\WINDOWS\WINUG32.DLL

Adware.eZula
C:\WINDOWS\WOINSTALL.EXE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12, on 2008-04-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebse...veX/ofmctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: hpdj5100 - Unknown owner - C:\DOCUME~1\Jen\LOCALS~1\Temp\hpdj5100.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8966 bytes

**Byteman** · 20-Apr-2008, 09:19 PM **#19**

Hi, Good, but you didn't post the ComboFix.txt log for me....see if you can locate that log at C:\ComboFix.txt and copy it's contents to a reply please.

The Hijackthis log looks good....

I would like to see a brand new ComboFix log too....but, post the last one you did please.
We will be getting a newer version of ComboFix after I check the log and hopefully that will wrap things up.

launch · 06-May-2008, 07:44 AM **#20**

i can't seem to find the new combofix log. now that i think back combofix may not have run all the way (it may have froze up towards the end). I'm sure by now the newer version of combofix is up. should i try the newer one or re-run the existing combofix and post a log?

Thanks.

**Byteman** · 06-May-2008, 08:09 PM **#21**

Hi,

Definitely the new version- the link back in my other reply will work, it always gets the newest available.

Make sure you also use the same directions to turn off protective programs before running ComboFix. Don't try to do anything during it's scan, and don't click the mouse or use the keyboard until it prompts you to press a key, etc.

launch · 08-May-2008, 10:46 PM **#22**

thanks for the help. here's the new combofix log and a new hijack this log. thanks again.

ComboFix 08-05-07.1 - Jen 2008-05-08 19:42:14.6 - NTFSx86
Running from: C:\Documents and Settings\Jen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\winsb.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-07 17:08 . 2008-05-07 17:51 <DIR> d-------- C:\2008-05-07
2008-04-17 18:50 . 2008-04-17 18:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-17 18:50 . 2008-04-17 18:50 <DIR> d-------- C:\Documents and Settings\Jen\Application Data\SUPERAntiSpyware.com
2008-04-17 18:50 . 2008-04-17 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-17 18:49 . 2008-04-17 18:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 22:22 --------- d-----w C:\Documents and Settings\Jen\Application Data\Canon
2008-04-08 01:22 --------- d-----w C:\Program Files\Panda Security
2008-04-06 22:30 --------- d-----w C:\Documents and Settings\Jen\Application Data\Lavasoft
2008-03-28 00:15 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-25 12:13 5,490 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg
2008-03-25 02:09 --------- d-----w C:\Program Files\Trend Micro
2008-03-22 20:49 86,528 ----a-w C:\WINDOWS\SYSTEM32\VACFix.exe
2008-03-20 15:02 246,545 ----a-w C:\WINDOWS\SYSTEM32\libssl32.dll
2008-03-20 15:02 1,188,375 ----a-w C:\WINDOWS\SYSTEM32\libeay32.dll
2008-03-20 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-15 22:16 82,432 ----a-w C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-02-16 04:12 81,912 ----a-w C:\Documents and Settings\Jen\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-03-31_21.31.12.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2002-04-14 20:14:55 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\7lnj93df.dat
+ 2002-04-14 20:14:55 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\cgznt7bb.dat
+ 2001-08-17 19:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-11-15 13:52:38 2,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\hbb5jlnb.dat
+ 2002-04-14 20:14:56 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\hvjvn5rd.dat
+ 2002-04-14 20:14:58 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\i2kokmft.dat
+ 2002-04-14 20:14:55 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\pbtjn1r5.dat
+ 2008-05-09 00:33:50 2,048 ----a-w C:\WINDOWS\BOOTSTAT.DAT
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 13:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 13:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2001-11-15 13:19:34 2,560 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\CAGICON.EXE
+ 2008-04-17 23:50:08 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-17 23:50:08 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2002-04-14 20:14:55 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\7LNJ93DF.DAT
+ 2002-04-14 20:14:55 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\CGZNT7BB.DAT
+ 2001-11-15 13:52:38 2,232 ----a-w C:\WINDOWS\JAVA\Packages\Data\HBB5JLNB.DAT
+ 2002-04-14 20:14:56 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\HVJVN5RD.DAT
+ 2002-04-14 20:14:58 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\I2KOKMFT.DAT
+ 2002-04-14 20:14:55 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\PBTJN1R5.DAT
+ 2008-04-08 01:20:49 4,289 ----a-w C:\WINDOWS\mozver.dat
+ 2000-08-31 13:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 05:07:22 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 03:07:58 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 13:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 13:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-18 11:00:00 2,000 ----a-w C:\WINDOWS\SYSTEM\KEYBOARD.DRV
+ 2001-08-18 11:00:00 2,032 ----a-w C:\WINDOWS\SYSTEM\MOUSE.DRV
+ 2001-08-18 11:00:00 1,744 ----a-w C:\WINDOWS\SYSTEM\SOUND.DRV
+ 2001-08-18 11:00:00 2,176 ----a-w C:\WINDOWS\SYSTEM\VGA.DRV
- 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
- 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
- 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2004-08-04 05:07:22 1,788 ----a-w C:\WINDOWS\SYSTEM32\dcache.bin
+ 2001-08-18 11:00:00 73,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\avwav.dll
- 2007-12-07 01:07:12 1,023,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
- 2007-12-07 01:07:12 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
- 2007-12-07 01:07:12 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
- 2007-12-07 01:07:12 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2007-12-07 01:07:12 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-12-07 01:07:12 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
- 2007-12-07 01:07:12 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
+ 2008-02-16 08:59:35 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
- 2007-11-14 07:26:56 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
+ 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
- 2007-12-07 01:07:12 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-12-07 01:07:13 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-12-07 01:07:13 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-02-16 08:59:37 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2007-12-07 01:07:13 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-02-16 08:59:37 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2007-12-07 01:07:13 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-12-07 01:07:13 1,494,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
- 2007-12-07 01:07:13 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
- 2007-12-07 01:07:14 615,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2007-12-18 14:40:58 417,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
- 2007-12-07 01:07:14 659,456 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-02-16 08:59:39 659,456 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2004-08-04 03:07:58 2,944 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
+ 2001-08-18 11:00:00 2,944 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS
- 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2007-11-21 04:00:55 278,152 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-04-11 08:07:49 278,152 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
- 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
- 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2001-08-18 11:00:00 2,000 ----a-w C:\WINDOWS\SYSTEM32\KEYBOARD.DRV
+ 2001-08-18 11:00:00 2,560 ----a-w C:\WINDOWS\SYSTEM32\LZ32.DLL
+ 2001-08-18 11:00:00 2,032 ----a-w C:\WINDOWS\SYSTEM32\MOUSE.DRV
- 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2008-04-01 00:30:04 60,630 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-05-09 00:38:11 62,138 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-04-01 00:30:04 399,766 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-05-09 00:38:11 403,770 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
- 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2001-08-18 11:00:00 1,744 ----a-w C:\WINDOWS\SYSTEM32\SOUND.DRV
- 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 1999-06-29 23:16:46 2,560 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BVRPWF2000.DLL
+ 1999-06-29 23:16:46 2,560 ------w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\bvrpwf2000.dll
- 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2004-08-04 04:56:48 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2001-08-18 11:00:00 2,176 ----a-w C:\WINDOWS\SYSTEM32\VGA.DRV
- 2007-12-07 01:07:14 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-02-16 08:59:39 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2001-08-18 11:00:00 2,864 ----a-w C:\WINDOWS\SYSTEM32\WINSOCK.DLL
+ 2001-08-18 11:00:00 2,112 ----a-w C:\WINDOWS\SYSTEM32\WINSPOOL.EXE
+ 2001-08-18 11:00:00 2,736 ----a-w C:\WINDOWS\SYSTEM32\WOWDEB.EXE
- 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2000-08-31 13:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 13:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 22:41 28738]
"LTWinModem1"="ltmsg.exe" [2001-04-03 10:38 38912 C:\WINDOWS\SYSTEM32\ltmsg.exe]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 15:31 655360]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 01:00 102400]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [2003-03-28 16:20 143360]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-04-14 15:24 26112]
"mmtask"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-06-13 17:21 53248]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 18:45 114688]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 18:41 163840]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2004-07-29 14:55 139264]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 18:29 184320]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 15:31 1327104]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Camio Viewer 2000.lnk - C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe [2002-04-14 15:22:43 49152]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 17:06:54 24633]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system

Search
Search in:
Show Threads Show Posts
Advanced Search