PDA

View Full Version : Virtumonde, Smitfraud, Zeno, all kinds of stuff



Ura-Maru
2008-06-21, 01:15
I've got a real mess here. Virtumonde, a whole alphabet of Smitfrauds and CoolWWWSearches, Clientman, DeepDive, ZenoSearch, Win32.Small.ny, and probably a few others as well.

Taskmanager's been disabled by one of the little pests, and I can't seem to re-enable it. I've tried using the regedit manual fix, and the command line version. Each time it looks like it works, but the key keeps popping back in.

The computer is getting constant pop up warnings for spyware and viruses found, both in ie and from 'windows security.' Also, of course, ads for products that will supposedly fix this, and (presumably bogus) demands to upgrade windows security.

Though, in retrospect, upgrading windows security would have been a good idea before all this showed up.

Spybot 1.4 was telling me to re-scan after a reboot with the network disconnected. After which it would tell me to do it again, and keep cycling. Spybot 1.5.2 just removes everything, or seems to, but it's back again at the next scan, and the pop-ups start again a few minutes later.

There was a fairly annoying infection on the same computer several months ago, that I'd thought was fixed. I don't know if it's been lurking around all this time, or if this is something that's shown up in the last few weeks.

Any help would be greatly appreciated. This is on a family computer, and my repeated failures to improve the situation have not been very good for my rep as the family geek.


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:56 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\windows\system32\pmropn.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\windows\system32\rwwnw64d.exe
C:\WINDOWS\system32\ncntqkdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\DOCUME~1\Edwina\APPLIC~1\ICROSO~1\nslookup.exe
C:\Documents and Settings\Edwina\My Documents\F?nts\r?ndll32.exe
C:\Program Files\GetPack\GetPack19.exe
C:\Program Files\GetModule\GetModule19.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Edwina\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDyUaazwlbdhfHCPEqWo1WDdP37y3JssqXcdJwcrdT4zUOFXJUY3PYbiqvgjrRTE7Y9hR2LLqMtkxEVCYiYeWnUthIIXuv7V/8CgjwiE/Hpec=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwLe98kRA1QsAa1fkRHVrB5oggHkHViFC/AO4eOTw5LcfsctTfbGYgkILmDYNWk9F6zXkh6oI/Ju+YdKybIAhTNRfqozJk/a6eMNFYAWYXowU=
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {08878A8B-3971-4643-88BB-1E1E424890EA} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {26D1A2E6-28F9-43E6-9A0D-A68BE6D35FA6} - C:\WINDOWS\system32\iifgFYsr.dll (file missing)
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\tuvtqqp.dll (file missing)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {4D7F9440-8E65-44B9-98B1-0C72697E376C} - C:\WINDOWS\system32\ljJCuUmm.dll (file missing)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O2 - BHO: (no name) - {8D384FC7-4CB4-4B13-B718-E148B20CA232} - C:\WINDOWS\system32\hgGabYQG.dll (file missing)
O2 - BHO: {03a11f25-4752-36c8-5894-c28d80db7249} - {9427bd08-d82c-4985-8c63-257452f11a30} - C:\WINDOWS\system32\jjcikwfs.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: gooochi browser optimizer - {c51e870a-f9f7-fe03-2f90-5dcc80d02b1d} - C:\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {CFE82785-BE10-4186-9597-C2B5B9FE9290} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {D149BF6F-2388-7F51-F94E-7BA2E3E718C4} - C:\WINDOWS\system32\wyr.dll
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {E89CD8A6-BD36-459C-B131-96167C31B28D} - C:\WINDOWS\system32\geBuRjhG.dll (file missing)
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\ddcBSKAR.dll
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe"
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [UADC_3354481086] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
O4 - HKLM\..\Run: [{D4-40-06-61-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntqkdm.exe DWram
O4 - HKLM\..\Run: [70bd40ce] rundll32.exe "C:\WINDOWS\system32\lryehrsd.dll",b
O4 - HKLM\..\Run: [{0bc23157-a980-81ae-62a3-a8ba9f67cfdd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll" DllStart
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM738e7352] Rundll32.exe "C:\WINDOWS\system32\lmlwpokg.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA4210] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5930] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1448] command /c del "C:\WINDOWS\system32\geBuRjhG.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9433] cmd /c del "C:\WINDOWS\system32\geBuRjhG.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6879] command /c del "C:\WINDOWS\system32\ljJCuUmm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9085] cmd /c del "C:\WINDOWS\system32\ljJCuUmm.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Edwina\APPLIC~1\ICROSO~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [Mpsp] "C:\Documents and Settings\Edwina\My Documents\F?nts\r?ndll32.exe"
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Edwina\Application Data\Microsoft\Windows\byprcb.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [GetPack19] "C:\Program Files\GetPack\GetPack19.exe"
O4 - HKCU\..\Run: [GetModule19] "C:\Program Files\GetModule\GetModule19.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntqkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: ddcBSKAR - C:\WINDOWS\SYSTEM32\ddcBSKAR.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O20 - Winlogon Notify: tuvtqqp - tuvtqqp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 15945 bytes

End of HJT log


Thanks,

Ura-Maru
--
I suppose it's like swimming away from a shark. I just have to be more of a geek than the rest of my family, without regard to my absolute geek ranking.

Shaba
2008-06-21, 18:55
Hi Ura-Maru

Please upload this file:

C:\Program Files\BChanger\bchanger.dll here (http://www.bleepingcomputer.com/submit-malware.php?channel=8) and fill in requested info.

Let me know when you have done it and we'll continue :)

Ura-Maru
2008-06-22, 02:52
Ok, I've sent it in.

Thanks,
Ura-Maru

miekiemoes
2008-06-22, 11:58
Hi,

Sorry to jump in for a second..

Do you know what program the C:\Program Files\BChanger is?
Did you install it? If so, can you provide us the info and link where you can download it?
If you don't know the program, then please zip the entire BChanger folder and upload it here as well: http://www.bleepingcomputer.com/submit-malware.php?channel=8

Thank you very much for your cooperation.

Shaba will assist you further. :)

Shaba
2008-06-22, 12:09
No problem mieke :)

Ura-Maru, after you have done what miekemoes requested, please do this:

Create own folder for HijackThis to desktop and move it into that folder.

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

Ura-Maru
2008-06-22, 23:26
The zip's sent off. I have no idea what it is or where it came from. The dates imply it's just a few days old, and no one should have been using the computer since then for anything. (except myself, trying to fix it)

Should have may be the oprative phrase, however.

I ran ComboFix from Safe Mode, but it rebooted into normal mode, which meant some starter aps and a couple of pop-ups came up before it was finished. I hope this dosn't alter it's results.

I probably should have asked before running it, but I can't use Task Manager to help it along if it runs into difficulty. (it didn't this time) Is that a real problem?


ComboFix Log

ComboFix 08-06-20.4 - Edwina 2008-06-22 15:48:29.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.308 [GMT -4:00]
Running from: C:\Documents and Settings\Edwina\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Edwina\Application Data\ICROSO~1
C:\Documents and Settings\Edwina\Application Data\ICROSO~1\?icrosoft\
C:\Documents and Settings\Edwina\Application Data\ICROSO~1\nslookup.exe
C:\Documents and Settings\Edwina\My Documents\FNTS~1
C:\Documents and Settings\Edwina\My Documents\FNTS~1\r?ndll32.exe
C:\Documents and Settings\Edwina\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Edwina\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Edwina\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\AntiSpywareMaster
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Windows Plus\quka.dll
C:\Program Files\Windows Plus\quka83.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\BM738e7352.xml
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll
C:\WINDOWS\system32\aacxastw.ini
C:\WINDOWS\system32\AbJmnnpo.ini
C:\WINDOWS\system32\AbJmnnpo.ini2
C:\WINDOWS\system32\aciplwra.ini
C:\WINDOWS\system32\acpuunuf.ini
C:\WINDOWS\system32\akjwfmga.ini
C:\WINDOWS\system32\apdfgsku.ini
C:\WINDOWS\system32\bannugfs.ini
C:\WINDOWS\system32\becicpxv.ini
C:\WINDOWS\system32\bgnesihi.ini
C:\WINDOWS\system32\bkynplwo.ini
C:\WINDOWS\system32\bpfakeeu.ini
C:\WINDOWS\system32\bvmkfyln.ini
C:\WINDOWS\system32\byXOhEvV.dll
C:\WINDOWS\system32\ckiuqhqw.ini
C:\WINDOWS\system32\csweltpj.ini
C:\WINDOWS\system32\cvkjbvhu.ini
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\daSgo02\daSgo021099.exe
C:\WINDOWS\system32\ddcBSKAR.dll
C:\WINDOWS\system32\dfbawjbl.ini
C:\WINDOWS\system32\dhajojtj.dll
C:\WINDOWS\system32\dhlawokg.ini
C:\WINDOWS\system32\djmkygst.ini
C:\WINDOWS\system32\drivers\fltmgrr.sys
C:\WINDOWS\system32\dsrheyrl.ini
C:\WINDOWS\system32\duywoait.ini
C:\WINDOWS\system32\dwfrjckk.exe
C:\WINDOWS\system32\dyytnyel.ini
C:\WINDOWS\system32\eabptpit.ini
C:\WINDOWS\system32\epjmfbqy.ini
C:\WINDOWS\system32\erhtlcjv.ini
C:\WINDOWS\system32\eshpbknf.ini
C:\WINDOWS\system32\evevwbtd.ini
C:\WINDOWS\system32\exnnumjs.ini
C:\WINDOWS\system32\eytdwbiw.ini
C:\WINDOWS\system32\fhapnrou.dll
C:\WINDOWS\system32\fjwmyiqu.ini
C:\WINDOWS\system32\fnlrfnmd.ini
C:\WINDOWS\system32\fopndnsn.ini
C:\WINDOWS\system32\fxfynujj.ini
C:\WINDOWS\system32\g99.exe
C:\WINDOWS\system32\gbymcbkk.dll
C:\WINDOWS\system32\gdycebiq.ini
C:\WINDOWS\system32\GhjRuBeg.ini
C:\WINDOWS\system32\GhjRuBeg.ini2
C:\WINDOWS\system32\gnveqkgy.ini
C:\WINDOWS\system32\gobdvcmu.ini
C:\WINDOWS\system32\gokgxhey.dll
C:\WINDOWS\system32\gqjevatm.ini
C:\WINDOWS\system32\GQYbaGgh.ini
C:\WINDOWS\system32\GQYbaGgh.ini2
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hcudrbyt.ini
C:\WINDOWS\system32\henopawt.ini
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hkvdcdxk.ini
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hrnecgrf.ini
C:\WINDOWS\system32\iccdewwm.ini
C:\WINDOWS\system32\iivijmun.ini
C:\WINDOWS\system32\iivqtjsk.ini
C:\WINDOWS\system32\ijocbojp.ini
C:\WINDOWS\system32\ikjvolxa.ini
C:\WINDOWS\system32\isgnpyhl.ini
C:\WINDOWS\system32\itevgvgf.ini
C:\WINDOWS\system32\iulkuvtb.ini
C:\WINDOWS\system32\jhinhrxs.ini
C:\WINDOWS\system32\jjcikwfs.dll
C:\WINDOWS\system32\jlmkycta.dll
C:\WINDOWS\system32\jmmxljkk.exe
C:\WINDOWS\system32\kcaxgeya.ini
C:\WINDOWS\system32\kcofjapv.ini
C:\WINDOWS\system32\knhsjupi.ini
C:\WINDOWS\system32\kpopcifs.ini
C:\WINDOWS\system32\krcfjory.ini
C:\WINDOWS\system32\kryloqvw.ini
C:\WINDOWS\system32\lcoigwaj.ini
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\lmlwpokg.dll
C:\WINDOWS\system32\lnmwvuyl.ini
C:\WINDOWS\system32\lryehrsd.dll
C:\WINDOWS\system32\lsmphtxw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgmbbtce.ini
C:\WINDOWS\system32\mhsvxujn.dll
C:\WINDOWS\system32\mlvasgsj.ini
C:\WINDOWS\system32\mmUuCJjl.ini
C:\WINDOWS\system32\mmUuCJjl.ini2
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\mrrbrbce.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\myugshea.dll
C:\WINDOWS\system32\nadbhgkp.ini
C:\WINDOWS\system32\nafaytad.ini
C:\WINDOWS\system32\ncntqkdm.exe
C:\WINDOWS\system32\nikbjfjw.ini
C:\WINDOWS\system32\nixfukxm.dll
C:\WINDOWS\system32\nodhijto.ini
C:\WINDOWS\system32\noidyeea.ini
C:\WINDOWS\system32\obvpqahh.ini
C:\WINDOWS\system32\ocaumgvi.ini
C:\WINDOWS\system32\opnnmJbA.dll
C:\WINDOWS\system32\ouigwfwg.ini
C:\WINDOWS\system32\oyjgivgx.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pemhkord.ini
C:\WINDOWS\system32\pkghbdan.dll
C:\WINDOWS\system32\pmtplcei.ini
C:\WINDOWS\system32\ppgpgqkc.ini
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pqogvmxx.dll
C:\WINDOWS\system32\qdbnjsfy.ini
C:\WINDOWS\system32\qnfjimtx.ini
C:\WINDOWS\system32\qrmydyef.ini
C:\WINDOWS\system32\qtrqyuqv.ini
C:\WINDOWS\system32\rdhpkkpb.ini
C:\WINDOWS\system32\reantnkf.ini
C:\WINDOWS\system32\rsbjqoip.ini
C:\WINDOWS\system32\rsYFgfii.ini
C:\WINDOWS\system32\rsYFgfii.ini2
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\scaxlmfy.dll
C:\WINDOWS\system32\sfanohmw.dll
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\slqkfgmc.ini
C:\WINDOWS\system32\soigvrpg.ini
C:\WINDOWS\system32\syfusepb.ini
C:\WINDOWS\system32\tcntaxdn.exe
C:\WINDOWS\system32\thvcgnev.ini
C:\WINDOWS\system32\tidhmvsa.ini
C:\WINDOWS\system32\tsmakdfr.ini
C:\WINDOWS\system32\ubaoenss.ini
C:\WINDOWS\system32\ubcoinbf.ini
C:\WINDOWS\system32\ujlpdmid.ini
C:\WINDOWS\system32\ukeumlen.ini
C:\WINDOWS\system32\uqavtges.ini
C:\WINDOWS\system32\uwgormjd.ini
C:\WINDOWS\system32\vbntukjl.dll
C:\WINDOWS\system32\vjmxaqtp.ini
C:\WINDOWS\system32\vwiymvho.ini
C:\WINDOWS\system32\waeedgjj.ini
C:\WINDOWS\system32\wftgqabf.ini
C:\WINDOWS\system32\whhkbjov.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wkcfjscl.ini
C:\WINDOWS\system32\wrlakfmh.ini
C:\WINDOWS\system32\wyr.dll
C:\WINDOWS\system32\xajghfhe.ini
C:\WINDOWS\system32\xobglmbh.ini
C:\WINDOWS\system32\xosdtadt.ini
C:\WINDOWS\system32\xtwqbjey.dll
C:\WINDOWS\system32\xwmlwtfr.ini
C:\WINDOWS\system32\xwvheybw.ini
C:\WINDOWS\system32\ybaxxnvw.ini
C:\WINDOWS\system32\yclvlrkm.exe
C:\WINDOWS\system32\yigjhnfx.ini
C:\WINDOWS\system32\ykghqmyi.ini
C:\WINDOWS\system32\ymjrgdjj.ini
C:\WINDOWS\system32\ynqkddtd.dll
C:\WINDOWS\system32\yxglhuoy.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
C:\WINDOWS\ymante~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FLTMGRR
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Service_fltmgrr
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 15:57 . 2008-06-22 15:57 2,019 --a------ C:\WINDOWS\default.htm
2008-06-22 15:28 . 2008-06-22 15:28 41,379 --a------ C:\Program Files\BChanger.zip
2008-06-19 19:53 . 2008-06-22 15:28 <DIR> d-------- C:\Program Files\BChanger
2008-06-17 21:00 . 2008-06-17 21:00 167,976 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-17 19:51 . 2008-06-17 19:51 130 --a------ C:\WINDOWS\ODBC.INI
2008-06-17 18:43 . 2008-06-19 20:03 63,902 --a------ C:\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll-uninst.exe
2008-06-15 19:43 . 2008-06-17 20:07 <DIR> d-------- C:\Program Files\new antispyware
2008-06-11 17:33 . 2008-06-19 19:53 <DIR> d-------- C:\Program Files\GetModule
2008-06-11 17:32 . 2008-06-11 17:32 <DIR> d-------- C:\Program Files\iCheck
2008-06-11 17:32 . 2008-06-17 19:03 <DIR> d-------- C:\Program Files\GetPack
2008-06-11 17:31 . 2008-06-19 19:53 <DIR> d-------- C:\Program Files\altcmd
2008-06-07 19:54 . 2008-06-07 19:54 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\WeatherStudio
2008-06-06 17:22 . 2008-06-11 17:32 586 --ahs---- C:\WINDOWS\system32\txjoswaf.ini
2008-06-05 19:00 . 2008-06-06 03:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio
2008-06-05 16:43 . 2008-06-05 16:43 49,184 --a------ C:\WINDOWS\system32\jpwnw64k.exe
2008-06-05 12:20 . 2008-06-05 12:20 65,528 --a------ C:\WINDOWS\b104.exe.bin
2008-06-05 12:16 . 2008-06-05 12:16 16,382 --a------ C:\WINDOWS\b103.exe.bin
2008-06-05 12:06 . 2008-06-05 12:06 57,337 --a------ C:\WINDOWS\b156.exe.bin
2008-06-04 12:02 . 2008-06-07 00:30 95,833 --a------ C:\WINDOWS\system32\{469104d8-d9e1-bead-e4fe-8ed6459d9bc1}.dll-uninst.exe
2008-06-04 11:58 . 2008-06-04 12:02 135,168 --a------ C:\WINDOWS\TEK76.exe
2008-06-04 11:57 . 2008-06-04 11:57 <DIR> d-------- C:\WINDOWS\system32\vntiho01
2008-06-04 11:57 . 2008-06-11 21:23 <DIR> d-------- C:\WINDOWS\system32\Vco1
2008-06-04 11:57 . 2008-06-15 20:28 <DIR> d-------- C:\WINDOWS\system32\sTMP
2008-06-04 11:57 . 2008-06-11 21:23 <DIR> d-------- C:\WINDOWS\system32\fIE
2008-06-04 11:57 . 2008-06-11 21:23 <DIR> d-------- C:\WINDOWS\system32\Dev3
2008-06-04 11:57 . 2008-06-15 20:28 <DIR> d-------- C:\WINDOWS\system32\a053
2008-06-04 11:57 . 2008-06-11 21:23 <DIR> d-------- C:\WINDOWS\system32\6026c
2008-06-04 11:57 . 2008-06-04 11:57 87,513 --a------ C:\WINDOWS\system32\iftuyszv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 19:53 --------- d-----w C:\Program Files\Windows Plus
2008-06-20 22:09 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-20 00:00 --------- d-----w C:\Documents and Settings\Edwina\Application Data\WeatherStudio
2008-06-19 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WeatherStudio
2008-06-18 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 23:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-06 21:25 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 01:00 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2008-05-01 23:49 --------- d-----w C:\Program Files\Picasa2
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-27 07:09 368,640 ----a-w C:\WINDOWS\system32\pmls.dll
2008-03-26 14:17 118,784 ----a-w C:\WINDOWS\system32\pmai.dll
2007-11-12 01:38 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-15 06:11 29,184 ----a-w C:\Documents and Settings\Edwina\wn0008.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08878A8B-3971-4643-88BB-1E1E424890EA}]
C:\WINDOWS\system32\pmkhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26D1A2E6-28F9-43E6-9A0D-A68BE6D35FA6}]
C:\WINDOWS\system32\iifgFYsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32131238-5434-4234-4234-432432423432}]
2008-06-22 15:59 147456 --a------ C:\Program Files\altcmd\altcmd32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]
2008-06-19 10:21 36864 --a------ C:\Program Files\BChanger\bchanger.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D7F9440-8E65-44B9-98B1-0C72697E376C}]
C:\WINDOWS\system32\ljJCuUmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D384FC7-4CB4-4B13-B718-E148B20CA232}]
C:\WINDOWS\system32\hgGabYQG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFE82785-BE10-4186-9597-C2B5B9FE9290}]
C:\WINDOWS\system32\awtss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E89CD8A6-BD36-459C-B131-96167C31B28D}]
C:\WINDOWS\system32\geBuRjhG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14 57344]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"Uaol"="C:\DOCUME~1\Edwina\APPLIC~1\ICROSO~1\nslookup.exe" [ ]
"Mpsp"="C:\Documents and Settings\Edwina\My Documents\F?nts\r?ndll32.exe" [ ]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]
"GetPack19"="C:\Program Files\GetPack\GetPack19.exe" [2008-06-17 05:56 350208]
"GetModule19"="C:\Program Files\GetModule\GetModule19.exe" [2008-06-17 05:58 351744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 01:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 01:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 01:10 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-30 00:46 98304]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 12:06 40960]
"WeatherStudio Desktop"="C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe" [ ]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 09:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-25 11:24 180269]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 13:21 116224]
"UADC_3354481086"="C:\Program Files\AdvancedCleaner Free\UADCcw.exe" [ ]
"PremierOpinion"="c:\windows\system32\pmropn.exe" [2008-01-30 20:45 1609728]
"{D4-40-06-61-DW}"="C:\windows\system32\rwwnw64d.exe" [ ]
"avast!"="C:\Program Files\new antispyware\avast4\ashDisp.exe" [2003-05-12 09:52 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-08-31 15:40:17 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\WINDOWS\system32\pmls.dll 2008-03-27 03:09 368640 C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqqp]
tuvtqqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\pmai.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\windows\\system32\\pmropn.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 13:00:02 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 15:57:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\silc_dll.dll 53248 bytes executable
C:\WINDOWS\system32\model.dat 1358156 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\ehome\ehRec.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2008-06-22 16:01:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 20:01:26

Pre-Run: 56,748,232,704 bytes free
Post-Run: 57,714,450,432 bytes free

461 --- E O F --- 2008-05-17 07:03:04

end Combofix Log


HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:01 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\windows\system32\pmropn.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Edwina\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDyUaazwlbdhfHCPEqWo1WDdP37y3JssqXcdJwcrdT4zUOFXJUY3PYbiqvgjrRTE7Y9hR2LLqMtkxEVCYiYeWnUthIIXuv7V/82v3UIyG2BZAL5upcdgb3jA==
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {08878A8B-3971-4643-88BB-1E1E424890EA} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {26D1A2E6-28F9-43E6-9A0D-A68BE6D35FA6} - C:\WINDOWS\system32\iifgFYsr.dll (file missing)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {4D7F9440-8E65-44B9-98B1-0C72697E376C} - C:\WINDOWS\system32\ljJCuUmm.dll (file missing)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O2 - BHO: (no name) - {8D384FC7-4CB4-4B13-B718-E148B20CA232} - C:\WINDOWS\system32\hgGabYQG.dll (file missing)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {CFE82785-BE10-4186-9597-C2B5B9FE9290} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {E89CD8A6-BD36-459C-B131-96167C31B28D} - C:\WINDOWS\system32\geBuRjhG.dll (file missing)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe"
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [UADC_3354481086] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
O4 - HKLM\..\Run: [{D4-40-06-61-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Edwina\APPLIC~1\ICROSO~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [Mpsp] "C:\Documents and Settings\Edwina\My Documents\F?nts\r?ndll32.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [GetPack19] "C:\Program Files\GetPack\GetPack19.exe"
O4 - HKCU\..\Run: [GetModule19] "C:\Program Files\GetModule\GetModule19.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntqkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O20 - Winlogon Notify: tuvtqqp - tuvtqqp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 11378 bytes


End HJT Log


Thanks, Again
Ura-Maru

Shaba
2008-06-23, 17:09
Hi

Please post next HijackThis log taken in normal mode :)

Ura-Maru
2008-06-24, 01:15
Sorry about that.

Normal Mode HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:10 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\windows\system32\pmropn.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\GetPack\GetPack19.exe
C:\Program Files\GetModule\GetModule19.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Edwina\Desktop\HiJackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\f1570947f8ce451e47060cfdc13f1bf1\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDyUaazwlbdhfHCPEqWo1WDdP37y3JssqXcdJwcrdT4zUOFXJUY3PYbiqvgjrRTE7Y9hR2LLqMtkxEVCYiYeWnUthIIXuv7V/82v3UIyG2BZAL5upcdgb3jA==
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {08878A8B-3971-4643-88BB-1E1E424890EA} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {26D1A2E6-28F9-43E6-9A0D-A68BE6D35FA6} - C:\WINDOWS\system32\iifgFYsr.dll (file missing)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {4D7F9440-8E65-44B9-98B1-0C72697E376C} - C:\WINDOWS\system32\ljJCuUmm.dll (file missing)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O2 - BHO: (no name) - {8D384FC7-4CB4-4B13-B718-E148B20CA232} - C:\WINDOWS\system32\hgGabYQG.dll (file missing)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {CFE82785-BE10-4186-9597-C2B5B9FE9290} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {E89CD8A6-BD36-459C-B131-96167C31B28D} - C:\WINDOWS\system32\geBuRjhG.dll (file missing)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe"
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [UADC_3354481086] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
O4 - HKLM\..\Run: [{D4-40-06-61-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Edwina\APPLIC~1\ICROSO~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [Mpsp] "C:\Documents and Settings\Edwina\My Documents\F?nts\r?ndll32.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [GetPack19] "C:\Program Files\GetPack\GetPack19.exe"
O4 - HKCU\..\Run: [GetModule19] "C:\Program Files\GetModule\GetModule19.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntqkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O20 - Winlogon Notify: tuvtqqp - tuvtqqp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 12811 bytes

End of HJT log


Normal Mode ComboFix log:

ComboFix 08-06-20.4 - Edwina 2008-06-23 17:53:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -4:00]
Running from: C:\Documents and Settings\Edwina\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Edwina\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Edwina\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Edwina\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Edwina\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Edwina\Start Menu\Programs\Startup\DW_Start.lnk
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\b103.exe.bin
C:\WINDOWS\b104.exe.bin
C:\WINDOWS\b156.exe.bin
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.

2008-06-22 16:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 16:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-22 15:28 . 2008-06-22 15:28 41,379 --a------ C:\Program Files\BChanger.zip
2008-06-19 19:53 . 2008-06-22 15:28 <DIR> d-------- C:\Program Files\BChanger
2008-06-17 19:51 . 2008-06-17 19:51 130 --a------ C:\WINDOWS\ODBC.INI
2008-06-17 18:43 . 2008-06-19 20:03 63,902 --a------ C:\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll-uninst.exe
2008-06-15 19:43 . 2008-06-17 20:07 <DIR> d-------- C:\Program Files\new antispyware
2008-06-11 17:33 . 2008-06-19 19:53 <DIR> d-------- C:\Program Files\GetModule
2008-06-11 17:32 . 2008-06-11 17:32 <DIR> d-------- C:\Program Files\iCheck
2008-06-11 17:32 . 2008-06-17 19:03 <DIR> d-------- C:\Program Files\GetPack
2008-06-11 17:31 . 2008-06-23 18:01 <DIR> d-------- C:\Program Files\altcmd
2008-06-07 19:54 . 2008-06-07 19:54 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\WeatherStudio
2008-06-06 17:22 . 2008-06-11 17:32 586 --ahs---- C:\WINDOWS\system32\txjoswaf.ini
2008-06-05 19:00 . 2008-06-06 03:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio
2008-06-05 16:43 . 2008-06-05 16:43 49,184 --a------ C:\WINDOWS\system32\jpwnw64k.exe
2008-06-04 12:02 . 2008-06-07 00:30 95,833 --a------ C:\WINDOWS\system32\{469104d8-d9e1-bead-e4fe-8ed6459d9bc1}.dll-uninst.exe
2008-06-04 11:58 . 2008-06-04 12:02 135,168 --a------ C:\WINDOWS\TEK76.exe
2008-06-04 11:57 . 2008-06-04 11:57 <DIR> d-------- C:\WINDOWS\system32\vntiho01
2008-06-04 11:57 . 2008-06-11 21:23 <DIR> d-------- C:\WINDOWS\system32\Vco1
2008-06-04 11:57 . 2008-06-15 20:28 <DIR> d-------- C:\WINDOWS\system32\sTMP
2008-06-04 11:57 . 2008-06-11 21:23 <DIR> d-------- C:\WINDOWS\system32\fIE
2008-06-04 11:57 . 2008-06-11 21:23 <DIR> d-------- C:\WINDOWS\system32\Dev3
2008-06-04 11:57 . 2008-06-15 20:28 <DIR> d-------- C:\WINDOWS\system32\a053
2008-06-04 11:57 . 2008-06-11 21:23 <DIR> d-------- C:\WINDOWS\system32\6026c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 21:53 --------- d-----w C:\Documents and Settings\Edwina\Application Data\WeatherStudio
2008-06-23 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WeatherStudio
2008-06-22 19:53 --------- d-----w C:\Program Files\Windows Plus
2008-06-18 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 23:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-06 21:25 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-01 23:49 --------- d-----w C:\Program Files\Picasa2
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2007-11-12 01:38 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-15 06:11 29,184 ----a-w C:\Documents and Settings\Edwina\wn0008.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-22_16.01.06.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-22 19:56:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 22:01:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:35:13 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 04:55:40 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 18:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-10 11:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
- 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08878A8B-3971-4643-88BB-1E1E424890EA}]
C:\WINDOWS\system32\pmkhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26D1A2E6-28F9-43E6-9A0D-A68BE6D35FA6}]
C:\WINDOWS\system32\iifgFYsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32131238-5434-4234-4234-432432423432}]
2008-06-23 18:04 147456 --a------ C:\Program Files\altcmd\altcmd32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]
2008-06-19 10:21 36864 --a------ C:\Program Files\BChanger\bchanger.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D7F9440-8E65-44B9-98B1-0C72697E376C}]
C:\WINDOWS\system32\ljJCuUmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D384FC7-4CB4-4B13-B718-E148B20CA232}]
C:\WINDOWS\system32\hgGabYQG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFE82785-BE10-4186-9597-C2B5B9FE9290}]
C:\WINDOWS\system32\awtss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E89CD8A6-BD36-459C-B131-96167C31B28D}]
C:\WINDOWS\system32\geBuRjhG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14 57344]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"Uaol"="C:\DOCUME~1\Edwina\APPLIC~1\ICROSO~1\nslookup.exe" [ ]
"Mpsp"="C:\Documents and Settings\Edwina\My Documents\F?nts\r?ndll32.exe" [ ]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]
"GetPack19"="C:\Program Files\GetPack\GetPack19.exe" [2008-06-17 05:56 350208]
"GetModule19"="C:\Program Files\GetModule\GetModule19.exe" [2008-06-17 05:58 351744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 01:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 01:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 01:10 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-30 00:46 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 12:06 40960]
"WeatherStudio Desktop"="C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe" [ ]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 09:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-25 11:24 180269]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 13:21 116224]
"UADC_3354481086"="C:\Program Files\AdvancedCleaner Free\UADCcw.exe" [ ]
"PremierOpinion"="c:\windows\system32\pmropn.exe" [2008-01-30 20:45 1609728]
"{D4-40-06-61-DW}"="C:\windows\system32\rwwnw64d.exe" [ ]
"avast!"="C:\Program Files\new antispyware\avast4\ashDisp.exe" [2003-05-12 09:52 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Edwina\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-01-02 17:24:38 225280]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2006-04-07 19:26:07 158208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-08-31 15:40:17 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\WINDOWS\system32\pmls.dll 2008-03-27 03:09 368640 C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqqp]
tuvtqqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\pmai.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\windows\\system32\\pmropn.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 13:00:02 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 18:01:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-06-23 18:05:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 22:05:34
ComboFix2.txt 2008-06-22 20:01:32

Pre-Run: 57,661,329,408 bytes free
Post-Run: 57,573,425,152 bytes free

411 --- E O F --- 2008-06-23 22:00:02

End of ComboFix log.


Thanks,
Ura-Maru

Shaba
2008-06-24, 16:59
Hi

Please click this link-->Jotti (http://virusscan.jotti.org/)

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\pmai.dll

Repeat steps for all files on the list.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Ura-Maru
2008-06-24, 23:56
Hopefully this is readable enough . . .

Start of scanner results:

File: pmai.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 64c9b467f6408efc3e7f69c6d86aead8
Packers detected: -

Scanner results
Scan taken on 24 Jun 2008 20:45:05 (GMT)
A-Squared Found Adware.Win32.BHO.th
AntiVir Found ADSPY/Bho.TH.1
ArcaVir Found Adware.Bho.Th
Avast Found Win32:Adware-gen
AVG Antivirus Found nothing
BitDefender Found Adware.BHO.WRM
ClamAV Found Adware.BHO-424
CPsecure Found AdWare.W32.BHO.th
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Adware:W32/MarketScore.C (3, 1, 206), not-a-virus:AdWare.Win32.BHO.th (4, 1, 400)
Fortinet Found Adware/BHO
Ikarus Found not-a-virus:AdWare.Win32.BHO.th
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.BHO.th
NOD32 Found nothing
Norman Virus Control Found W32/BHO.BYS
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.BHO.th

End of Scanner Log

Thanks,
Ura-Maru

Ura-Maru
2008-06-25, 00:00
I wasn't sure if the last part of the page was part of the results or not. If so, here it is. If not, I guess it can be ignored.

Start of Possible Scanner Results:

Statistics
Last file scanned at least one scanner reported something about:
Tibia_Addons_NG.exe (MD5: 61ab3410a0326afa3e2dff52fd6a1cd0, size: 599409
bytes), detected by:

Scanner Malware name
A-Squared Trojan-Spy.Win32.KeyLogger.bd
AntiVir TR/Dropper.Gen
ArcaVir X
Avast Win32:Trojano-1134
AVG Antivirus PSW.Banker3.XOY
BitDefender Generic.Perfloger.1BE24CFA
ClamAV Trojan.Perflog.arc-7
CPsecure Monitor.W32.Perflogger.ad
Dr.Web Trojan.Peflog.168
F-Prot Antivirus W32/Banker.ALWM
F-Secure Anti-Virus
Monitoring-Tool:W32/BlazingTools-PerfectKeylogger.B (6, 2, 0)
Fortinet X
Ikarus Trojan-Spy.Win32.Perfloger.I
Kaspersky Anti-Virus not-a-virus:Monitor.Win32.Perflogger.ca
NOD32 X
Norman Virus Control W32/Banker.IMX
Panda Antivirus Trj/Keylog.MF
Sophos Antivirus Mal/Heuri-E
VirusBuster X
VBA32 Win32.Spy.PerfKey

End of Scanner Results?

Thanks,
Ura-Maru

Shaba
2008-06-25, 15:11
Hi

Sure it is :)

Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\WINDOWS\system32\pmai.dll

Go to spykiller (http://www.thespykiller.co.uk/index.php?PHPSESSID=d65884362fbc872b70e1a9a9a7e13700&board=1.0)

Press new topic, make threads title "Files for Shaba"
Include to your message a link to here, then attach the cab/zip file to your message and post the topic
If you cant locate it through the browse button just copy/paste the filename and path.

After that:

Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\Program Files\BChanger.zip
C:\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll-uninst.exe
C:\WINDOWS\system32\txjoswaf.ini
C:\WINDOWS\system32\jpwnw64k.exe C:\WINDOWS\system32\{469104d8-d9e1-bead-e4fe-8ed6459d9bc1}.dll-uninst.exe
C:\WINDOWS\TEK76.exe
C:\Documents and Settings\Edwina\wn0008.exe

Folder::
C:\WINDOWS\system32\vntiho01
C:\WINDOWS\system32\Vco1
C:\WINDOWS\system32\sTMP
C:\WINDOWS\system32\fIE
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\a053
C:\WINDOWS\system32\6026c
C:\Program Files\new antispyware
C:\Program Files\GetModule
C:\Program Files\iCheck
C:\Program Files\GetPack
C:\Program Files\altcmd
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio
C:\Program Files\BChanger
C:\Documents and Settings\Edwina\Application Data\WeatherStudio
C:\Documents and Settings\All Users\Application Data\WeatherStudio
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08878A8B-3971-4643-88BB-1E1E424890EA}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26D1A2E6-28F9-43E6-9A0D-A68BE6D35FA6}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32131238-5434-4234-4234-432432423432}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D7F9440-8E65-44B9-98B1-0C72697E376C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D384FC7-4CB4-4B13-B718-E148B20CA232}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFE82785-BE10-4186-9597-C2B5B9FE9290}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E89CD8A6-BD36-459C-B131-96167C31B28D}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uaol"=-
"Mpsp"=-
"GetPack19"=-
"GetModule19"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherStudio Desktop"=-
"UADC_3354481086"=-
"PremierOpinion"=-
"{D4-40-06-61-DW}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqqp]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Ura-Maru
2008-06-25, 21:55
Vast improvement! No pop-ups, and running at what seems to be normal speed on reboot.

I've taken the liberty of hiding a few vital cables, so no one should be able to mess with it until you've given me the ok. :)

The packaged file is sent off. The ComboFix log puts this post over the character limit, so it'll follow.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:54 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\VSTASCAN\vsaccess.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Edwina\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll (file missing)
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8320 bytes


end HJT log



Thanks, (a lot!)
Ura-Maru

Ura-Maru
2008-06-25, 21:58
It's still too long.

ComboFix log, first half:

ComboFix 08-06-20.4 - Edwina 2008-06-25 14:27:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT -4:00]
Running from: C:\Documents and Settings\Edwina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Edwina\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Edwina\wn0008.exe
C:\Program Files\BChanger.zip
C:\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll-uninst.exe
C:\WINDOWS\system32\jpwnw64k.exe C:\WINDOWS\system32\{469104d8-d9e1-bead-e4fe-8ed6459d9bc1}.dll-uninst.exe
C:\WINDOWS\system32\txjoswaf.ini
C:\WINDOWS\TEK76.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WeatherStudio
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\newsreadericon.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\newsreadericon_over.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\newsreadericonxp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\newsreadericonxp_over.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\WeatherStudio\contexts\Error.xml
C:\Documents and Settings\All Users\Application Data\WeatherStudio\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\WeatherStudio\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\clear.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\cloudy.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\cold.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\foggy.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\haze.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\mcloud.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\na.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\nclear.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\ncloudy.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\ncold.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\nfoggy.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\nfrain.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\nmcloud.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\nna.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\nnoicon.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\npcloud.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\nrain.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\nsnow.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\pcloud.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\rain.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\snow.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\tstorm.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\News\all_feeds_summary.xsl
C:\Documents and Settings\All Users\Application Data\WeatherStudio\News\atom_0_3_to_rss_2_0.xsl
C:\Documents and Settings\All Users\Application Data\WeatherStudio\News\date_time.xsl
C:\Documents and Settings\All Users\Application Data\WeatherStudio\News\get_feed_format.xsl
C:\Documents and Settings\All Users\Application Data\WeatherStudio\News\home_headlines.xsl
C:\Documents and Settings\All Users\Application Data\WeatherStudio\News\home_sources.xsl
C:\Documents and Settings\All Users\Application Data\WeatherStudio\News\rss_1_0_to_rss_2_0.xsl
C:\Documents and Settings\All Users\Application Data\WeatherStudio\News\w3cdtf_to_rfc822.xsl
C:\Documents and Settings\All Users\Application Data\WeatherStudio\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\WeatherStudio\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\WeatherStudio\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\WeatherStudio\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\WeatherStudio\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\WeatherStudio\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\WeatherStudio\Tem1A69.tmp
C:\Documents and Settings\All Users\Application Data\WeatherStudio\U09760C40.exe
C:\Documents and Settings\Edwina\Application Data\WeatherStudio
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Configurator\ConfiguratorOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Configurator\ConfiguratorOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Games\GamesOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Games\GamesOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Layouts\WeatherLayout.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Manager\ManagerOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Movies\MoviesOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_0.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_1.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_10.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_11.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_2.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_3.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_4.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_5.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_6.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_7.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_8.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\Feeds\FEED_9.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\NewsOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\News\NewsOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Reference\ReferenceOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Tem2D.tmp
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Tem321.tmp
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Weather\AlertArchive.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Weather\AlertArchive.xml.backup
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Weather\WeatherOptions.xml
C:\Documents and Settings\Edwina\Application Data\WeatherStudio\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Edwina\wn0008.exe
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Configurator\ConfiguratorOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Configurator\ConfiguratorOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Games\GamesOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Games\GamesOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Movies\MoviesOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_0.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_1.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_10.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_11.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_2.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_3.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_4.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_5.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_6.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_7.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_8.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\Feeds\FEED_9.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\NewsOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\News\NewsOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Reference\ReferenceOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Weather\WeatherOptions.xml
C:\Documents and Settings\NetworkService\Application Data\WeatherStudio\Weather\WeatherOptions.xml.backup
C:\Program Files\altcmd
C:\Program Files\altcmd\altcmd.inf
C:\Program Files\altcmd\altcmd32.dll
C:\Program Files\altcmd\altcmd32.dll1
C:\Program Files\altcmd\uninstall.bat
C:\Program Files\BChanger
C:\Program Files\BChanger.zip
C:\Program Files\BChanger\bchanger.dll
C:\Program Files\BChanger\data.dat
C:\Program Files\BChanger\Uninstall.exe
C:\Program Files\GetModule
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\GetModule\GetModule19.exe
C:\Program Files\GetModule\kwdik.gz
C:\Program Files\GetModule\pckik.dat
C:\Program Files\GetPack
C:\Program Files\GetPack\dictame.gz
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetPack\GetPack19.exe
C:\Program Files\GetPack\trgtame.gz
C:\Program Files\iCheck
C:\Program Files\iCheck\Uninstall.exe
C:\Program Files\new antispyware
C:\Program Files\new antispyware\Ad Aware 2008\AAWLic.exe
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\Program Files\new antispyware\Ad Aware 2008\AAWTray.exe
C:\Program Files\new antispyware\Ad Aware 2008\Ad-Aware.exe
C:\Program Files\new antispyware\Ad Aware 2008\Ad-Watch.exe
C:\Program Files\new antispyware\Ad Aware 2008\alert.wav
C:\Program Files\new antispyware\Ad Aware 2008\CEAPI.dll
C:\Program Files\new antispyware\Ad Aware 2008\Help\Ad-Awaremanual-EN.chm
C:\Program Files\new antispyware\Ad Aware 2008\lavalicense.dll
C:\Program Files\new antispyware\Ad Aware 2008\lavamessage.dll
C:\Program Files\new antispyware\Ad Aware 2008\lsupdatemanager.exe
C:\Program Files\new antispyware\Ad Aware 2008\pkarchive85u.dll
C:\Program Files\new antispyware\Ad Aware 2008\Skin\Ad-Aware 2008.LGFF
C:\Program Files\new antispyware\Ad Aware 2008\Skin\Pink Friday.LGFF
C:\Program Files\new antispyware\Ad Aware 2008\threatwork.exe
C:\Program Files\new antispyware\Ad Aware 2008\unrar.dll
C:\Program Files\new antispyware\Ad Aware 2008\update.dll
C:\Program Files\new antispyware\Ad Aware 2008\upmanager.dll
C:\Program Files\new antispyware\avast4\Aavm4h.dll
C:\Program Files\new antispyware\avast4\AavmGuih.dll
C:\Program Files\new antispyware\avast4\AavmRpch.dll
C:\Program Files\new antispyware\avast4\AhAScr.dll
C:\Program Files\new antispyware\avast4\AhJsctNs.dll
C:\Program Files\new antispyware\avast4\AhResJs.dll
C:\Program Files\new antispyware\avast4\AhResMai.dll
C:\Program Files\new antispyware\avast4\AhResOut.dll
C:\Program Files\new antispyware\avast4\AhResStd.dll
C:\Program Files\new antispyware\avast4\AhRuiJs.dll
C:\Program Files\new antispyware\avast4\AhRuiMai.dll
C:\Program Files\new antispyware\avast4\AhRuiOut.dll
C:\Program Files\new antispyware\avast4\AhRuiStd.dll
C:\Program Files\new antispyware\avast4\ashAvast.exe
C:\Program Files\new antispyware\avast4\ashBase.dll
C:\Program Files\new antispyware\avast4\ashBug.exe
C:\Program Files\new antispyware\avast4\ashCfgP.dll
C:\Program Files\new antispyware\avast4\ashCfgT.dll
C:\Program Files\new antispyware\avast4\ashChest.dll
C:\Program Files\new antispyware\avast4\ashChest.exe
C:\Program Files\new antispyware\avast4\ashCmd.exe
C:\Program Files\new antispyware\avast4\ashDisp.exe
C:\Program Files\new antispyware\avast4\ashEnhcd.exe
C:\Program Files\new antispyware\avast4\ashLogV.exe
C:\Program Files\new antispyware\avast4\ashMaiSv.exe
C:\Program Files\new antispyware\avast4\ashOutXt.dll
C:\Program Files\new antispyware\avast4\ashPopWz.exe
C:\Program Files\new antispyware\avast4\ashQuick.exe
C:\Program Files\new antispyware\avast4\ashServ.exe
C:\Program Files\new antispyware\avast4\ashShell.dll
C:\Program Files\new antispyware\avast4\ashSimpl.exe
C:\Program Files\new antispyware\avast4\ashSkPcc.exe
C:\Program Files\new antispyware\avast4\ashSkPck.exe
C:\Program Files\new antispyware\avast4\ashSODBC.dll
C:\Program Files\new antispyware\avast4\ashSXML.dll
C:\Program Files\new antispyware\avast4\ashTask.dll
C:\Program Files\new antispyware\avast4\ashUInt.dll
C:\Program Files\new antispyware\avast4\aswAux.dll
C:\Program Files\new antispyware\avast4\aswBoot.exe
C:\Program Files\new antispyware\avast4\aswCmnB.dll
C:\Program Files\new antispyware\avast4\aswCmnOS.dll
C:\Program Files\new antispyware\avast4\aswCmnS.dll
C:\Program Files\new antispyware\avast4\aswEngin.dll
C:\Program Files\new antispyware\avast4\aswIdle.dll
C:\Program Files\new antispyware\avast4\aswInteg.dll
C:\Program Files\new antispyware\avast4\aswMonDS.sys
C:\Program Files\new antispyware\avast4\aswMonVD.dll
C:\Program Files\new antispyware\avast4\aswRes.dll
C:\Program Files\new antispyware\avast4\aswScan.dll
C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\Program Files\new antispyware\avast4\AVSSHOOK.dll
C:\Program Files\new antispyware\avast4\Data\400.vps
C:\Program Files\new antispyware\avast4\Data\Avast4.ini
C:\Program Files\new antispyware\avast4\Data\Avast4.mdb
C:\Program Files\new antispyware\avast4\Data\iNews.htm
C:\Program Files\new antispyware\avast4\Data\integ\avast.int
C:\Program Files\new antispyware\avast4\Data\log\aswBoot.log
C:\Program Files\new antispyware\avast4\Data\log\Error.log
C:\Program Files\new antispyware\avast4\Data\log\Notice.log
C:\Program Files\new antispyware\avast4\Data\log\setup.log
C:\Program Files\new antispyware\avast4\Data\report\aswBoot.txt
C:\Program Files\new antispyware\avast4\Data\report\avast.xsl
C:\Program Files\new antispyware\avast4\Data\report\background.gif
C:\Program Files\new antispyware\avast4\Data\report\logo.gif
C:\Program Files\new antispyware\avast4\Data\Skin\__snake.aswf
C:\Program Files\new antispyware\avast4\Data\Skin\__strike.aswf
C:\Program Files\new antispyware\avast4\Data\Skin\__vizer.aswf
C:\Program Files\new antispyware\avast4\Data\Skin\blue panel.asws
C:\Program Files\new antispyware\avast4\Data\Skin\low res.asws
C:\Program Files\new antispyware\avast4\Data\Skin\shadow fist.asws
C:\Program Files\new antispyware\avast4\Data\Skin\teak zeppelin.asws
C:\Program Files\new antispyware\avast4\DefTasks.xml
C:\Program Files\new antispyware\avast4\ENGLISH\aswBoot.lng
C:\Program Files\new antispyware\avast4\ENGLISH\aswClnTg.htm
C:\Program Files\new antispyware\avast4\ENGLISH\aswClnTg.txt
C:\Program Files\new antispyware\avast4\ENGLISH\aswInfTg.htm
C:\Program Files\new antispyware\avast4\ENGLISH\aswInfTg.txt
C:\Program Files\new antispyware\avast4\ENGLISH\Base.dll
C:\Program Files\new antispyware\avast4\ENGLISH\ENHANCED.HTM
C:\Program Files\new antispyware\avast4\ENGLISH\HELP\CheckListSimple.chm
C:\Program Files\new antispyware\avast4\ENGLISH\HELP\help.chm
C:\Program Files\new antispyware\avast4\ENGLISH\hover.wav
C:\Program Files\new antispyware\avast4\ENGLISH\Lang.dll
C:\Program Files\new antispyware\avast4\ENGLISH\LangMai.dll
C:\Program Files\new antispyware\avast4\ENGLISH\License.txt
C:\Program Files\new antispyware\avast4\ENGLISH\possible.wav
C:\Program Files\new antispyware\avast4\ENGLISH\press.wav
C:\Program Files\new antispyware\avast4\ENGLISH\Readme.txt
C:\Program Files\new antispyware\avast4\ENGLISH\ready.wav
C:\Program Files\new antispyware\avast4\ENGLISH\suspic.wav
C:\Program Files\new antispyware\avast4\ENGLISH\virfound.gif
C:\Program Files\new antispyware\avast4\ENGLISH\virfound.wav
C:\Program Files\new antispyware\avast4\ENGLISH\vpsupd.wav
C:\Program Files\new antispyware\avast4\images\background.bmp
C:\Program Files\new antispyware\avast4\images\main_01.jpg
C:\Program Files\new antispyware\avast4\images\main_02.jpg
C:\Program Files\new antispyware\avast4\images\main_06.jpg
C:\Program Files\new antispyware\avast4\images\main_07.jpg
C:\Program Files\new antispyware\avast4\images\main_08.jpg
C:\Program Files\new antispyware\avast4\images\main_12.jpg
C:\Program Files\new antispyware\avast4\images\main_13.jpg
C:\Program Files\new antispyware\avast4\images\main_19.jpg
C:\Program Files\new antispyware\avast4\images\main_20.jpg
C:\Program Files\new antispyware\avast4\sched.exe
C:\Program Files\new antispyware\avast4\Setup\core000000cb.vpu
C:\Program Files\new antispyware\avast4\Setup\f40900000082.vpu
C:\Program Files\new antispyware\avast4\Setup\h409000000c2.vpu
C:\Program Files\new antispyware\avast4\Setup\INF\AavmKer4.inf
C:\Program Files\new antispyware\avast4\Setup\INF\Aavmker4.sys
C:\Program Files\new antispyware\avast4\Setup\INF\aswMon.sys
C:\Program Files\new antispyware\avast4\Setup\INF\AswMon2.inf
C:\Program Files\new antispyware\avast4\Setup\INF\aswMon2.sys
C:\Program Files\new antispyware\avast4\Setup\mcor0000006f.vpu
C:\Program Files\new antispyware\avast4\Setup\n40900000013.vpu
C:\Program Files\new antispyware\avast4\Setup\packages.vpu
C:\Program Files\new antispyware\avast4\Setup\pro_00000029.vpu
C:\Program Files\new antispyware\avast4\Setup\servers.def
C:\Program Files\new antispyware\avast4\Setup\seti000000d3.vpu
C:\Program Files\new antispyware\avast4\Setup\setiface.dll
C:\Program Files\new antispyware\avast4\Setup\setu000000d3.vpu
C:\Program Files\new antispyware\avast4\Setup\setup.ini
C:\Program Files\new antispyware\avast4\Setup\setup.log
C:\Program Files\new antispyware\avast4\Setup\skin00000006.vpu
C:\Program Files\new antispyware\avast4\Setup\sys_00000003.vpu
C:\Program Files\new antispyware\avast4\Setup\vps_00030400.vpu
C:\Program Files\new antispyware\avast4\Setup\vpsm00030406.vpu
C:\Program Files\new antispyware\avast4\xerces-license.txt
C:\Program Files\new antispyware\avast4\xerces.dll
C:\Program Files\new antispyware\avast4\XT1922.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\advcheck.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\aports.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\blindman.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Default configuration.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\DelZip179.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.cd_clint.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.dap.gif
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.data.xml
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.default.gif
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.related.htm
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\GPBWUVNMAYWFHT.scr
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Brasil.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Cesky.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Deutsch.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\English.chm
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\English.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Espanol.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Francais.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Italiano.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Japanese.license.ansi.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Japanese.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Nederlands.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Polski.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Slovensky.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Srpski.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\AdvWhite.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Adware.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\AdwareC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Browserpages.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\CLSIDs.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Cookies.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Cookies.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Dialer.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Dialer.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\DialerC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Domains.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\FPFix.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\HeavyDuty.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Hijackers.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\HijackersC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Keyloggers.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\KeyloggersC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Logs.uts
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\LSP.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Malware.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\MalwareC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\OperaPlugins.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\ProcWatch.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\PUPS.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\PUPSC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegDFLinks.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegWatch.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegXLinks.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Revision.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Revision.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Searchpages.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Security.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SecurityC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Services.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Spybots.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SpybotsC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Spyware.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SpywareC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Startup.tnfo
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Targets.nfo
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Tracks.uti
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Trojans.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\TrojansC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\URL-Blacklist.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\X509White.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Afrikaans.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Arabic.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Azeri.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bahasa Indonesia.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Belarusskiy.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bosanski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Brasil.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bulgarski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Catalan.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Cesky.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Chinese (simplified).sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Chinese (traditional).sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Dansk.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Deutsch.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Eesti.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\English.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Espanol.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Esperanto.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Euskera.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Farsi.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Francais.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Furlan.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Galego.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hebrew.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hellenic.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hindi.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hrvatski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Islenska.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Italiano.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Japanese.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Korean.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Latvian.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Letzebuergesch.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Lietuviu.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Magyar.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Makedonski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Melayu.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Nederlands.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Norsk.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Polski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Portugues.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Romaneste.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Russkiy.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Shqip.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Slovenscina.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Slovensky.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Srpski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Suomi.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Svenska.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Thai.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Turkce.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Ukrainian.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Uzbek.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\LFMGZRMVMR.scr
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\messages.zres
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\OptOut.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Chai.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Fennel.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Mate.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\TCPIPAddress.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDDelFile.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDFiles.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDHelper.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDMain.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDShred.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDUpdate.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDWinSec.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Colorblind.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Italia.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Italia.jpg
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Peace.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Peace.jpg
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SpybotSD.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\TeaTimer.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Tools.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.dat
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.msg
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Update.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\clsid.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\desc.english.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\downloaded.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\fpfix.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\help.english.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.dialer.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.hijackers.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.keyloggers.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.malware.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.pups.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.security.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.spybots.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.trojans.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\online.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\online.ini.uiz
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugchai.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugfennel.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugmate.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\supplemental.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\XGSQZV.scr
C:\Program Files\new antispyware\Spybot - Search & Destroy\advcheck.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\aports.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\blindman.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy\borlndmm.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\Default configuration.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy\delphimm.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.dap.gif
C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.data.xml
C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.default.gif
C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.related.htm
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Brasil.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Cesky.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Deutsch.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.chm
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.Resident.chm
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Espanol.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Francais.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Italiano.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Japanese.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Nederlands.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Polski.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Slovensky.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Srpski.license.txt
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\AdvWhite.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Adware.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\AdwareC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Browserpages.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\CLSIDs.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Cookies.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Cookies.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Dialer.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Dialer.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\DialerC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Domains.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\FPFix.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Hijackers.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\HijackersC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Keyloggers.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Logs.uts
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\LSP.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\LSP.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Malware.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\MalwareC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\ProcWatch.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\PUPS.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\PUPSC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\RegWatch.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Revision.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Revision.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Searchpages.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Security.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SecurityC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Services.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Spybots.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SpybotsC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Spyware.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SpywareC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Startup.tnfo
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Targets.nfo
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Tracks.uti
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Trojans.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\TrojansC.sbi
C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Arabic.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Bosanski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Brasil.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Bulgarski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Catalan.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Cesky.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Dansk.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Deutsch.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Eesti.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\English.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Espanol.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Esperanto.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Euskera.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Farsi.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Francais.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Galego.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Greek.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Hebrew.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Hrvatski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Italiano.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Japanese.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Korean.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Latvian.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Lietuviu.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Magyar.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Makedonski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Melayu.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Nederlands.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Norsk.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Polski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Portugues.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Romaneste.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Russkiy.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Shqip.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Slovenscina.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Slovensky.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Srpski.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Suomi.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Svenska.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Thai.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Turkce.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Ukrainian.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Uzbek.sbl
C:\Program Files\new antispyware\Spybot - Search & Destroy\messages.zres
C:\Program Files\new antispyware\Spybot - Search & Destroy\OptOut.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Colorblind.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Italia.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Italia.jpg
C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Peace.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Peace.jpg
C:\Program Files\new antispyware\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy\Tools.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\unins000.dat
C:\Program Files\new antispyware\Spybot - Search & Destroy\unins000.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy\UnzDll.dll
C:\Program Files\new antispyware\Spybot - Search & Destroy\Update.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\advcheck153.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\clsid.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\desc.english.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\downloaded.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\fpfix.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\help.english.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\helpres.english.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\lang.english.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\mainapp152.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\online.ini
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\plugtcpip.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\sbsd152upd.exe
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\skins.main.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\startup.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\tools212.zip
C:\Program Files\new antispyware\Spybot - Search & Destroy\ZipDll.dll
C:\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll-uninst.exe
C:\WINDOWS\system32\6026c
C:\WINDOWS\system32\a053
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\BrowserSearch\BrowserSearch.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\BrowserSearch\BrowserSearch.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Configurator\ConfiguratorOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Configurator\ConfiguratorOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\ErrorSearch\ErrorSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\ErrorSearch\ErrorSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Games\GamesOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Games\GamesOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Layouts\PreferencesLayout.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Layouts\PreferencesLayout.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Layouts\ToolbarLayout.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Layouts\ToolbarLayout.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Manager\ManagerOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Manager\ManagerOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Movies\MoviesOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Movies\MoviesOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_0.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_1.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_10.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_11.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_2.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_3.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_4.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_5.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_6.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_7.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_8.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\Feeds\FEED_9.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\NewsOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\News\NewsOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Reference\ReferenceOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Reference\ReferenceOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\RelatedSearch\RelatedSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\RelatedSearch\RelatedSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\SearchMatch\SearchMatchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\SearchMatch\SearchMatchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Toolbar\TBProductsOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Toolbar\TBProductsOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\ToolbarLogo\ToolbarLogoOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\ToolbarSearch\ToolbarSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\TravelSearch\TravelSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\TravelSearch\TravelSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Weather\AlertArchive.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Weather\WeatherOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\WeatherStudio\Weather\WeatherOptions.xml.backup
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\fIE
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\sTMP
C:\WINDOWS\system32\txjoswaf.ini
C:\WINDOWS\system32\Vco1
C:\WINDOWS\system32\vntiho01
C:\WINDOWS\system32\vntiho01\vntiho011065.exe
C:\WINDOWS\TEK76.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-22 16:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 16:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-17 19:51 . 2008-06-17 19:51 130 --a------ C:\WINDOWS\ODBC.INI
2008-06-05 16:43 . 2008-06-05 16:43 49,184 --a------ C:\WINDOWS\system32\jpwnw64k.exe
2008-06-04 12:02 . 2008-06-07 00:30 95,833 --a------ C:\WINDOWS\system32\{469104d8-d9e1-bead-e4fe-8ed6459d9bc1}.dll-uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 19:53 --------- d-----w C:\Program Files\Windows Plus
2008-06-18 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 23:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-06 21:25 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-01 23:49 --------- d-----w C:\Program Files\Picasa2
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2007-11-12 01:38 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

Ura-Maru
2008-06-25, 22:00
Hope this dosen't mess anything up . . .

ComboFix log, second half:

((((((((((((((((((((((((((((( snapshot_2008-06-23_18.05.18.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 22:01:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-25 18:32:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14 57344]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 01:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 01:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 01:10 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-30 00:46 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 12:06 40960]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 09:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-25 11:24 180269]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 13:21 116224]
"avast!"="C:\Program Files\new antispyware\avast4\ashDisp.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Edwina\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-01-02 17:24:38 225280]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2006-04-07 19:26:07 158208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-08-31 15:40:17 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\windows\\system32\\pmropn.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 13:00:02 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 14:32:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-25 14:35:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-25 18:35:23
ComboFix2.txt 2008-06-23 22:05:38
ComboFix3.txt 2008-06-22 20:01:32

Pre-Run: 57,490,747,392 bytes free
Post-Run: 57,483,558,912 bytes free

840 --- E O F --- 2008-06-23 22:00:02


End ComboFix Log, second half.

Thanks,
Ura-Maru

Shaba
2008-06-25, 22:05
Hi

Looks like that I removed one legit folder, let's put it back :oops:

Open notepad and copy/paste the text in the codebox below into it:


DeQuarantine::
C:\Qoobox\Quarantine\Program Files\new antispyware

Quit::



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Ura-Maru
2008-06-25, 22:45
Done. or I think so, anyway. The folder didn't come back. Did I do something wrong?


ComboFix log:
ComboFix 08-06-20.4 - Edwina 2008-06-25 15:29:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.233 [GMT -4:00]
Running from: C:\Documents and Settings\Edwina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Edwina\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 14:40 . 2008-06-25 15:26 <DIR> d-------- C:\Documents and Settings\Edwina\Application Data\WeatherStudio
2008-06-25 14:40 . 2008-06-25 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WeatherStudio
2008-06-22 16:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 16:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-17 19:51 . 2008-06-17 19:51 130 --a------ C:\WINDOWS\ODBC.INI
2008-06-05 16:43 . 2008-06-05 16:43 49,184 --a------ C:\WINDOWS\system32\jpwnw64k.exe
2008-06-04 12:02 . 2008-06-07 00:30 95,833 --a------ C:\WINDOWS\system32\{469104d8-d9e1-bead-e4fe-8ed6459d9bc1}.dll-uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 19:53 --------- d-----w C:\Program Files\Windows Plus
2008-06-20 22:09 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 23:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-06 21:25 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 01:00 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 23:49 --------- d-----w C:\Program Files\Picasa2
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-27 07:09 368,640 ----a-w C:\WINDOWS\system32\pmls.dll
2008-03-26 14:17 118,784 ----a-w C:\WINDOWS\system32\pmai.dll
2007-11-12 01:38 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-23_18.05.18.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 22:01:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-25 19:25:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14 57344]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 01:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 01:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 01:10 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-30 00:46 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 12:06 40960]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 09:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-25 11:24 180269]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 13:21 116224]
"avast!"="C:\Program Files\new antispyware\avast4\ashDisp.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Edwina\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-01-02 17:24:38 225280]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2006-04-07 19:26:07 158208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-08-31 15:40:17 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\windows\\system32\\pmropn.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 13:00:02 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 15:31:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-25 15:32:31
ComboFix-quarantined-files.txt 2008-06-25 19:32:24
ComboFix2.txt 2008-06-25 18:35:30
ComboFix3.txt 2008-06-23 22:05:38
ComboFix4.txt 2008-06-22 20:01:32

Pre-Run: 57,471,614,976 bytes free
Post-Run: 57,464,844,288 bytes free

123 --- E O F --- 2008-06-23 22:00:02

end ComboFix log.

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:57 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Edwina\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll (file missing)
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8252 bytes

end HJT log

Thanks,
Ura-Maru

Shaba
2008-06-26, 09:23
Hi

My fault, there was an error; C was missing.

Try this CFScript instead:


DeQuarantine::
C:\Qoobox\Quarantine\C\Program Files\new antispyware

Quit::

Ura-Maru
2008-06-26, 23:27
Ok, that seemed to do it. Once again, the log is too big, though.

Combofix DeQuarantine log, part 1:

C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\AAWLic.exe -> C:\Program Files\new antispyware\Ad Aware 2008\AAWLic.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\aawservice.exe -> C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\AAWTray.exe -> C:\Program Files\new antispyware\Ad Aware 2008\AAWTray.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\Ad-Aware.exe -> C:\Program Files\new antispyware\Ad Aware 2008\Ad-Aware.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\Ad-Watch.exe -> C:\Program Files\new antispyware\Ad Aware 2008\Ad-Watch.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\alert.wav -> C:\Program Files\new antispyware\Ad Aware 2008\alert.wav
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\CEAPI.dll -> C:\Program Files\new antispyware\Ad Aware 2008\CEAPI.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\lavalicense.dll -> C:\Program Files\new antispyware\Ad Aware 2008\lavalicense.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\lavamessage.dll -> C:\Program Files\new antispyware\Ad Aware 2008\lavamessage.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\lsupdatemanager.exe -> C:\Program Files\new antispyware\Ad Aware 2008\lsupdatemanager.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\pkarchive85u.dll -> C:\Program Files\new antispyware\Ad Aware 2008\pkarchive85u.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\threatwork.exe -> C:\Program Files\new antispyware\Ad Aware 2008\threatwork.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\unrar.dll -> C:\Program Files\new antispyware\Ad Aware 2008\unrar.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\update.dll -> C:\Program Files\new antispyware\Ad Aware 2008\update.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\upmanager.dll -> C:\Program Files\new antispyware\Ad Aware 2008\upmanager.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\Help\Ad-Awaremanual-EN.chm -> C:\Program Files\new antispyware\Ad Aware 2008\Help\Ad-Awaremanual-EN.chm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\Skin\Ad-Aware 2008.LGFF -> C:\Program Files\new antispyware\Ad Aware 2008\Skin\Ad-Aware 2008.LGFF
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\Skin\Pink Friday.LGFF -> C:\Program Files\new antispyware\Ad Aware 2008\Skin\Pink Friday.LGFF
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Aavm4h.dll -> C:\Program Files\new antispyware\avast4\Aavm4h.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AavmGuih.dll -> C:\Program Files\new antispyware\avast4\AavmGuih.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AavmRpch.dll -> C:\Program Files\new antispyware\avast4\AavmRpch.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhAScr.dll -> C:\Program Files\new antispyware\avast4\AhAScr.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhJsctNs.dll -> C:\Program Files\new antispyware\avast4\AhJsctNs.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhResJs.dll -> C:\Program Files\new antispyware\avast4\AhResJs.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhResMai.dll -> C:\Program Files\new antispyware\avast4\AhResMai.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhResOut.dll -> C:\Program Files\new antispyware\avast4\AhResOut.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhResStd.dll -> C:\Program Files\new antispyware\avast4\AhResStd.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhRuiJs.dll -> C:\Program Files\new antispyware\avast4\AhRuiJs.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhRuiMai.dll -> C:\Program Files\new antispyware\avast4\AhRuiMai.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhRuiOut.dll -> C:\Program Files\new antispyware\avast4\AhRuiOut.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AhRuiStd.dll -> C:\Program Files\new antispyware\avast4\AhRuiStd.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashAvast.exe -> C:\Program Files\new antispyware\avast4\ashAvast.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashBase.dll -> C:\Program Files\new antispyware\avast4\ashBase.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashBug.exe -> C:\Program Files\new antispyware\avast4\ashBug.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashCfgP.dll -> C:\Program Files\new antispyware\avast4\ashCfgP.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashCfgT.dll -> C:\Program Files\new antispyware\avast4\ashCfgT.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashChest.dll -> C:\Program Files\new antispyware\avast4\ashChest.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashChest.exe -> C:\Program Files\new antispyware\avast4\ashChest.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashCmd.exe -> C:\Program Files\new antispyware\avast4\ashCmd.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashDisp.exe -> C:\Program Files\new antispyware\avast4\ashDisp.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashEnhcd.exe -> C:\Program Files\new antispyware\avast4\ashEnhcd.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashLogV.exe -> C:\Program Files\new antispyware\avast4\ashLogV.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashMaiSv.exe -> C:\Program Files\new antispyware\avast4\ashMaiSv.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashOutXt.dll -> C:\Program Files\new antispyware\avast4\ashOutXt.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashPopWz.exe -> C:\Program Files\new antispyware\avast4\ashPopWz.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashQuick.exe -> C:\Program Files\new antispyware\avast4\ashQuick.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashServ.exe -> C:\Program Files\new antispyware\avast4\ashServ.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashShell.dll -> C:\Program Files\new antispyware\avast4\ashShell.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashSimpl.exe -> C:\Program Files\new antispyware\avast4\ashSimpl.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashSkPcc.exe -> C:\Program Files\new antispyware\avast4\ashSkPcc.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashSkPck.exe -> C:\Program Files\new antispyware\avast4\ashSkPck.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashSODBC.dll -> C:\Program Files\new antispyware\avast4\ashSODBC.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashSXML.dll -> C:\Program Files\new antispyware\avast4\ashSXML.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashTask.dll -> C:\Program Files\new antispyware\avast4\ashTask.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ashUInt.dll -> C:\Program Files\new antispyware\avast4\ashUInt.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswAux.dll -> C:\Program Files\new antispyware\avast4\aswAux.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswBoot.exe -> C:\Program Files\new antispyware\avast4\aswBoot.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswCmnB.dll -> C:\Program Files\new antispyware\avast4\aswCmnB.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswCmnOS.dll -> C:\Program Files\new antispyware\avast4\aswCmnOS.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswCmnS.dll -> C:\Program Files\new antispyware\avast4\aswCmnS.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswEngin.dll -> C:\Program Files\new antispyware\avast4\aswEngin.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswIdle.dll -> C:\Program Files\new antispyware\avast4\aswIdle.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswInteg.dll -> C:\Program Files\new antispyware\avast4\aswInteg.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswMonDS.sys -> C:\Program Files\new antispyware\avast4\aswMonDS.sys
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswMonVD.dll -> C:\Program Files\new antispyware\avast4\aswMonVD.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswRes.dll -> C:\Program Files\new antispyware\avast4\aswRes.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswScan.dll -> C:\Program Files\new antispyware\avast4\aswScan.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\aswUpdSv.exe -> C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\AVSSHOOK.dll -> C:\Program Files\new antispyware\avast4\AVSSHOOK.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\DefTasks.xml -> C:\Program Files\new antispyware\avast4\DefTasks.xml
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\sched.exe -> C:\Program Files\new antispyware\avast4\sched.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\xerces-license.txt -> C:\Program Files\new antispyware\avast4\xerces-license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\xerces.dll -> C:\Program Files\new antispyware\avast4\xerces.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\XT1922.dll -> C:\Program Files\new antispyware\avast4\XT1922.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\400.vps -> C:\Program Files\new antispyware\avast4\Data\400.vps
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Avast4.ini -> C:\Program Files\new antispyware\avast4\Data\Avast4.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Avast4.mdb -> C:\Program Files\new antispyware\avast4\Data\Avast4.mdb
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\iNews.htm -> C:\Program Files\new antispyware\avast4\Data\iNews.htm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\integ\avast.int -> C:\Program Files\new antispyware\avast4\Data\integ\avast.int
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\log\aswBoot.log -> C:\Program Files\new antispyware\avast4\Data\log\aswBoot.log
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\log\Error.log -> C:\Program Files\new antispyware\avast4\Data\log\Error.log
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\log\Notice.log -> C:\Program Files\new antispyware\avast4\Data\log\Notice.log
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\log\setup.log -> C:\Program Files\new antispyware\avast4\Data\log\setup.log
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\report\aswBoot.txt -> C:\Program Files\new antispyware\avast4\Data\report\aswBoot.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\report\avast.xsl -> C:\Program Files\new antispyware\avast4\Data\report\avast.xsl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\report\background.gif -> C:\Program Files\new antispyware\avast4\Data\report\background.gif
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\report\logo.gif -> C:\Program Files\new antispyware\avast4\Data\report\logo.gif
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Skin\blue panel.asws -> C:\Program Files\new antispyware\avast4\Data\Skin\blue panel.asws
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Skin\low res.asws -> C:\Program Files\new antispyware\avast4\Data\Skin\low res.asws
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Skin\shadow fist.asws -> C:\Program Files\new antispyware\avast4\Data\Skin\shadow fist.asws
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Skin\teak zeppelin.asws -> C:\Program Files\new antispyware\avast4\Data\Skin\teak zeppelin.asws
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Skin\__snake.aswf -> C:\Program Files\new antispyware\avast4\Data\Skin\__snake.aswf
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Skin\__strike.aswf -> C:\Program Files\new antispyware\avast4\Data\Skin\__strike.aswf
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Data\Skin\__vizer.aswf -> C:\Program Files\new antispyware\avast4\Data\Skin\__vizer.aswf
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\aswBoot.lng -> C:\Program Files\new antispyware\avast4\ENGLISH\aswBoot.lng
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\aswClnTg.htm -> C:\Program Files\new antispyware\avast4\ENGLISH\aswClnTg.htm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\aswClnTg.txt -> C:\Program Files\new antispyware\avast4\ENGLISH\aswClnTg.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\aswInfTg.htm -> C:\Program Files\new antispyware\avast4\ENGLISH\aswInfTg.htm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\aswInfTg.txt -> C:\Program Files\new antispyware\avast4\ENGLISH\aswInfTg.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\Base.dll -> C:\Program Files\new antispyware\avast4\ENGLISH\Base.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\ENHANCED.HTM -> C:\Program Files\new antispyware\avast4\ENGLISH\ENHANCED.HTM
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\hover.wav -> C:\Program Files\new antispyware\avast4\ENGLISH\hover.wav
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\Lang.dll -> C:\Program Files\new antispyware\avast4\ENGLISH\Lang.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\LangMai.dll -> C:\Program Files\new antispyware\avast4\ENGLISH\LangMai.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\License.txt -> C:\Program Files\new antispyware\avast4\ENGLISH\License.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\possible.wav -> C:\Program Files\new antispyware\avast4\ENGLISH\possible.wav
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\press.wav -> C:\Program Files\new antispyware\avast4\ENGLISH\press.wav
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\Readme.txt -> C:\Program Files\new antispyware\avast4\ENGLISH\Readme.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\ready.wav -> C:\Program Files\new antispyware\avast4\ENGLISH\ready.wav
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\suspic.wav -> C:\Program Files\new antispyware\avast4\ENGLISH\suspic.wav
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\virfound.gif -> C:\Program Files\new antispyware\avast4\ENGLISH\virfound.gif
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\virfound.wav -> C:\Program Files\new antispyware\avast4\ENGLISH\virfound.wav
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\vpsupd.wav -> C:\Program Files\new antispyware\avast4\ENGLISH\vpsupd.wav
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\HELP\CheckListSimple.chm -> C:\Program Files\new antispyware\avast4\ENGLISH\HELP\CheckListSimple.chm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\ENGLISH\HELP\help.chm -> C:\Program Files\new antispyware\avast4\ENGLISH\HELP\help.chm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\background.bmp -> C:\Program Files\new antispyware\avast4\images\background.bmp
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_01.jpg -> C:\Program Files\new antispyware\avast4\images\main_01.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_02.jpg -> C:\Program Files\new antispyware\avast4\images\main_02.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_06.jpg -> C:\Program Files\new antispyware\avast4\images\main_06.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_07.jpg -> C:\Program Files\new antispyware\avast4\images\main_07.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_08.jpg -> C:\Program Files\new antispyware\avast4\images\main_08.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_12.jpg -> C:\Program Files\new antispyware\avast4\images\main_12.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_13.jpg -> C:\Program Files\new antispyware\avast4\images\main_13.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_19.jpg -> C:\Program Files\new antispyware\avast4\images\main_19.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\images\main_20.jpg -> C:\Program Files\new antispyware\avast4\images\main_20.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\core000000cb.vpu -> C:\Program Files\new antispyware\avast4\Setup\core000000cb.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\f40900000082.vpu -> C:\Program Files\new antispyware\avast4\Setup\f40900000082.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\h409000000c2.vpu -> C:\Program Files\new antispyware\avast4\Setup\h409000000c2.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\mcor0000006f.vpu -> C:\Program Files\new antispyware\avast4\Setup\mcor0000006f.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\n40900000013.vpu -> C:\Program Files\new antispyware\avast4\Setup\n40900000013.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\packages.vpu -> C:\Program Files\new antispyware\avast4\Setup\packages.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\pro_00000029.vpu -> C:\Program Files\new antispyware\avast4\Setup\pro_00000029.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\servers.def -> C:\Program Files\new antispyware\avast4\Setup\servers.def
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\seti000000d3.vpu -> C:\Program Files\new antispyware\avast4\Setup\seti000000d3.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\setiface.dll -> C:\Program Files\new antispyware\avast4\Setup\setiface.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\setu000000d3.vpu -> C:\Program Files\new antispyware\avast4\Setup\setu000000d3.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\setup.ini -> C:\Program Files\new antispyware\avast4\Setup\setup.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\setup.log -> C:\Program Files\new antispyware\avast4\Setup\setup.log
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\skin00000006.vpu -> C:\Program Files\new antispyware\avast4\Setup\skin00000006.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\sys_00000003.vpu -> C:\Program Files\new antispyware\avast4\Setup\sys_00000003.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\vpsm00030406.vpu -> C:\Program Files\new antispyware\avast4\Setup\vpsm00030406.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\vps_00030400.vpu -> C:\Program Files\new antispyware\avast4\Setup\vps_00030400.vpu
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\INF\AavmKer4.inf -> C:\Program Files\new antispyware\avast4\Setup\INF\AavmKer4.inf
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\INF\Aavmker4.sys -> C:\Program Files\new antispyware\avast4\Setup\INF\Aavmker4.sys
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\INF\aswMon.sys -> C:\Program Files\new antispyware\avast4\Setup\INF\aswMon.sys
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\INF\AswMon2.inf -> C:\Program Files\new antispyware\avast4\Setup\INF\AswMon2.inf
C:\Qoobox\Quarantine\C\Program Files\new antispyware\avast4\Setup\INF\aswMon2.sys -> C:\Program Files\new antispyware\avast4\Setup\INF\aswMon2.sys
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\advcheck.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\advcheck.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\aports.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\aports.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\blindman.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy\blindman.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\borlndmm.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\borlndmm.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Default configuration.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Default configuration.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\delphimm.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\delphimm.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\messages.zres -> C:\Program Files\new antispyware\Spybot - Search & Destroy\messages.zres
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\OptOut.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy\OptOut.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\SDHelper.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\SDHelper.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\SpybotSD.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy\SpybotSD.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\TeaTimer.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy\TeaTimer.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Tools.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Tools.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\unins000.dat -> C:\Program Files\new antispyware\Spybot - Search & Destroy\unins000.dat
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\unins000.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy\unins000.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\UnzDll.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\UnzDll.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Update.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Update.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\ZipDll.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\ZipDll.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.dap.gif -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.dap.gif
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.data.xml -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.data.xml
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.default.gif -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.default.gif
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.related.htm -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Dummies\dummy.related.htm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Brasil.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Brasil.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Cesky.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Cesky.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Deutsch.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Deutsch.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.chm -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.chm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.Resident.chm -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\English.Resident.chm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Espanol.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Espanol.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Francais.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Francais.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Italiano.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Italiano.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Japanese.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Japanese.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Nederlands.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Nederlands.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Polski.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Polski.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Slovensky.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Slovensky.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Help\Srpski.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Help\Srpski.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\AdvWhite.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\AdvWhite.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Adware.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Adware.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\AdwareC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\AdwareC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Browserpages.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Browserpages.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\CLSIDs.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\CLSIDs.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Cookies.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Cookies.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Cookies.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Cookies.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Dialer.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Dialer.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Dialer.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Dialer.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\DialerC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\DialerC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Domains.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Domains.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\FPFix.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\FPFix.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\HeavyDuty.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Hijackers.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Hijackers.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\HijackersC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\HijackersC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Keyloggers.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Keyloggers.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\KeyloggersC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Logs.uts -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Logs.uts
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\LSP.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\LSP.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\LSP.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\LSP.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Malware.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Malware.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\MalwareC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\MalwareC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\OperaPlugins.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\ProcWatch.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\ProcWatch.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\PUPS.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\PUPS.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\PUPSC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\PUPSC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\RegWatch.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\RegWatch.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Revision.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Revision.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Revision.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Revision.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Searchpages.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Searchpages.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Security.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Security.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SecurityC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SecurityC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Services.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Services.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Spybots.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Spybots.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SpybotsC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SpybotsC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Spyware.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Spyware.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SpywareC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\SpywareC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Startup.tnfo -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Startup.tnfo
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Targets.nfo -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Targets.nfo
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Tracks.uti -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Tracks.uti
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Trojans.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\Trojans.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\TrojansC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\TrojansC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Arabic.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Arabic.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Bosanski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Bosanski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Brasil.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Brasil.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Bulgarski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Bulgarski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Catalan.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Catalan.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Cesky.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Cesky.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Dansk.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Dansk.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Deutsch.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Deutsch.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Eesti.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Eesti.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\English.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\English.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Espanol.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Espanol.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Esperanto.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Esperanto.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Euskera.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Euskera.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Farsi.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Farsi.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Francais.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Francais.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Galego.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Galego.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Greek.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Greek.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Hebrew.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Hebrew.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Hrvatski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Hrvatski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Italiano.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Italiano.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Japanese.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Japanese.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Korean.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Korean.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Latvian.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Latvian.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Lietuviu.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Lietuviu.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Magyar.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Magyar.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Makedonski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Makedonski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Melayu.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Melayu.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Nederlands.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Nederlands.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Norsk.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Norsk.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Polski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Polski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Portugues.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Portugues.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Romaneste.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Romaneste.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Russkiy.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Russkiy.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Shqip.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Shqip.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Slovenscina.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Slovenscina.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Slovensky.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Slovensky.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Srpski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Srpski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Suomi.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Suomi.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Svenska.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Svenska.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Thai.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Thai.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Turkce.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Turkce.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Ukrainian.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Ukrainian.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Uzbek.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Languages\Uzbek.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Colorblind.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Colorblind.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Italia.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Italia.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Italia.jpg -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Italia.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Peace.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Peace.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Peace.jpg -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Skins\Peace.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\advcheck153.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\advcheck153.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\clsid.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\clsid.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\desc.english.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\desc.english.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\downloaded.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\downloaded.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\fpfix.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\fpfix.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\help.english.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\help.english.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\helpres.english.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\helpres.english.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\lang.english.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\lang.english.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\mainapp152.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\mainapp152.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\online.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\online.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\plugtcpip.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\plugtcpip.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\sbsd152upd.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\sbsd152upd.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\skins.main.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\skins.main.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\startup.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\startup.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy\Updates\tools212.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy\Updates\tools212.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\advcheck.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\advcheck.dll

Ura-Maru
2008-06-26, 23:28
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\aports.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\aports.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\blindman.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\blindman.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Default configuration.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Default configuration.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\DelZip179.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\DelZip179.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\GPBWUVNMAYWFHT.scr -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\GPBWUVNMAYWFHT.scr
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\LFMGZRMVMR.scr -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\LFMGZRMVMR.scr
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\messages.zres -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\messages.zres
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\OptOut.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\OptOut.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDDelFile.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDDelFile.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDFiles.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDFiles.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDHelper.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDHelper.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDMain.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDMain.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDShred.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDShred.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDUpdate.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDUpdate.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDWinSec.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SDWinSec.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SpybotSD.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SpybotSD.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\TeaTimer.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\TeaTimer.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Tools.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Tools.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.dat -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.dat
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.msg -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\unins000.msg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Update.exe -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Update.exe
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\XGSQZV.scr -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\XGSQZV.scr
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.cd_clint.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.cd_clint.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.dap.gif -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.dap.gif
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.data.xml -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.data.xml
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.default.gif -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.default.gif
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.related.htm -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Dummies\dummy.related.htm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Brasil.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Brasil.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Cesky.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Cesky.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Deutsch.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Deutsch.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\English.chm -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\English.chm
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\English.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\English.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Espanol.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Espanol.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Francais.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Francais.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Italiano.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Italiano.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Japanese.license.ansi.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Japanese.license.ansi.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Japanese.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Japanese.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Nederlands.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Nederlands.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Polski.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Polski.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Slovensky.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Slovensky.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Srpski.license.txt -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Help\Srpski.license.txt
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\AdvWhite.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\AdvWhite.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Adware.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Adware.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\AdwareC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\AdwareC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Browserpages.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Browserpages.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\CLSIDs.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\CLSIDs.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Cookies.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Cookies.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Cookies.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Cookies.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Dialer.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Dialer.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Dialer.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Dialer.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\DialerC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\DialerC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Domains.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Domains.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\FPFix.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\FPFix.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\HeavyDuty.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\HeavyDuty.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Hijackers.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Hijackers.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\HijackersC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\HijackersC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Keyloggers.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Keyloggers.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\KeyloggersC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\KeyloggersC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Logs.uts -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Logs.uts
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\LSP.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\LSP.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Malware.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Malware.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\MalwareC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\MalwareC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\OperaPlugins.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\OperaPlugins.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\ProcWatch.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\ProcWatch.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\PUPS.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\PUPS.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\PUPSC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\PUPSC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegDFLinks.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegDFLinks.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegWatch.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegWatch.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegXLinks.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\RegXLinks.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Revision.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Revision.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Revision.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Revision.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Searchpages.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Searchpages.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Security.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Security.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SecurityC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SecurityC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Services.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Services.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Spybots.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Spybots.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SpybotsC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SpybotsC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Spyware.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Spyware.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SpywareC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\SpywareC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Startup.tnfo -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Startup.tnfo
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Targets.nfo -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Targets.nfo
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Tracks.uti -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Tracks.uti
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Trojans.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\Trojans.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\TrojansC.sbi -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\TrojansC.sbi
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\URL-Blacklist.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\URL-Blacklist.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\X509White.sbs -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Includes\X509White.sbs
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Afrikaans.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Afrikaans.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Arabic.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Arabic.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Azeri.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Azeri.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bahasa Indonesia.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bahasa Indonesia.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Belarusskiy.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Belarusskiy.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bosanski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bosanski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Brasil.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Brasil.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bulgarski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Bulgarski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Catalan.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Catalan.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Cesky.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Cesky.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Chinese (simplified).sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Chinese (simplified).sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Chinese (traditional).sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Chinese (traditional).sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Dansk.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Dansk.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Deutsch.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Deutsch.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Eesti.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Eesti.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\English.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\English.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Espanol.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Espanol.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Esperanto.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Esperanto.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Euskera.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Euskera.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Farsi.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Farsi.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Francais.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Francais.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Furlan.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Furlan.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Galego.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Galego.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hebrew.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hebrew.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hellenic.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hellenic.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hindi.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hindi.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hrvatski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Hrvatski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Islenska.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Islenska.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Italiano.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Italiano.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Japanese.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Japanese.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Korean.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Korean.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Latvian.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Latvian.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Letzebuergesch.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Letzebuergesch.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Lietuviu.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Lietuviu.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Magyar.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Magyar.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Makedonski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Makedonski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Melayu.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Melayu.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Nederlands.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Nederlands.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Norsk.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Norsk.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Polski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Polski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Portugues.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Portugues.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Romaneste.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Romaneste.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Russkiy.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Russkiy.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Shqip.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Shqip.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Slovenscina.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Slovenscina.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Slovensky.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Slovensky.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Srpski.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Srpski.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Suomi.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Suomi.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Svenska.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Svenska.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Thai.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Thai.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Turkce.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Turkce.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Ukrainian.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Ukrainian.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Uzbek.sbl -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Languages\Uzbek.sbl
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Chai.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Chai.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Fennel.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Fennel.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Mate.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\Mate.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\TCPIPAddress.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Plugins\TCPIPAddress.dll
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Colorblind.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Colorblind.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Italia.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Italia.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Italia.jpg -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Italia.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Peace.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Peace.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Peace.jpg -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Skins\Peace.jpg
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\clsid.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\clsid.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\desc.english.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\desc.english.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\downloaded.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\downloaded.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\fpfix.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\fpfix.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\help.english.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\help.english.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.dialer.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.dialer.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.hijackers.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.hijackers.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.keyloggers.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.keyloggers.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.malware.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.malware.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.pups.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.pups.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.security.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.security.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.spybots.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.spybots.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.trojans.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.trojans.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\includes.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\online.ini -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\online.ini
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\online.ini.uiz -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\online.ini.uiz
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugchai.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugchai.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugfennel.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugfennel.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugmate.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\plugmate.zip
C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\supplemental.zip -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\Updates\supplemental.zip
463 File(s) copied

End Combofix DeQuarantine log

Ura-Maru
2008-06-26, 23:29
Now the more reasonably sized ones.

New, post-DeQuarintine ComboFix log:

ComboFix 08-06-20.4 - Edwina 2008-06-26 16:16:21.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.229 [GMT -4:00]
Running from: C:\Documents and Settings\Edwina\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 16:12 . 2008-06-26 16:13 <DIR> d-------- C:\Program Files\new antispyware
2008-06-25 14:40 . 2008-06-26 16:10 <DIR> d-------- C:\Documents and Settings\Edwina\Application Data\WeatherStudio
2008-06-25 14:40 . 2008-06-26 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WeatherStudio
2008-06-22 16:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 16:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-17 19:51 . 2008-06-17 19:51 130 --a------ C:\WINDOWS\ODBC.INI
2008-06-05 16:43 . 2008-06-05 16:43 49,184 --a------ C:\WINDOWS\system32\jpwnw64k.exe
2008-06-04 12:02 . 2008-06-07 00:30 95,833 --a------ C:\WINDOWS\system32\{469104d8-d9e1-bead-e4fe-8ed6459d9bc1}.dll-uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 19:53 --------- d-----w C:\Program Files\Windows Plus
2008-06-20 22:09 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 23:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-06 21:25 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 01:00 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 23:49 --------- d-----w C:\Program Files\Picasa2
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-27 07:09 368,640 ----a-w C:\WINDOWS\system32\pmls.dll
2008-03-26 14:17 118,784 ----a-w C:\WINDOWS\system32\pmai.dll
2007-11-12 01:38 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-23_18.05.18.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 22:01:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 20:09:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14 57344]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 01:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 01:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 01:10 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-30 00:46 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 12:06 40960]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 09:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-25 11:24 180269]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 13:21 116224]
"avast!"="C:\Program Files\new antispyware\avast4\ashDisp.exe" [2003-05-12 09:52 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Edwina\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-01-02 17:24:38 225280]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2006-04-07 19:26:07 158208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-08-31 15:40:17 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\windows\\system32\\pmropn.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 13:00:02 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 16:18:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 16:18:51
ComboFix-quarantined-files.txt 2008-06-26 20:18:43
ComboFix2.txt 2008-06-25 19:32:32
ComboFix3.txt 2008-06-25 18:35:30
ComboFix4.txt 2008-06-23 22:05:38
ComboFix5.txt 2008-06-22 20:01:32

Pre-Run: 57,321,508,864 bytes free
Post-Run: 57,319,903,232 bytes free

122 --- E O F --- 2008-06-23 22:00:02

End ComboFix log.

Ura-Maru
2008-06-26, 23:31
New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:31 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Edwina\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8007 bytes

End HJT log

Thanks,
Ura-Maru

Ura-Maru
2008-06-26, 23:59
And just for the heck of it, a new Spybot log:


--- Search result list ---
Zango.ShoppingReport: [SBI $64DB0114] Settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B2}

Zango.ShoppingReport: [SBI $64DB0114] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B2}

Zango.ShoppingReport: [SBI $65196B23] Settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3}

Zango.ShoppingReport: [SBI $65196B23] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3}

Zedo: Tracking cookie (Internet Explorer: Edwina) (Cookie, nothing done)


Statcounter: Tracking cookie (Internet Explorer: Edwina) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Edwina) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-06-17 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-17 Includes\Adware.sbi (*)
2008-06-18 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-06-24 Includes\DialerC.sbi (*)
2008-06-03 Includes\HeavyDuty.sbi (*)
2008-06-16 Includes\Hijackers.sbi (*)
2008-06-17 Includes\HijackersC.sbi (*)
2008-06-25 Includes\Keyloggers.sbi (*)
2008-06-24 Includes\KeyloggersC.sbi (*)
2008-06-24 Includes\Malware.sbi (*)
2008-06-24 Includes\MalwareC.sbi (*)
2008-06-17 Includes\PUPS.sbi (*)
2008-06-24 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-10 Includes\Security.sbi (*)
2008-06-18 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-06-17 Includes\Spyware.sbi (*)
2008-06-17 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-06-24 Includes\Trojans.sbi (*)
2008-06-25 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 10 / SP0: Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB888310
/ Windows XP / SP3: Hotfix for Windows XP (KB888795)
/ Windows XP / SP3: Windows XP Hotfix - KB889673
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890927
/ Windows XP / SP3: Hotfix for Windows XP (KB891593)
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896256)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB899337)
/ Windows XP / SP3: Hotfix for Windows XP (KB899510)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Hotfix for Windows XP (KB902841)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Hotfix for Windows XP (KB906569)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932823-v3)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937143)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939653)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Update for Windows XP (KB942840)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Update for Windows XP (KB946627)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


--- Startup entries list ---
Located: HK_LM:Run, avast!
command: C:\Program Files\new antispyware\avast4\ashDisp.exe
file: C:\Program Files\new antispyware\avast4\ashDisp.exe
size: 61440
MD5: D1A3FFF3781CC40DA91DE31E6F4B85F8

Located: HK_LM:Run, Corel Photo Downloader
command: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
file: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
size: 106496
MD5: A14DB520786FAD113401495D93DEBBF3

Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: B3E3C57FD22E71CE20389372D972C6DC

Located: HK_LM:Run, eFax 4.3
command: "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
file: C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
size: 116224
MD5: 55C9DD19EDC545BC44FD32BC80B12831

Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F

Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 42344DDF30337979216EA6AFA58BB42A

Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 4B10675852FE8862521024778E264D5F

Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 6E5A178E359EE42F748186A14449D848

Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: BC02E491E88492B02363CE1B384FF7A7

Located: HK_LM:Run, ISUSPM Startup
command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
file: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
size: 249856
MD5: 9E109B03018763FDCB075CE74547BE22

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 583B7D111304BE63D7D9CB65482D2187

Located: HK_LM:Run, MimBoot
command: C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
file: C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
size: 8192
MD5: 1B654F91E8DFE95DEE0A45CF05BD452D

Located: HK_LM:Run, OM_Monitor
command: C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
file: C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
size: 40960
MD5: E08CCF7C876A8C749C4188EAD6903346

Located: HK_LM:Run, PDUiP6600DMon
command: C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
file: C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
size: 69632
MD5: 1DE937F630D060335405680299D1AEBF

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: C341CCFBE98BC7DF6E0B856BB9FC265A

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ED85B344E6EDC30C1BC57EC1A2A56BF3

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA

Located: HK_CU:Run, Picasa Media Detector
where: .DEFAULT...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: 03463803AE9386EB095FFFD8DD26B85B

Located: HK_CU:Run, swg
where: .DEFAULT...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, DellSupport
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534

Located: HK_CU:Run, OE_OEM
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1847219764-3989419004-826717445-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, DellSupport
where: S-1-5-21-1847219764-3989419004-826717445-1005...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534

Located: HK_CU:Run, DellTransferAgent
where: S-1-5-21-1847219764-3989419004-826717445-1005...
command: "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
file: C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
size: 135168
MD5: 727C775797D3B4B9E6C27DF4DFE3BA2F

Located: HK_CU:Run, DW6
where: S-1-5-21-1847219764-3989419004-826717445-1005...
command: "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
file: C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
size: 785520
MD5: 958925BA59B3F205A3F709F4E9379479

Located: HK_CU:Run, OM_Monitor
where: S-1-5-21-1847219764-3989419004-826717445-1005...
command: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
file: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
size: 57344
MD5: 3B2664908CD9179F7B89B1E33E858876

Located: HK_CU:Run, Picasa Media Detector
where: S-1-5-18...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: 03463803AE9386EB095FFFD8DD26B85B

Located: HK_CU:Run, swg
where: S-1-5-18...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), eFax 4.3.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\eFax Messenger 4.3\J2GTray.exe
file: C:\Program Files\eFax Messenger 4.3\J2GTray.exe
size: 629248
MD5: 5468E1F70EE015E3EBDE3760F2FABCFE

Located: Startup (user), UMAX VistaAccess.lnk
where: C:\Documents and Settings\Edwina\Start Menu\Programs\Startup...
command: C:\VSTASCAN\vsaccess.exe
file: C:\VSTASCAN\vsaccess.exe
size: 158208
MD5: 567341306667212138D99CA5496EACB9

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/2003 4:17:44 PM
Date (last access): 6/26/2008 4:10:04 PM
Date (last write): 11/3/2003 4:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\NEWANT~1\SPYBOT~2\
Long name: SDHelper.dll
Short name:
Date (created): 6/26/2008 4:13:22 PM
Date (last access): 6/26/2008 4:13:22 PM
Date (last write): 1/28/2008 11:43:28 AM
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11

{849CC480-5983-4D30-A12C-774E8E8D8291} (WeatherStudio)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: WeatherStudio
Path: C:\Program Files\WeatherStudio\bin\
Long name: WeatherStudio.dll
Short name: WEATHE~1.DLL
Date (created): 5/22/2006 11:30:16 AM
Date (last access): 6/26/2008 4:10:04 PM
Date (last write): 5/22/2006 11:30:16 AM
Filesize: 660480
Attributes: archive
MD5: 9F2686CB04B2B71E80FE941728B97A55
CRC32: 3B4AE0A6
Version: 4.2.1.49402



--- ActiveX list ---
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 8:18:34 PM
Date (last access): 6/26/2008 4:42:52 PM
Date (last write): 7/30/2007 8:18:34 PM
Filesize: 207736
Attributes: archive
MD5: 8038B166CE79E58E193566150CE26465
CRC32: 9137D395
Version: 7.0.6000.381

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 7:48:18 PM
Date (last access): 6/23/2008 5:52:46 PM
Date (last write): 11/19/2003 7:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 7:48:18 PM
Date (last access): 6/26/2008 4:56:14 PM
Date (last write): 11/19/2003 7:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30



--- Process list ---
PID: 0 ( 0) [System]
PID: 596 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 652 ( 596) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 676 ( 596) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 720 ( 676) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 732 ( 676) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 908 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 996 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1092 ( 720) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1204 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1256 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1340 ( 720) C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
size: 611664
MD5: 17067069B9A7865028C1F2E6971D0CCC
PID: 1592 (1576) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1752 (1592) C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
PID: 1772 (1592) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 42344DDF30337979216EA6AFA58BB42A
PID: 1780 (1592) C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 4B10675852FE8862521024778E264D5F
PID: 1788 (1592) C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ED85B344E6EDC30C1BC57EC1A2A56BF3
PID: 1804 (1592) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: BC02E491E88492B02363CE1B384FF7A7
PID: 1832 (1592) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: B3E3C57FD22E71CE20389372D972C6DC
PID: 1876 (1592) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 583B7D111304BE63D7D9CB65482D2187
PID: 1924 (1592) C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
size: 69632
MD5: 1DE937F630D060335405680299D1AEBF
PID: 1932 (1592) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 1944 (1592) C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
size: 116224
MD5: 55C9DD19EDC545BC44FD32BC80B12831
PID: 2000 (1888) C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
size: 102400
MD5: 4B9A0B1D2F5EC3A7C375ADC615C395BE
PID: 164 ( 908) C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
size: 464384
MD5: CA7DE18D209E5FAB2CDA568EE314C471
PID: 196 (1592) C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
size: 135168
MD5: 727C775797D3B4B9E6C27DF4DFE3BA2F
PID: 216 (1592) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 484 (1592) C:\VSTASCAN\vsaccess.exe
size: 158208
MD5: 567341306667212138D99CA5496EACB9
PID: 932 ( 720) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 212 ( 720) C:\Program Files\new antispyware\avast4\aswUpdSv.exe
size: 49152
MD5: 188DDE79B2A12172286F5AAEC6184AFA
PID: 448 ( 720) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 8301243BDE5B6CD316D79C0191D50D9A
PID: 480 ( 720) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 1500 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 304 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2204 ( 720) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2648 ( 720) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 2940 ( 720) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3080 (1092) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 3408 ( 908) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 2076 (1592) C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 3164 (1592) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 625664
MD5: 232B22817B90AE0AFF2D189E3E3735AC
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/26/2008 4:56:14 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwZgbp0Dbid85eXhsp5neBrVMIx4PAarOIwCFagwJBp+xj8V7+/dWlbX5lWwzGuz1oR4ynPqdZf1brHg8NQYKW18nElr2s2trCa1/D7q2JU3c=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS+Ep9r7U5tXwEfq4AafU9gYEGnHQVV+6k9dlqdHpXgdboHxvVhiTQntT4egT1EGMABXR9mvRPMo0jnSkzsHV4RGNJXjD9tBHE8=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3A4583A-A704-4733-BC1F-E18CEA58111D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3A4583A-A704-4733-BC1F-E18CEA58111D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace


end Spybot log

I didn't tell it to Fix any of these new guys for fear of messing something up. They all look like removable things, though.

Thanks,
Ura-Maru

Shaba
2008-06-27, 09:15
Hi

You can have spybot fix them, yes :)

After that:

Create own folder for HijackThis to desktop and move it into that folder.

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dllll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com

Close all windows including browser and press fix checked.

Reboot.

Delete these:

C:\Documents and Settings\Edwina\Application Data\WeatherStudio
C:\Documents and Settings\All Users\Application Data\WeatherStudio
C:\WINDOWS\system32\jpwnw64k.exe
C:\WINDOWS\system32\{469104d8-d9e1-bead-e4fe-8ed6459d9bc1}.dll-uninst.exe

Empty Recycle Bin.

Post back a fresh HijackThis log.

Ura-Maru
2008-06-28, 01:46
Spybot said it needed a scan after reboot to get rid of Zango, but the post-reboot scan didn't seem to find it again. Don't know if that's important or not.


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:42 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Edwina\Desktop\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS+Ep9r7U5tXwEfq4AafU9gYEGnHQVV+6k9dlqdHpXgdboHxvVhiTQntT4egT1EGMABXR9mvRPMo0jnSkzsHV4RGK38/9XOYui2Y5RiJM9xFMA==
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8024 bytes

end HJT log

Thanks,
Ura-Maru

Shaba
2008-06-28, 12:02
Hi

Well that's great :)

Please make sure that all programs are closed when installing Java.

Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
Double click on jre-6u6-windows-i586-p.exe to install Java.
After the Java installation has finished, please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

Ura-Maru
2008-06-29, 22:43
Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 29, 2008 08:40:45
Records in database: 896750
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 62916
Threat name: 24
Infected objects: 53
Suspicious objects: 0
Duration of the scan: 01:00:36


File name / Threat name / Threats count
C:\Documents and Settings\Edwina\Application Data\Sun\Java\Deployment\cache\6.0\45\30b71c2d-3b265a27 Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Edwina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-7c7d6935.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Edwina\Desktop\Hijackthis\backups\backup-20080627-182227-685.dll Infected: not-a-virus:AdWare.Win32.Comet.az 1
C:\Documents and Settings\Edwina\Desktop\requested-files[2008-06-25_14_16].cab Infected: not-a-virus:AdWare.Win32.BHO.th 1
C:\QooBox\Quarantine\C\Documents and Settings\Edwina\Application Data\ICROSO~1\nslookup.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\QooBox\Quarantine\C\Documents and Settings\Edwina\My Documents\FNTS~1\rυndll32.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.id 1
C:\QooBox\Quarantine\C\Documents and Settings\Edwina\wn0008.exe.vir Infected: not-virus:Hoax.Win32.Renos.gk 1
C:\QooBox\Quarantine\C\Program Files\altcmd\altcmd32.dll.vir Infected: Trojan.Win32.Dialer.btz 1
C:\QooBox\Quarantine\C\Program Files\altcmd\altcmd32.dll1.vir Infected: Trojan.Win32.Dialer.btz 1
C:\QooBox\Quarantine\C\Program Files\Windows Plus\quka.dll.vir Infected: Trojan.Win32.BHO.ab 1
C:\QooBox\Quarantine\C\Program Files\Windows Plus\quka83.dll.vir Infected: Trojan.Win32.BHO.ab 1
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.ctv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\byXOhEvV.dll.vir Infected: Trojan-Downloader.Win32.ConHook.aek 1
C:\QooBox\Quarantine\C\WINDOWS\system32\daSgo02\daSgo021099.exe.vir Infected: Trojan-Downloader.Win32.VB.cho 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dhajojtj.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\fltmgrr.sys.vir Infected: Rootkit.Win32.Agent.aol 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dwfrjckk.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fhapnrou.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\g99.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gbymcbkk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gokgxhey.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jjcikwfs.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jlmkycta.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jmmxljkk.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lmlwpokg.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lryehrsd.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mhsvxujn.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\myugshea.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ncntqkdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nixfukxm.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\opnnmJbA.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pkghbdan.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pqogvmxx.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\scaxlmfy.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sfanohmw.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntaxdn.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vbntukjl.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vntiho01\vntiho011065.exe.vir Infected: Trojan-Downloader.Win32.VB.epp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wyr.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xtwqbjey.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yclvlrkm.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ynqkddtd.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\{cc781633-302b-b76d-2f5f-2ef83eace530}.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\QooBox\Quarantine\C\WINDOWS\TEK76.exe.vir Infected: Trojan.Win32.BHO.ab 1
C:\QooBox\Quarantine\catchme2008-06-22_155513.84.zip Infected: Trojan-Downloader.Win32.ConHook.aek 1
C:\VundoFix Backups\awtss.dll.bad Infected: Trojan.Win32.Monder.gen 1
C:\VundoFix Backups\evzrxsov.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k 1
C:\VundoFix Backups\tivwsnft.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k 1
C:\WINDOWS\system32\daSgo01\daSgo011065.exe Infected: Trojan-Downloader.Win32.VB.cho 1
C:\WINDOWS\system32\pmai.dll Infected: not-a-virus:AdWare.Win32.BHO.th 1
C:\WINDOWS\system32\pmls.dll Infected: not-a-virus:AdWare.Win32.RK.ab 1
C:\WINDOWS\system32\pmropn.exe Infected: not-a-virus:AdWare.Win32.RK.t 1

The selected area was scanned.

end kaspersky log

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:11 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\Edwina\Desktop\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS+Ep9r7U5tXwEfq4AafU9gYEGnHQVV+6k9dlqdHpXgdboHxvVhiTQntT4egT1EGMABXR9mvRPMo0jnSkzsHV4RGK38/9XOYui2Y5RiJM9xFMA==
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 7958 bytes

end HJT log

Thanks,
Ura-Maru

Shaba
2008-06-30, 14:56
Hi

Delete these:

C:\Documents and Settings\Edwina\Desktop\Hijackthis\backups\backup-20080627-182227-685.dll
C:\Documents and Settings\Edwina\Desktop\requested-files[2008-06-25_14_16].cab
C:\WINDOWS\system32\daSgo01
C:\WINDOWS\system32\pmai.dll
C:\WINDOWS\system32\pmls.dll
C:\WINDOWS\system32\pmropn.exe

Empty these folders:

C:\Documents and Settings\Edwina\Application Data\Sun\Java\Deployment\cache\
C:\QooBox\Quarantine\
C:\VundoFix Backups\

Empty Recycle Bin.

Still problems?

Ura-Maru
2008-07-01, 04:45
Spybot and Kaspersey both gave me a clean bill of health.

Ad-Aware found a big scary list of things:

Toolbar.LanguageBar
Win32.Trojan.BHO
PurityScan
Win32.TrojanDownloader.Homles
Win32.TrojanDownloader.Small
Win32.Trojan.Crypt
Adware.Agent
Win32.Hoax.Renos
Win32.Rootkit.Agent
Vutumonde
Win32.Trojan.LowZones

but all but the first were in a c:\System Volume Information\_restore{long letter sequence here} folder, so I assume they're the false positives that the spybot popup warned about, correct?

Can I assume it's clean?

Just in case it helps,
HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:47 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\new antispyware\avast4\aswUpdSv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Edwina\Desktop\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS+Ep9r7U5tXwEfq4AafU9gYEGnHQVV+6k9dlqdHpXgdboHxvVhiTQntT4egT1EGMABXR9mvRPMo0jnSkzsHV4RGK38/9XOYui2Y5RiJM9xFMA==
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\Program Files\new antispyware\avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\NEWANT~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201740934859
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4583A-A704-4733-BC1F-E18CEA58111D}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\new antispyware\Ad Aware 2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\new antispyware\avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\new antispyware\avast4\ashserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 7819 bytes

end HJT log.

Thanks,
Ura-Maru

Shaba
2008-07-01, 16:57
Hi

"but all but the first were in a c:\System Volume Information\_restore{long letter sequence here} folder, so I assume they're the false positives that the spybot popup warned about, correct?"

No they are not likely false positives but in system restore and inactive. I give you later instructions how to empty it.

Where was Toolbar.LanguageBar?

Ura-Maru
2008-07-02, 03:41
It's here:

Family Id: 1459 Name: Toolbar.LanguageBar Category: Trackware TAI:3
Item Id: 300040610 Value: Root: HKU Path: S-1-5-21-1847219764-3989419004-826717445-1005\software\microsoft\internet explorer\urlsearchhooks Value: {ca3eb689-8f09-4026-aa10-b9534c691ce0}

I haven't yet tried to remove it.


I hope this isn't some terrible breach of manners . . .
Some Other Spyware Remover Log (part 1):

Ad-Aware Build
Log File Created on: 2008-07-01 20:12:21
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef
Computer name: D6X5F391
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: Intel(R) Pentium(R) 4 CPU 2.80GHz
Memory Available: 31%
Total Physical Memory: 526462976 Bytes
Available Physical Memory: 158945280 Bytes
Total Page File Size: 1286942720 Bytes
Available On Page File: 877477888 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1896865792 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 98
Build Number: 0
Build Date and Time: 2008/07/01 11:27:13

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 334245
Infections Detected: 60
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 11 11
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 27 27
File Hash Scan..: 20 20

Infections Found
===========================
Family Id: 1459 Name: Toolbar.LanguageBar Category: Trackware TAI:3
Item Id: 300040610 Value: Root: HKU Path: S-1-5-21-1847219764-3989419004-826717445-1005\software\microsoft\internet explorer\urlsearchhooks Value: {ca3eb689-8f09-4026-aa10-b9534c691ce0}
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat msnportal.112.2o7.net s_vi /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat specificclick.net dmc /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat specificclick.net dmk /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat specificclick.net smc /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat specificclick.net smk /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat specificclick.net dmp /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat specificclick.net smdmp /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat specificclick.net apfe /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat specificclick.net smx /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat adopt.specificclick.net DMEXP /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat adopt.specificclick.net CTCI /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat adopt.specificclick.net HS /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat adopt.specificclick.net DGI /
Item Id: 600000073 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat adopt.specificclick.net UI /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat insightexpressai.com IXAIBanners1154 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat insightexpressai.com IXAIBannerCounter33513 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat insightexpressai.com IXAIFirstHit1154 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat insightexpressai.com IXAILastHit1154 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat insightexpressai.com IXAICampaignCounter1154 /
Item Id: 600000400 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat tacoda.net TID /
Item Id: 600000400 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat tacoda.net Xsd /
Item Id: 600000400 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat tacoda.net ANRTT /
Item Id: 600000400 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat tacoda.net Tsid /
Item Id: 600000400 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat tacoda.net TData /
Item Id: 600000400 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat tacoda.net Anxd /
Item Id: 600000400 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat tacoda.net Tcc /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Edwina\Cookies\index.dat 2o7.net s_vi_jtiedhj /
Family Id: 1321 Name: Win32.Trojan.BHO Category: Malware TAI:10
Item Id: 168900 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP873\A0063946.dll
Item Id: 181177 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP878\A0069172.exe
Family Id: 553 Name: PurityScan Category: Malware TAI:6
Item Id: 147102 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP873\A0063947.exe
Item Id: 147102 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067692.exe
Family Id: 2171 Name: Win32.TrojanDownloader.Homles Category: Malware TAI:10
Item Id: 168203 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP873\A0063955.exe
Item Id: 172226 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP873\A0063956.exe
Family Id: 1032 Name: Win32.TrojanDownloader.Small Category: Malware TAI:7
Item Id: 172359 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP873\A0063957.exe
Item Id: 300021673 Value: Root: HKCR Path: lk.auto
Item Id: 300021800 Value: Root: HKLM Path: software\microsoft\tracing\fwcfg
Family Id: 948 Name: Win32.Trojan.Crypt Category: Virus TAI:10
Item Id: 173232 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP873\A0063958.exe
Family Id: 53 Name: Adware.Agent Category: Adware TAI:5
Item Id: 150332 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP874\A0064027.dll
Item Id: 150332 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067551.dll
Item Id: 177584 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP878\A0069026.exe
Item Id: 177585 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP878\A0069028.exe
Item Id: 300029642 Value: Root: HKLM Path: software\microsoft\windows\currentversion\policies\system Value: disableregistrytools
Item Id: 300044754 Value: Root: HKLM Path: software\microsoft\ms juan
Item Id: 300050335 Value: Root: HKU Path: S-1-5-21-1847219764-3989419004-826717445-1005\software\getmodule
Item Id: 300050336 Value: Root: HKU Path: S-1-5-21-1847219764-3989419004-826717445-1005\software\getpack
Item Id: 300050343 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\icheck
Family Id: 1176 Name: Win32.Hoax.Renos Category: Misc TAI:5
Item Id: 177627 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067493.exe
Item Id: 300034596 Value: Root: HKU Path: S-1-5-21-1847219764-3989419004-826717445-1005\software\microsoft\windows\currentversion\policies\explorer Value: classicshell
Item Id: 300049253 Value: Root: HKLM Path: software\microsoft\windows\currentversion\policies\system Value: disableregistrytools
Family Id: 1333 Name: Win32.Rootkit.Agent Category: Malware TAI:10
Item Id: 150548 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067550.sys
Family Id: 763 Name: Virtumonde Category: Malware TAI:10
Item Id: 181439 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067553.dll
Item Id: 181436 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067567.dll
Item Id: 181440 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067569.dll
Item Id: 300049900 Value: Root: HKU Path: S-1-5-21-1847219764-3989419004-826717445-1005\software\microsoft\contim
Family Id: 973 Name: Win32.Trojan.LowZones Category: Exploit TAI:10
Item Id: 181488 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067554.exe
Item Id: 181488 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067560.exe
Item Id: 181488 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP876\A0067573.exe
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Edwina\Recent Count: 38
Item Id: 2 Value: MRU Registry Key: S-1-5-21-1847219764-3989419004-826717445-1005\Software\Microsoft\Search Assistant\ACMru\5603 Count: 4

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sxs.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\winmm.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\samlib.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\clbcatq.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\dmserver.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\es.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\sens.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\browser.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winhttp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\sxs.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\unimdmat.dll

c:\windows\system32\modemui.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\hid.dll

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wups2.dll

c:\windows\system32\advpack.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\regsvc.dll

C:\PROGRAM FILES\NEW ANTISPYWARE\AD AWARE 2008\AAWSERVICE.EXE
c:\program files\new antispyware\ad aware 2008\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\new antispyware\ad aware 2008\ceapi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\new antispyware\ad aware 2008\pkarchive85u.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\samlib.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\mlang.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msctf.dll

c:\windows\system32\winsta.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\fxsst.dll

c:\windows\system32\winspool.drv

c:\windows\system32\fxsapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\browselc.dll

c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll

c:\progra~1\newant~1\spybot~2\sdhelper.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\faultrep.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\jsproxy.dll

c:\windows\system32\sxs.dll

c:\windows\system32\duser.dll

c:\program files\new antispyware\avast4\ashshell.dll

c:\windows\system32\msvcp70.dll

c:\windows\system32\msvcr70.dll

c:\windows\system32\mydocs.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\davclnt.dll

C:\WINDOWS\EHOME\EHTRAY.EXE
c:\windows\ehome\ehtray.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\atl.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\hid.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\winmm.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\ehome\ehproxy.dll

C:\WINDOWS\SYSTEM32\HKCMD.EXE
c:\windows\system32\hkcmd.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\hccutils.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msctf.dll

c:\windows\system32\igfxres.dll

C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
c:\windows\system32\igfxpers.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

C:\PROGRAM FILES\JAVA\JRE1.6.0_06\BIN\JUSCHED.EXE
c:\program files\java\jre1.6.0_06\bin\jusched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

C:\PROGRAM FILES\INTEL\MODEM EVENT MONITOR\INTELMEM.EXE
c:\program files\intel\modem event monitor\intelmem.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\intelmpm.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\msvcrt.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\oledlg.dll

c:\windows\system32\ole32.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msctf.dll

Ura-Maru
2008-07-02, 03:42
C:\PROGRAM FILES\CYBERLINK\POWERDVD\DVDLAUNCHER.EXE
c:\program files\cyberlink\powerdvd\dvdlauncher.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
c:\program files\common files\installshield\updateservice\issch.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\CANON\MEMORY CARD UTILITY\IP6600D\PDUIP6600DMON.EXE
c:\program files\canon\memory card utility\ip6600d\pduip6600dmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
c:\program files\common files\real\update_ob\realsched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

C:\PROGRAM FILES\EFAX MESSENGER 4.3\J2GDLLCMD.EXE
c:\program files\efax messenger 4.3\j2gdllcmd.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\program files\efax messenger 4.3\j2gsdk43.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\version.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\program files\efax messenger 4.3\j2gres_enu.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\DELLSUPPORT\DSAGNT.EXE
c:\program files\dellsupport\dsagnt.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\dellsupport\gtagnt.dll

c:\program files\dellsupport\cfgdata.dll

c:\program files\dellsupport\actmgr.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\urlmon.dll

c:\progra~1\dellsu~1\gtaction\handlers\brkrsvch.dll

c:\progra~1\dellsu~1\gtaction\handlers\grouph.dll

c:\progra~1\dellsu~1\gtaction\handlers\pnph.dll

c:\progra~1\dellsu~1\gtaction\handlers\qdiagh.dll

c:\progra~1\dellsu~1\gtaction\handlers\trgloadh.dll

c:\progra~1\dellsu~1\gtaction\handlers\trgregh.dll

c:\program files\dellsupport\trgmgr.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\winspool.drv

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\mlang.dll

c:\progra~1\dellsu~1\gdql_d.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\mpr.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\msvfw32.dll

c:\windows\system32\avicap32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\iphlpapi.dll

c:\progra~1\dellsu~1\gtaction\triggers\timert.dll

c:\progra~1\dellsu~1\gtaction\triggers\dsproct.dll

c:\windows\system32\psapi.dll

c:\progra~1\dellsu~1\gtaction\triggers\dswnhnt.dll

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DELL\TRANSFERAGENT\TRANSFERAGENT.EXE
c:\documents and settings\all users\application data\dell\transferagent\transferagent.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\mscoree.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorwks.dll

c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll

c:\windows\microsoft.net\framework\v1.1.4322\fusion.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll

c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7e85275f\mscorlib.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorsn.dll

c:\windows\system32\uxtheme.dll

c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7c8cd7f5\system.windows.forms.dll

c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2fdc878d\system.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorjit.dll

c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_a73c4da3\system.drawing.dll

c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f23b326e\system.xml.dll

c:\windows\system32\xpsp2res.dll

c:\documents and settings\all users\application data\dell\transferagent\en-us\transferagent.resources.dll

c:\documents and settings\all users\application data\dell\transferagent\en\transferagent.resources.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\oleaut32.dll

c:\documents and settings\all users\application data\dell\transferagent\microsoft.msdn.samples.bits.dll

c:\documents and settings\all users\application data\dell\transferagent\backgroundcopymanager.dll

c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\dciman32.dll

C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msutb.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctfime.ime

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDIAG.EXE
c:\progra~1\musicm~1\musicm~3\mmdiag.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\progra~1\musicm~1\musicm~3\coredll.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\mfc71u.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

C:\VSTASCAN\VSACCESS.EXE
c:\vstascan\vsaccess.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\msvcrt.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\vud32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MIM.EXE
c:\program files\musicmatch\musicmatch jukebox\mim.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\atl71.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\ole32.dll

c:\program files\musicmatch\musicmatch jukebox\coredll.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\program files\musicmatch\musicmatch jukebox\mimsessionmanager.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\program files\musicmatch\musicmatch jukebox\mimdb.dll

c:\program files\musicmatch\musicmatch jukebox\attributeinfo.dll

c:\program files\musicmatch\musicmatch jukebox\threadutils.dll

c:\program files\musicmatch\musicmatch jukebox\usagebracketing.dll

c:\windows\system32\msjetoledb40.dll

c:\windows\system32\msjet40.dll

c:\windows\system32\mswstr10.dll

c:\windows\system32\msjter40.dll

c:\windows\system32\msjint40.dll

c:\program files\common files\system\ole db\oledb32.dll

c:\windows\system32\msdart.dll

c:\windows\system32\comdlg32.dll

c:\program files\common files\system\ole db\oledb32r.dll

c:\program files\musicmatch\musicmatch jukebox\devicemanager.dll

c:\program files\musicmatch\musicmatch jukebox\eventmgr.dll

c:\program files\musicmatch\musicmatch jukebox\mimjobs.dll

c:\program files\musicmatch\musicmatch jukebox\licmgr.dll

c:\program files\musicmatch\musicmatch jukebox\mmgit.dll

c:\program files\musicmatch\musicmatch jukebox\mmdrm.dll

c:\windows\system32\wmvcore.dll

c:\windows\system32\wmasf.dll

c:\program files\musicmatch\musicmatch jukebox\trackutils.dll

c:\program files\musicmatch\musicmatch jukebox\mmhttp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\musicmatch\musicmatch jukebox\enforce.dll

c:\program files\musicmatch\musicmatch jukebox\crypt.dll

c:\program files\musicmatch\musicmatch jukebox\mmreg.dll

c:\program files\musicmatch\musicmatch jukebox\skinnedctrls.dll

c:\windows\system32\mfc71u.dll

c:\program files\musicmatch\musicmatch jukebox\objectmanager.dll

c:\program files\musicmatch\musicmatch jukebox\portalservices2.dll

c:\program files\musicmatch\musicmatch jukebox\filecachemgr.dll

c:\program files\musicmatch\musicmatch jukebox\netutilsdll.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\musicmatch\musicmatch jukebox\musicnet.dll

c:\program files\musicmatch\musicmatch jukebox\mmlicmgr.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\program files\musicmatch\musicmatch jukebox\filetagobj.dll

c:\program files\musicmatch\musicmatch jukebox\localdisk_factory.dll

c:\program files\musicmatch\musicmatch jukebox\tod_factory.dll

c:\program files\musicmatch\musicmatch jukebox\stream_factory.dll

c:\program files\musicmatch\musicmatch jukebox\portable_factory.dll

c:\program files\musicmatch\musicmatch jukebox\cddvd_factory.dll

c:\program files\musicmatch\musicmatch jukebox\cddvdaccess.dll

c:\program files\musicmatch\musicmatch jukebox\primosdk.dll

c:\windows\system32\winmm.dll

c:\windows\system32\px.dll

c:\program files\musicmatch\musicmatch jukebox\tod_do.dll

c:\program files\musicmatch\musicmatch jukebox\stream_do.dll

c:\program files\musicmatch\musicmatch jukebox\winmsgobject.dll

c:\program files\musicmatch\musicmatch jukebox\portableagent.dll

c:\program files\musicmatch\musicmatch jukebox\portabledevice2.dll

c:\program files\musicmatch\musicmatch jukebox\portabledevice.dll

c:\program files\musicmatch\musicmatch jukebox\metadatacache.dll

c:\windows\system32\pxsfs.dll

c:\program files\musicmatch\musicmatch jukebox\basicobjs.dll

c:\program files\musicmatch\musicmatch jukebox\graphicsutils.dll

c:\windows\system32\pxdrv.dll

c:\windows\system32\pxmas.dll

c:\windows\system32\pxwave.dll

c:\windows\system32\msjtes40.dll

c:\windows\system32\vbajet32.dll

c:\windows\system32\expsrv.dll

c:\program files\musicmatch\musicmatch jukebox\localdisk_do.dll

c:\windows\system32\mpr.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\program files\musicmatch\musicmatch jukebox\mimcallbackobjs.dll

c:\windows\system32\vxblock.dll

c:\program files\musicmatch\musicmatch jukebox\cddvd_do.dll

c:\program files\musicmatch\musicmatch jukebox\rbcdrepository.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\urlmon.dll

c:\program files\musicmatch\musicmatch jukebox\wavmp3tag.dll

c:\program files\musicmatch\musicmatch jukebox\dummytagobj.dll

c:\program files\musicmatch\musicmatch jukebox\wmaobj.dll

c:\program files\musicmatch\musicmatch jukebox\playlistfileobj.dll

c:\program files\musicmatch\musicmatch jukebox\playlistm3ufileobj.dll

c:\program files\musicmatch\musicmatch jukebox\playlistplsfileobj.dll

c:\program files\dell\sharedll\djbsdk.dll

c:\program files\musicmatch\musicmatch jukebox\plugins\portable2004\wmdm\mdplugin.dll

c:\windows\system32\mswmdm.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wmdmlog.dll

c:\windows\system32\wmdmps.dll

c:\windows\system32\mspmsp.dll

c:\windows\system32\cewmdm.dll

c:\windows\system32\msscp.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\cnmlm7d.dll

c:\windows\system32\psapi.dll

c:\windows\system32\fxsmon.dll

c:\windows\system32\fxsevent.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\cnmpd7d.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRAM FILES\NEW ANTISPYWARE\AVAST4\ASWUPDSV.EXE
c:\program files\new antispyware\avast4\aswupdsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\new antispyware\avast4\aswcmns.dll

c:\program files\new antispyware\avast4\aswcmnos.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcp70.dll

c:\windows\system32\msvcr70.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\program files\new antispyware\avast4\aswcmnb.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

C:\WINDOWS\EHOME\EHRECVR.EXE
c:\windows\ehome\ehrecvr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\faultrep.dll

c:\windows\system32\version.dll

c:\windows\system32\userenv.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\psapi.dll

c:\windows\ehome\ehtrace.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\sbe.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msvidctl.dll

c:\windows\system32\quartz.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\devenum.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\msdmo.dll

C:\WINDOWS\EHOME\EHSCHED.EXE
c:\windows\ehome\ehsched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\ehome\ehproxy.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\tapi3.dll

c:\windows\system32\wininet.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\winmm.dll

c:\windows\system32\rtutils.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\confmsp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\termmgr.dll

c:\windows\system32\h323msp.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\msasn1.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wiaservc.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\umaxscan.dll

c:\windows\system32\umaxu12.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\sti.dll

C:\WINDOWS\EHOME\MCRDSVC.EXE
c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\ehome\ehtrace.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\DLLHOST.EXE
c:\windows\system32\dllhost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\txflog.dll

c:\windows\system32\es.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\sxs.dll

C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
c:\windows\system32\wscntfy.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

C:\WINDOWS\EHOME\EHMSAS.EXE
c:\windows\ehome\ehmsas.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
c:\program files\internet explorer\iexplore.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ieui.dll

c:\windows\system32\msimg32.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msimtf.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\setupapi.dll

c:\program files\internet explorer\ieproxy.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\mlang.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll

c:\progra~1\newant~1\spybot~2\sdhelper.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\faultrep.dll

c:\windows\system32\userenv.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\jsproxy.dll

c:\program files\java\jre1.6.0_06\bin\ssv.dll

c:\program files\java\jre1.6.0_06\bin\msvcr71.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\ieapfltr.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\jscript.dll

c:\windows\system32\iepeers.dll

c:\windows\system32\winspool.drv

c:\windows\system32\rsaenh.dll

c:\windows\system32\vbscript.dll

c:\windows\system32\macromed\flash\flash9e.ocx

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\schannel.dll

c:\windows\system32\mshtmled.dll

c:\windows\system32\dxtrans.dll

c:\windows\system32\atl.dll

c:\windows\system32\ddrawex.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\msfeeds.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
c:\windows\system32\wuauclt.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\esent.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wups2.dll

C:\PROGRAM FILES\NEW ANTISPYWARE\AD AWARE 2008\AD-AWARE.EXE
c:\program files\new antispyware\ad aware 2008\ad-aware.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\program files\new antispyware\ad aware 2008\lavalicense.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\olepro32.dll

c:\program files\new antispyware\ad aware 2008\lavamessage.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

End of Scan Section
===========================

end Some Other Spyware Remover log

Thanks,
Ura-Maru

Shaba
2008-07-02, 14:09
Hi

I see.

Fix this entry with HijackThis:

R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)

And it should be gone :)

Ura-Maru
2008-07-03, 03:53
Looks like that took care of it. Toolbar.Languagebar is gone now.

Thanks,
Ura-Maru

Shaba
2008-07-03, 13:30
Hi

Great :)

Still problems?

Ura-Maru
2008-07-04, 23:31
Spybot and Kaspersky both find nothing, and Ad-Aware only finds the System Restore backups.

So, it looks like no problems. :)


Thanks,
Ura-Maru

Shaba
2008-07-05, 11:49
Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://bfccomputers.com/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://bfccomputers.com/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb:

Shaba
2008-07-07, 18:26
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.