1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack This Log Analysis

Discussion in 'Virus & Other Malware Removal' started by jusdutch, Jan 26, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    I tried to do everything on the "read this first" page. It worked well until I tried to run GMER. :confused: It starts to scan but freezes at \Device\Ide\IdeDeviceP1T1L0-20. Tried 4 times, same result every time. It was unavailable when I checked to see if it could be run in SAFE MODE.

    HiJack log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:31:56 PM, on 1/26/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\IObit\IObit Security 360\IS360tray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\TEMP\Desktop\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [EPSON Stylus Photo RX580 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\WINDOWS\TEMP\E_SDB.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo RX580 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\DOCUME~1\TEMP\LOCALS~1\Temp\E_SD1.tmp" /EF "HKCU" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo RX580 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\DOCUME~1\TEMP\LOCALS~1\Temp\E_SD1.tmp" /EF "HKCU" (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247837165310
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    --
    End of file - 4660 bytes

    DDS Log:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by mitch at 19:32:57.29 on Wed 01/26/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.58 [GMT -5:00]

    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\IObit\IObit Security 360\IS360tray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\TEMP\Desktop\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\TEMP\Desktop\dds.scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://my.yahoo.com/
    uDefault_Page_URL = hxxp://www.rr.com
    uInternet Settings,ProxyOverride = *.local;<local>
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: {EC52BEDA-CCF3-45E1-AFFD-03618DB9F10A} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [EPSON Stylus Photo RX580 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe /fu "c:\windows\temp\E_SDB.tmp" /EF "HKCU"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [EPSON Stylus Photo RX580 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe /fu "c:\docume~1\temp\locals~1\temp\E_SD1.tmp" /EF "HKCU"
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\program files\iobit\advanced systemcare 3\SPICtrl.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247837165310
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    ============= SERVICES / DRIVERS ===============
    R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-11-15 312152]
    S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\avgidsxx.sys --> c:\windows\system32\drivers\AVGIDSxx.sys [?]
    S0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
    S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
    S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
    S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-9-6 122448]
    S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-9-6 30288]
    S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-9-6 26192]
    S3 kwkxusb;Kyocera Wireless USB CDMA Modem Driver;c:\windows\system32\drivers\kwusb2k.sys --> c:\windows\system32\drivers\kwusb2k.sys [?]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\ptdubus.sys --> c:\windows\system32\drivers\PTDUBus.sys [?]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\ptdumdm.sys --> c:\windows\system32\drivers\PTDUMdm.sys [?]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\ptduvsp.sys --> c:\windows\system32\drivers\PTDUVsp.sys [?]
    S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\ptduwflt.sys --> c:\windows\system32\drivers\PTDUWFLT.sys [?]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\ptduwwan.sys --> c:\windows\system32\drivers\PTDUWWAN.sys [?]
    =============== Created Last 30 ================
    2100-02-08 20:03:54 53248 -c--a-w- c:\program files\ACMonitor_X73.exe
    2011-01-26 03:11:32 73728 -c--a-w- c:\windows\system32\javacpl.cpl
    2011-01-19 23:35:01 -------- dc----w- c:\docume~1\temp\locals~1\applic~1\king.com
    ==================== Find3M ====================
    2011-01-26 03:09:56 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2010-12-11 07:47:00 32608 -c--a-w- c:\windows\king-uninstall.exe
    2010-11-25 07:03:21 507904 -c--a-w- c:\windows\system32\winlogon.exe
    2010-11-25 00:49:59 398744 -c--a-r- c:\windows\system32\cpnprt2.cid
    2010-11-18 18:12:44 81920 -c--a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 -c--a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 -c--a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 -c--a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 -c----w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 -c--a-w- c:\windows\system32\html.iec
    ============= FINISH: 19:36:11.54 ===============

    Attached file as instructed.

    Thank you for any assistance you can render. I am using Road Runner with 12.0 mbps and most of the time running at a crawl (dial up is faster:mad:) Found a trojan in java awhile back, eliminated it, and am trying now to stay on top of security. Thanks again!!
     

    Attached Files:

  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    It is not surprising it is slow with parts of AVG running & IObit security also runing
    and causing major clashes

    uninstall the remnants of AVG with
    http://www.appremover.com/appremover/avg/AppRemover.exe
    reboot
    I would never have Iobit installed on any computer I use

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  3. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    I tried to use your link to app remover BUT..... it only took me to
    Not Found

    The requested URL /appremover/avg/AppRemover.exe was not found on this server.
    Apache/2.2.15 (Fedora) Server at static.appremover.com Port 80
     
  4. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    I have CombeFix on my desktop but have not run it as I didn't know what to do with regards to the APPREMOVER.
    I also uninstalled IObit. I would appreciate a recommendation of a quality replacement, when we have finished with this.
    I will not remove or delete anything else without your request to do so.
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  6. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    I downloaded that and ran it. It says zero applications found. I have a doctor's appt. I will check back when I return.
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    run combofix and we can use that to clear up any left over avg bits
     
  8. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    I ran ComboFix and here is there log. It took nearly 40 minutes. This computer was given to me and I tried to delete alot of the old stuff but I guess it buries itself deeply :eek: I sincerely appreciate your help with this. Thank you!

    ComboFix 11-01-28.02 - mitch 01/28/2011 21:49:35.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.183 [GMT -5:00]
    Running from: c:\documents and settings\TEMP\Desktop\username123.exe.exe
    .
    ADS - svchost.exe: deleted 0 bytes in 1 streams.
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\mitch\Application Data\Hotbar
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\1.sdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\3756141.sdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\491501.sdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\domains.txt
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\13546
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\16176
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\20304
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\20570
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\22254
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\251440
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\254580
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\26664
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\27503
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\288733
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\29115
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\295807
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\305631
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\34123
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\34186
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\403537
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\405135
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\44228
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\44229
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\455392
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\519215
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\526507
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\552212
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\56113
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\61779
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\61837
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\70449
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\70773
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\738205
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\744884
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\746754
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\7482
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\79819
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\80663
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\82292
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\8443
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\86173
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\89334
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\95716
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\3903.dat
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\ads.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans.idx
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans1.dat
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\business_promo.htm
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\buttondir.txt
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\components.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\cursors.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_1000.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_2000.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_3000.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bar.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bbar1.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_logos.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_other.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_weather.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\default.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_511745-514279.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz1.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz10.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz11.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz12.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz13.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz14.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz15.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz16.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz17.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz18.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz19.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz2.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz20.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz3.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz4.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz5.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz6.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz7.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz8.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz9.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_categorize.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_comparison.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-Mails.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-people.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_favorites.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Games.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hide.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hotbarcom.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hotmail.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hsskin.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemster.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsterie.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsteruk.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jobsearch.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Mails.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_new.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_premium.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_reun.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_ringtones.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_SearchBoxTrapper.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchfor.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchgo.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_weather.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_yellowpages.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\editblbuttons.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-548964.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-9595.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\email-t1-bg.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesmenu.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesMenu.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\hb_ie_menu.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar_promo.htm
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\icons2.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_games_icon.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_video.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords.idx
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords1.dat
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\layout.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\linkpathlegal.txt
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\more.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\new_games.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\progress.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\s_icons_buttons.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\sales_buttons.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\sdfmodifier.xml
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\t2_bg.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\theweb.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\top7.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\Top7_theweb.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\tsd_bg.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\1\weathericon.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\ads.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans.idx
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans1.dat
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\business_promo.htm
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\buttondir.txt
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\components.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\cursors.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_1000.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_2000.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_3000.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bar.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bbar1.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_logos.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_other.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_weather.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\default.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_511745-514279.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz1.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz10.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz11.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz12.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz13.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz14.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz15.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz16.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz17.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz18.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz19.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz2.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz20.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz3.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz4.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz5.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz6.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz7.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz8.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz9.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_categorize.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_comparison.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-Mails.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-people.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_favorites.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Games.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hide.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hotbarcom.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hotmail.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hsskin.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemster.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsterie.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsteruk.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jobsearch.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Mails.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_new.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_premium.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_reun.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_ringtones.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_SearchBoxTrapper.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchfor.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchgo.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_weather.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_yellowpages.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\editblbuttons.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-548964.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-9595.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\email-t1-bg.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesmenu.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesMenu.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\hb_ie_menu.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar_promo.htm
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\icons2.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_games_icon.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_video.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords.idx
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords1.dat
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\layout.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\linkpathlegal.txt
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\more.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\new_games.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\progress.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\s_icons_buttons.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\sales_buttons.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\sdfmodifier.xml
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\t2_bg.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\theweb.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\top7.cdf
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\Top7_theweb.mnu
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\tsd_bg.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\2\weathericon.res
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ads.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\default.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\email-t1-bg.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\gamesmenu.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hb_ie_menu.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar-premium.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\icons2.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\progress.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\top7.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip
    c:\documents and settings\mitch\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.xip
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\history
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\Weather_XML\Default
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\Weather_XML\Genera1
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\Weather_XML\General
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\Links
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\radar-big.jpg
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\radar-small
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\satellite-big.jpg
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\satellite-small
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences
    c:\documents and settings\mitch\Application Data\Hotbar\Weather\WeatherStartup.xml
    c:\documents and settings\mitch\Application Data\Hotbar_Icons
    c:\documents and settings\mitch\Application Data\Hotbar_Icons\dealnews.ico
    c:\documents and settings\mitch\Application Data\WeatherDPA
    c:\program files\BrowserCtl
    c:\program files\DDnsFilter
    c:\windows\010112010146120114.xe
    c:\windows\0101120101465753.xe
    c:\windows\ex23567.dat
    c:\windows\fdgg34353edfgdfdf
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .
    2100-02-08 20:03 . 2001-05-11 15:39 53248 -c--a-w- c:\program files\ACMonitor_X73.exe
    2011-01-27 01:08 . 2011-01-27 01:09 -------- dc----w- c:\documents and settings\Administrator
    2011-01-26 03:11 . 2011-01-26 03:09 73728 -c--a-w- c:\windows\system32\javacpl.cpl
    2011-01-19 23:35 . 2011-01-19 23:35 -------- dc----w- c:\documents and settings\TEMP\Local Settings\Application Data\king.com
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-26 03:09 . 2010-06-25 02:36 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2010-12-11 07:47 . 2010-12-11 07:47 32608 -c--a-w- c:\windows\king-uninstall.exe
    2010-11-25 07:03 . 2001-08-23 12:00 507904 -c--a-w- c:\windows\system32\winlogon.exe
    2010-11-25 00:49 . 2010-11-25 00:49 398744 -c--a-r- c:\windows\system32\cpnprt2.cid
    2010-11-18 18:12 . 2008-03-25 23:05 81920 -c--a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2001-08-23 12:00 249856 -c--a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2001-08-23 12:00 916480 -c--a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2001-08-23 12:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2001-08-23 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 05:59 385024 -c--a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2001-08-23 12:00 40960 -c--a-w- c:\windows\system32\drivers\ndproxy.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    c:\documents and settings\mitch\Start Menu\Programs\Startup\
    Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 -c--a-w- c:\windows\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\messenger\msmsgs.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\dxdiag.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\messenger\\msmsgs.exe"=
    S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\Drivers\AVGIDSxx.sys --> c:\windows\system32\Drivers\AVGIDSxx.sys [?]
    S0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys --> c:\windows\system32\Drivers\avgrkx86.sys [?]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
    S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
    S3 AVGIDSDriverxpx;AVG9IDSDriver;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [?]
    S3 AVGIDSFilterxpx;AVG9IDSFilter;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [?]
    S3 AVGIDSShimxpx;AVG9IDSShim;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [?]
    S3 kwkxusb;Kyocera Wireless USB CDMA Modem Driver;c:\windows\system32\DRIVERS\kwusb2k.sys --> c:\windows\system32\DRIVERS\kwusb2k.sys [?]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys --> c:\windows\system32\DRIVERS\PTDUBus.sys [?]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys --> c:\windows\system32\DRIVERS\PTDUMdm.sys [?]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys --> c:\windows\system32\DRIVERS\PTDUVsp.sys [?]
    S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys --> c:\windows\system32\DRIVERS\PTDUWFLT.sys [?]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys --> c:\windows\system32\DRIVERS\PTDUWWAN.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    2011-01-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]
    2011-01-17 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-15 23:08]
    2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{6520F091-3821-4665-BE10-751E97249B46}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{7EEEE4AC-7E04-44BD-8D1F-2F2EEAEC7408}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    .
    - - - - ORPHANS REMOVED - - - -
    Notify-avgrsstarter - avgrsstx.dll

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-28 22:08
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,f9,3a,9f,81,bc,01,44,b8,2d,82,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,f9,3a,9f,81,bc,01,44,b8,2d,82,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-01-28 22:15:10
    ComboFix-quarantined-files.txt 2011-01-29 03:15
    Pre-Run: 4,045,484,032 bytes free
    Post-Run: 4,384,600,064 bytes free
    - - End Of File - - A3573017FCF4910A287954B3FD47008E
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    next

    Please download Malwarebytes' Anti-Malware to your desktop
    from HERE orHERE

    Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

    Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

    If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
    Once the program has loaded, select Perform full scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad.
    Please include this log in your next reply.

    It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
    If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
     
  10. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 5637
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    1/30/2011 3:17:19 AM
    mbam-log-2011-01-30 (03-17-19).txt
    Scan type: Full scan (C:\|)
    Objects scanned: 293680
    Time elapsed: 2 hour(s), 49 minute(s), 44 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.
     
  11. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    FYI new log since we began:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:33:16 AM, on 1/30/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\TEMP\Desktop\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [EPSON Stylus Photo RX580 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\DOCUME~1\TEMP\LOCALS~1\Temp\E_SE.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247837165310
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    --
    End of file - 3154 bytes



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by mitch at 3:36:54.23 on Sun 01/30/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.86 [GMT -5:00]

    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\TEMP\Desktop\dds.scr
    C:\WINDOWS\system32\msfeedssync.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://my.yahoo.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: {EC52BEDA-CCF3-45E1-AFFD-03618DB9F10A} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [EPSON Stylus Photo RX580 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe /fu "c:\docume~1\temp\locals~1\temp\E_SE.tmp" /EF "HKCU"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247837165310
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    ============= SERVICES / DRIVERS ===============
    S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\avgidsxx.sys --> c:\windows\system32\drivers\AVGIDSxx.sys [?]
    S0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
    S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
    S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
    S3 AVGIDSDriverxpx;AVG9IDSDriver;\??\c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\avgidsdriver.sys --> c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [?]
    S3 AVGIDSFilterxpx;AVG9IDSFilter;\??\c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\avgidsfilter.sys --> c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [?]
    S3 AVGIDSShimxpx;AVG9IDSShim;\??\c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\avgidsshim.sys --> c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [?]
    S3 kwkxusb;Kyocera Wireless USB CDMA Modem Driver;c:\windows\system32\drivers\kwusb2k.sys --> c:\windows\system32\drivers\kwusb2k.sys [?]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\ptdubus.sys --> c:\windows\system32\drivers\PTDUBus.sys [?]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\ptdumdm.sys --> c:\windows\system32\drivers\PTDUMdm.sys [?]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\ptduvsp.sys --> c:\windows\system32\drivers\PTDUVsp.sys [?]
    S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\ptduwflt.sys --> c:\windows\system32\drivers\PTDUWFLT.sys [?]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\ptduwwan.sys --> c:\windows\system32\drivers\PTDUWWAN.sys [?]
    =============== Created Last 30 ================
    2100-02-08 20:03:54 53248 -c--a-w- c:\program files\ACMonitor_X73.exe
    2011-01-30 04:13:12 -------- dc----w- c:\docume~1\temp\applic~1\Malwarebytes
    2011-01-30 04:12:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-30 04:12:52 -------- dc----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
    2011-01-30 04:12:51 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-30 04:12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-28 19:54:04 -------- dcsha-r- C:\cmdcons
    2011-01-28 19:48:37 98816 -c--a-w- c:\windows\sed.exe
    2011-01-28 19:48:37 89088 -c--a-w- c:\windows\MBR.exe
    2011-01-28 19:48:37 256512 -c--a-w- c:\windows\PEV.exe
    2011-01-28 19:48:37 161792 -c--a-w- c:\windows\SWREG.exe
    2011-01-26 03:11:32 73728 -c--a-w- c:\windows\system32\javacpl.cpl
    2011-01-19 23:35:01 -------- dc----w- c:\docume~1\temp\locals~1\applic~1\king.com
    ==================== Find3M ====================
    2011-01-26 03:09:56 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2010-12-11 07:47:00 32608 -c--a-w- c:\windows\king-uninstall.exe
    2010-11-25 07:03:21 507904 -c--a-w- c:\windows\system32\winlogon.exe
    2010-11-25 00:49:59 398744 -c--a-r- c:\windows\system32\cpnprt2.cid
    2010-11-18 18:12:44 81920 -c--a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 -c--a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 -c--a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 -c--a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 -c----w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 -c--a-w- c:\windows\system32\html.iec
    ============= FINISH: 3:40:21.86 ===============
     

    Attached Files:

  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    lets clear the AVG leftovers

    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  13. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    ComboFix 11-01-29.02 - mitch 01/30/2011 4:14.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.70 [GMT -5:00]
    Running from: c:\documents and settings\TEMP\Desktop\username123.exe.exe
    Command switches used :: c:\documents and settings\TEMP\Desktop\CFScript.txt
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\username123.exe
    c:\username123.exe\NircmdB.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_AVGIDSDRIVERXPX
    -------\Legacy_AVGIDSERHRXPX
    -------\Legacy_AVGIDSFILTERXPX
    -------\Legacy_AVGIDSSHIMXPX
    -------\Legacy_AVGRKX86
    -------\Legacy_AVGTDIX
    -------\Service_Avgfwdx
    -------\Service_Avgfwfd
    -------\Service_AVGIDSDriverxpx
    -------\Service_AVGIDSErHrxpx
    -------\Service_AVGIDSFilterxpx
    -------\Service_AVGIDSShimxpx
    -------\Service_AvgLdx86
    -------\Service_AvgRkx86
    -------\Service_AvgTdiX

    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
    .
    2100-02-08 20:03 . 2001-05-11 15:39 53248 -c--a-w- c:\program files\ACMonitor_X73.exe
    2011-01-30 04:13 . 2011-01-30 04:13 -------- dc----w- c:\documents and settings\TEMP\Application Data\Malwarebytes
    2011-01-30 04:12 . 2010-04-29 20:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-30 04:12 . 2011-01-30 04:12 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2011-01-30 04:12 . 2011-01-30 04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-30 04:12 . 2010-04-29 20:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-27 01:08 . 2011-01-27 01:09 -------- dc----w- c:\documents and settings\Administrator
    2011-01-26 03:11 . 2011-01-26 03:09 73728 -c--a-w- c:\windows\system32\javacpl.cpl
    2011-01-19 23:35 . 2011-01-19 23:35 -------- dc----w- c:\documents and settings\TEMP\Local Settings\Application Data\king.com
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-26 03:09 . 2010-06-25 02:36 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2010-12-11 07:47 . 2010-12-11 07:47 32608 -c--a-w- c:\windows\king-uninstall.exe
    2010-11-25 07:03 . 2001-08-23 12:00 507904 -c--a-w- c:\windows\system32\winlogon.exe
    2010-11-25 00:49 . 2010-11-25 00:49 398744 -c--a-r- c:\windows\system32\cpnprt2.cid
    2010-11-18 18:12 . 2008-03-25 23:05 81920 -c--a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2001-08-23 12:00 249856 -c--a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2001-08-23 12:00 916480 -c--a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2001-08-23 12:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2001-08-23 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 05:59 385024 -c--a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2001-08-23 12:00 40960 -c--a-w- c:\windows\system32\drivers\ndproxy.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    c:\documents and settings\mitch\Start Menu\Programs\Startup\
    Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 -c--a-w- c:\windows\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\messenger\msmsgs.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\dxdiag.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\messenger\\msmsgs.exe"=
    S3 kwkxusb;Kyocera Wireless USB CDMA Modem Driver;c:\windows\system32\DRIVERS\kwusb2k.sys --> c:\windows\system32\DRIVERS\kwusb2k.sys [?]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys --> c:\windows\system32\DRIVERS\PTDUBus.sys [?]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys --> c:\windows\system32\DRIVERS\PTDUMdm.sys [?]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys --> c:\windows\system32\DRIVERS\PTDUVsp.sys [?]
    S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys --> c:\windows\system32\DRIVERS\PTDUWFLT.sys [?]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys --> c:\windows\system32\DRIVERS\PTDUWWAN.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    2011-01-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]
    2011-01-30 c:\windows\Tasks\User_Feed_Synchronization-{6520F091-3821-4665-BE10-751E97249B46}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    2011-01-30 c:\windows\Tasks\User_Feed_Synchronization-{7EEEE4AC-7E04-44BD-8D1F-2F2EEAEC7408}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-30 04:32
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,f9,3a,9f,81,bc,01,44,b8,2d,82,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,f9,3a,9f,81,bc,01,44,b8,2d,82,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(1668)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-30 04:41:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-30 09:41
    ComboFix2.txt 2011-01-29 03:15
    Pre-Run: 4,334,239,744 bytes free
    Post-Run: 4,288,376,832 bytes free
    - - End Of File - - 4005D74BC8D264DA3E1841CE29729110
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    That looks clear but I am suspicious about an earlier entry that might suggest TDL3/4 rootkit
    are you having any problems now or have they cleared up

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds & then reboot

    post back with its log
     
  15. jusdutch

    jusdutch Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    12
    2011/01/30 06:55:09.0542 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/30 06:55:09.0542 ================================================================================
    2011/01/30 06:55:09.0542 SystemInfo:
    2011/01/30 06:55:09.0542
    2011/01/30 06:55:09.0542 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/30 06:55:09.0562 Product type: Workstation
    2011/01/30 06:55:09.0562 ComputerName: HOMEE
    2011/01/30 06:55:09.0562 UserName: mitch
    2011/01/30 06:55:09.0562 Windows directory: C:\WINDOWS
    2011/01/30 06:55:09.0562 System windows directory: C:\WINDOWS
    2011/01/30 06:55:09.0562 Processor architecture: Intel x86
    2011/01/30 06:55:09.0562 Number of processors: 1
    2011/01/30 06:55:09.0562 Page size: 0x1000
    2011/01/30 06:55:09.0562 Boot type: Normal boot
    2011/01/30 06:55:09.0562 ================================================================================
    2011/01/30 06:55:12.0667 Initialize success
    2011/01/30 06:55:23.0402 ================================================================================
    2011/01/30 06:55:23.0402 Scan started
    2011/01/30 06:55:23.0402 Mode: Manual;
    2011/01/30 06:55:23.0402 ================================================================================
    2011/01/30 06:55:37.0012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/30 06:55:38.0614 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/30 06:55:40.0126 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/30 06:55:41.0178 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/30 06:55:45.0324 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/01/30 06:55:46.0205 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    2011/01/30 06:55:49.0290 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/30 06:55:49.0900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/30 06:55:51.0833 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/01/30 06:55:53.0225 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/30 06:55:54.0006 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/30 06:55:55.0428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/30 06:55:56.0300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/30 06:55:57.0381 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/30 06:55:57.0992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/30 06:55:58.0543 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/30 06:56:01.0277 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    2011/01/30 06:56:03.0770 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/30 06:56:04.0962 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/30 06:56:06.0004 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/30 06:56:06.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/30 06:56:07.0816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/30 06:56:09.0378 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/30 06:56:10.0380 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    2011/01/30 06:56:11.0522 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/30 06:56:12.0423 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/30 06:56:13.0074 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/30 06:56:13.0855 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/30 06:56:14.0706 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/30 06:56:15.0657 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/30 06:56:16.0699 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/30 06:56:17.0490 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/30 06:56:18.0301 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/30 06:56:19.0213 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/30 06:56:21.0376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/30 06:56:23.0729 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/30 06:56:24.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
    2011/01/30 06:56:26.0934 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/30 06:56:27.0855 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/30 06:56:28.0676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/30 06:56:29.0638 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/30 06:56:30.0649 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/30 06:56:31.0670 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/30 06:56:32.0612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/30 06:56:33.0393 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/30 06:56:34.0064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/30 06:56:34.0965 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/30 06:56:38.0190 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/30 06:56:39.0021 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/30 06:56:39.0722 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/30 06:56:40.0804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/30 06:56:41.0765 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/30 06:56:43.0147 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/30 06:56:44.0158 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/30 06:56:45.0280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/30 06:56:46.0031 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/30 06:56:46.0742 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/30 06:56:47.0423 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/30 06:56:48.0234 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/30 06:56:49.0055 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/30 06:56:49.0957 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/30 06:56:50.0768 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/30 06:56:51.0429 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/30 06:56:52.0120 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/30 06:56:52.0891 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/30 06:56:53.0772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/30 06:56:54.0824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/30 06:56:56.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/30 06:56:57.0928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/30 06:56:59.0300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/30 06:57:00.0202 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/30 06:57:01.0463 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/30 06:57:03.0036 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    2011/01/30 06:57:05.0509 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
    2011/01/30 06:57:07.0402 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/30 06:57:08.0113 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/30 06:57:09.0295 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/30 06:57:10.0817 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/30 06:57:14.0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/30 06:57:15.0714 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/30 06:57:21.0222 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/30 06:57:21.0943 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/01/30 06:57:22.0804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/30 06:57:26.0299 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/30 06:57:30.0165 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/30 06:57:32.0037 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/30 06:57:33.0049 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/30 06:57:34.0120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/30 06:57:35.0092 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/30 06:57:36.0193 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/30 06:57:37.0475 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/30 06:57:38.0587 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/30 06:57:39.0698 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/01/30 06:57:41.0110 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/30 06:57:42.0182 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/30 06:57:43.0193 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/30 06:57:44.0325 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
    2011/01/30 06:57:45.0537 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/30 06:57:48.0251 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/30 06:57:49.0452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/30 06:57:50.0744 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/30 06:57:52.0306 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/30 06:57:53.0518 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/30 06:57:57.0364 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/30 06:57:58.0395 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/30 06:57:59.0917 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/30 06:58:00.0608 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/30 06:58:01.0450 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/30 06:58:03.0452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/30 06:58:05.0315 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/30 06:58:06.0797 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/30 06:58:07.0638 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/30 06:58:08.0600 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/01/30 06:58:09.0481 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/30 06:58:10.0252 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/30 06:58:11.0174 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/30 06:58:12.0215 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    2011/01/30 06:58:13.0126 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/30 06:58:14.0438 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/30 06:58:15.0560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/30 06:58:17.0433 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/30 06:58:19.0315 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/01/30 06:58:20.0146 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/30 06:58:21.0198 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/30 06:58:29.0941 ================================================================================
    2011/01/30 06:58:29.0941 Scan finished
    2011/01/30 06:58:29.0941 ================================================================================

    It seems way faster. I appreciate your help. Can you suggest an antivirus program since I deleted Iobit?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977227

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice