Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Like everyone else, when I run a search in Yahoo or Google and click a result, I am redirected to some crappy ad page. This is quite annoying. Also I noticed banner ads on pages have all been changed to "Vimax" or "Naturomax" ads.
Any help cleaning off this mess is greatly appreciated. Thanks a ton!!!
Please download Malwarebytes' Anti-Malware from one of these sites:
Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.
1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.
If Malwarebytes installed but will not run navigate to this folder:C:\Programs Files\Malwarebytes' AntiMalware
Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.
Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack ThisRename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
0 
Ok, Thanks for helping me out...
The HJT came up with a message that it was denied something to do with Host files. But the log was as followed:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:12 AM, on 2/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: NormalRunning processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Drak\Desktop\tools.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\CommonFiles\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\ProgramFiles\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\SymantecShared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart WebPrinting\hpswp_framework.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\SymantecShared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart WebPrinting\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\ProgramFiles\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -http://lads.myspace.com/upload/MySp...
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -http://h20270.www2.hp.com/ediags/gm...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile DeviceSupport\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\ProgramFiles\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\ProgramFiles\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\SymantecShared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\SymantecShared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\CommonFiles\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP QuickLaunch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\SymantecShared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP GameConsole\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP HealthCheck\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\CommonFiles\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\SymantecShared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\ProgramFiles\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\ProgramFiles\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\SharedFiles\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--
End of file - 9237 bytes
The MBAM log file is as follows:
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 6.0.6001 Service Pack 12/22/2009 8:10:16 AM
mbam-log-2009-02-22 (08-10-16).txtScan type: Quick Scan
Objects scanned: 58387
Time elapsed: 4 minute(s), 1 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 3
Files Infected: 5Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8b538f60-d6d5-46ba-835c-af8a1dff4d70}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d91b9c61-dc39-43e4-9811-9e801ea3c626}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8b538f60-d6d5-46ba-835c-af8a1dff4d70}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d91b9c61-dc39-43e4-9811-9e801ea3c626}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8b538f60-d6d5-46ba-835c-af8a1dff4d70}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d91b9c61-dc39-43e4-9811-9e801ea3c626}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.102,85.255.112.83 -> Quarantined and deleted successfully.Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Drak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.Files Infected:
C:\Program Files\Mozilla Firefox\Components\iamfamous.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\ntldr.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aquaplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
again this is greatly appreciated...
0
its a browser hijacker in ur pc that hijacks and redirects google, yahooa nd other search engine search results to other websites adverts. you should follow the manual guide given at http://darfuns.com/remove-google-se... to remove google search hijacker
0
Go to start> run> type in notepad click ok> click format> uncheck word wrap then exit notepad.
Please download ComboFix to the desktop from one of the following links:
Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In your case to run Combofix do the following:
1. Go offline turn off your Norton antivirus, Windows Defender and any other realtime antispyware that you may have.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
0
Are you still being redirected?
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Run an online scan with Kaspersky from the following link:
Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
0
----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, February 24, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, February 24, 2009 04:55:37
Records in database: 1836899
----------------------Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yesScan area - My Computer:
C:\
D:\
E:\Scan statistics:
Files scanned: 182870
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:42:09
File name / Threat name / Threats count
C:\Qoobox\Quarantine\D\resycled\ntldr.com.vir Infected: Packed.Win32.Tdss.a 1The selected area was scanned.
0
You did not answer the question... are you still being redirected?
Please run Combofix following the directions in response #4
0
sorry, been really busy, But I extremely appreciate your help.
No, I am not being redirected any longer. Also the stupid ads that took over are gone.
The current combofix log is as follows:ComboFix 09-02-21.01 - Drak 2009-02-24 21:54:11.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1123 [GMT -5:00]
Running from: c:\users\Drak\Desktop\toolb.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *enabled*
.((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.2009-02-22 14:31 . 2009-02-24 21:53 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS
2009-02-22 12:41 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-22 12:41 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-22 08:04 . 2009-02-22 08:04 <DIR> d-------- c:\users\Drak\AppData\Roaming\Malwarebytes
2009-02-22 08:04 . 2009-02-22 08:04 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-22 08:04 . 2009-02-22 08:04 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-22 08:04 . 2009-02-22 08:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 08:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-22 08:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-21 19:12 . 2009-02-22 14:29 <DIR> d-a------ c:\users\All Users\TEMP
2009-02-21 19:12 . 2009-02-22 14:29 <DIR> d-a------ c:\programdata\TEMP
2009-02-21 19:12 . 2009-02-21 19:14 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-14 19:06 . 2009-02-14 19:06 <DIR> d-------- c:\program files\iPod
2009-02-14 19:05 . 2009-02-14 19:06 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-14 19:05 . 2009-02-14 19:06 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-14 19:05 . 2009-02-14 19:06 <DIR> d-------- c:\program files\iTunes
2009-02-14 19:01 . 2009-02-14 19:01 <DIR> d-------- c:\program files\QuickTime
2009-01-25 12:41 . 2009-01-25 12:41 <DIR> d-------- c:\program files\Avago-HP.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 08:01 --------- d-----w c:\programdata\Microsoft Help
2009-02-21 12:52 --------- d-----w c:\program files\Java
2009-02-15 00:06 --------- d-----w c:\program files\Common Files\Apple
2009-02-06 02:12 --------- d-----w c:\program files\BitComet
2009-01-30 03:21 --------- d-----w c:\program files\RM-X Player V5.2
2009-01-28 12:29 --------- d-----w c:\programdata\Symantec
2009-01-25 17:41 --------- d-----w c:\program files\Hewlett-Packard
2009-01-15 05:00 27,744 ----a-w c:\users\All Users\nvModes.dat
2009-01-15 05:00 27,744 ----a-w c:\programdata\nvModes.dat
2009-01-15 02:28 --------- d-----w c:\program files\Windows Mail
2009-01-10 05:55 2,680 ----a-w c:\users\Drak\AppData\Roaming\wklnhst.dat
2009-01-09 23:29 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-09 23:29 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-09 23:29 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-09 23:29 --------- d-----w c:\program files\Symantec
2009-01-09 03:10 --------- d-----w c:\program files\Common Files\Adobe
2009-01-04 05:00 --------- d-----w c:\program files\Safari
2009-01-01 06:20 --------- d-----w c:\programdata\Yahoo! Companion
2009-01-01 05:41 --------- d-----w c:\program files\Google
2008-12-25 03:54 27,744 ----a-w c:\users\Drak\AppData\Roaming\nvModes.dat
2008-05-30 22:15 174 --sha-w c:\program files\desktop.ini
2007-08-25 01:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-02-08 21:10 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-02-08 21:10 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-08 21:10 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-02-08 21:10 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-02-08 21:10 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\System32\nbDX.dll
.((((((((((((((((((((((((((((( SnapShot@2009-02-22_14.37.12.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-15 02:25:36 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-23 08:01:06 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-15 02:25:36 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-23 08:01:06 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-15 02:25:36 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-23 08:01:06 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-15 02:25:36 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-23 08:01:06 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-15 02:25:36 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-23 08:01:06 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-15 02:25:36 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-23 08:01:06 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-15 02:25:36 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-23 08:01:06 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-15 02:25:36 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-23 08:01:06 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-15 02:25:36 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-23 08:01:06 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-15 02:25:36 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-23 08:01:06 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-22 13:13:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-23 08:12:09 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-22 13:13:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-23 08:12:09 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-22 13:13:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-23 08:12:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-02-22 19:36:49 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-25 02:58:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-25 02:58:37 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-22 19:28:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-25 02:24:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-23 16:36:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009022320090224\index.dat
- 2009-02-22 19:28:56 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-25 02:24:34 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-22 19:28:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-25 02:24:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2009-01-15 06:07:53 6,069,248 ----a-w c:\windows\System32\ieframe.dll
- 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2009-01-15 06:07:53 270,336 ----a-w c:\windows\System32\iertutil.dll
- 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2009-01-15 06:08:05 28,160 ----a-w c:\windows\System32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\System32\mrt.exe
- 2008-01-19 07:34:58 458,240 ----a-w c:\windows\System32\msfeeds.dll
+ 2009-01-15 06:08:34 458,240 ----a-w c:\windows\System32\msfeeds.dll
- 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2009-01-15 06:08:35 3,580,416 ----a-w c:\windows\System32\mshtml.dll
- 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2009-01-15 06:08:50 671,232 ----a-w c:\windows\System32\mstime.dll
- 2009-02-22 13:19:34 547,500 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-24 02:58:24 561,894 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-22 13:19:34 1,850,046 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-24 02:58:24 1,890,234 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-22 17:40:35 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-02-23 08:11:05 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2009-01-15 06:11:05 1,166,336 ----a-w c:\windows\System32\urlmon.dll
- 2009-02-22 13:15:11 8,906 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2032527105-3543101346-1489520573-1000_UserData.bin
+ 2009-02-22 19:43:21 8,906 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2032527105-3543101346-1489520573-1000_UserData.bin
- 2009-02-22 13:15:11 75,434 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-22 19:43:21 75,442 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-22 13:15:09 48,656 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-22 19:43:20 48,664 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-22 17:40:20 171,847,181 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-23 08:01:15 172,000,011 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-15 04:15:58 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16809_none_a9ee2d39f5a1db5c\advpack.dll
+ 2009-01-15 04:14:44 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20996_none_aa1379db0f0b2a9a\advpack.dll
+ 2009-01-15 04:16:02 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16809_none_ebe936e9163ac15b\pngfilt.dll
+ 2009-01-15 04:18:35 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20996_none_ec0e838a2fa41099\pngfilt.dll
+ 2009-01-15 04:16:03 1,160,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\urlmon.dll
+ 2009-01-15 04:19:06 1,163,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_b32b2c3cf30487fd\urlmon.dll
+ 2009-01-15 06:11:05 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\urlmon.dll
+ 2009-01-16 04:59:50 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_b53baa48f00b8fd3\urlmon.dll
+ 2009-01-15 04:16:01 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16809_none_dee86e647f43f82e\mstime.dll
+ 2009-01-15 04:17:12 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20996_none_df0dbb0598ad476c\mstime.dll
+ 2009-01-15 06:08:50 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18203_none_e0c8ab4e7c6ff115\mstime.dll
+ 2009-01-16 04:57:07 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22355_none_e11e391195b44f42\mstime.dll
+ 2009-01-15 04:16:00 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\jsproxy.dll
+ 2009-01-15 04:16:03 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
+ 2009-01-15 04:16:03 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\WininetPlugin.dll
+ 2009-01-15 04:16:04 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\jsproxy.dll
+ 2009-01-15 04:19:13 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
+ 2009-01-15 04:19:13 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\WininetPlugin.dll
+ 2009-01-15 06:08:05 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\jsproxy.dll
+ 2009-01-15 06:11:16 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
+ 2009-01-16 04:56:01 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\jsproxy.dll
+ 2009-01-16 05:00:04 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
+ 2009-01-16 05:00:04 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\WininetPlugin.dll
+ 2009-01-15 04:16:00 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dll
+ 2009-01-15 04:15:42 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dll
+ 2009-01-15 04:15:59 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtmsft.dll
+ 2009-01-15 04:15:59 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtrans.dll
+ 2009-01-15 04:15:22 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtmsft.dll
+ 2009-01-15 04:15:22 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtrans.dll
+ 2009-01-15 04:16:00 459,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16809_none_5e09520c3d47b20a\msfeeds.dll
+ 2009-01-15 04:16:41 459,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.20996_none_5e2e9ead56b10148\msfeeds.dll
+ 2009-01-15 06:08:34 458,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18203_none_5fe98ef63a73aaf1\msfeeds.dll
+ 2009-01-16 04:56:39 458,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22355_none_603f1cb953b8091e\msfeeds.dll
+ 2009-01-15 04:16:00 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16809_none_464bb12746361260\mshtmled.dll
+ 2009-01-15 04:16:46 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20996_none_4670fdc85f9f619e\mshtmled.dll
+ 2009-01-15 04:16:00 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16809_none_1165da5c24fac888\mshtml.dll
+ 2009-01-15 04:16:45 3,596,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20996_none_118b26fd3e6417c6\mshtml.dll
+ 2009-01-15 06:08:35 3,580,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18203_none_134617462226c16f\mshtml.dll
+ 2009-01-16 04:56:43 3,580,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22355_none_139ba5093b6b1f9c\mshtml.dll
+ 2009-01-15 04:16:00 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16809_none_58be4726670f5491\icardie.dll
+ 2009-01-15 04:15:42 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20996_none_58e393c78078a3cf\icardie.dll
+ 2009-01-15 04:15:30 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\ieUnatt.exe
+ 2009-01-15 04:14:36 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
+ 2009-01-15 02:05:46 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\ieUnatt.exe
+ 2009-01-15 04:18:47 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
+ 2009-01-15 04:16:00 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\iertutil.dll
+ 2009-01-15 04:16:02 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\sqmapi.dll
+ 2009-01-15 04:15:44 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\iertutil.dll
+ 2009-01-15 04:18:57 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\sqmapi.dll
+ 2009-01-15 06:07:53 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\iertutil.dll
+ 2009-01-16 04:55:51 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\iertutil.dll
+ 2009-01-16 04:59:31 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\sqmapi.dll
+ 2009-01-15 04:15:30 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\ie4uinit.exe
+ 2009-01-15 04:16:00 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iernonce.dll
+ 2009-01-15 04:16:00 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iesetup.dll
+ 2009-01-15 02:05:40 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\ie4uinit.exe
+ 2009-01-15 04:15:44 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iernonce.dll
+ 2009-01-15 04:15:44 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iesetup.dll
+ 2009-01-15 04:16:00 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16809_none_2a18935467fa6c37\iebrshim.dll
+ 2009-01-15 04:15:42 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20996_none_2a3ddff58163bb75\iebrshim.dll
+ 2009-01-15 04:16:00 6,066,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieframe.dll
+ 2009-01-15 04:16:00 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieui.dll
+ 2009-01-15 04:15:44 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieframe.dll
+ 2009-01-15 04:15:44 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieui.dll
+ 2009-01-15 06:07:53 6,069,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieframe.dll
+ 2009-01-16 04:55:51 6,070,784 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieframe.dll
+ 2009-01-16 04:55:51 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieui.dll
+ 2009-01-15 04:15:30 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16809_none_e6bea0de9473aaed\ieinstal.exe
+ 2009-01-15 02:05:59 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20996_none_e6e3ed7faddcfa2b\ieinstal.exe
+ 2009-01-15 04:15:30 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16809_none_0b66d5fad6ee6a9f\ieuser.exe
+ 2009-01-15 02:06:01 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20996_none_0b8c229bf057b9dd\ieuser.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ares"="c:\program files\Ares\Ares.exe" [2009-01-03 893952][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup[HKLM\~\startupfolder\C:^Users^Drak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Drak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2008-06-02 02:55 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-01-08 21:17 52256 c:\program files\CyberLink\PowerDVD\Language\Language.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-09-30 22:34 181544 c:\program files\HP\QuickPlay\QPService.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 20:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 02:33 1233920 c:\program files\Windows Sidebar\sidebar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
--------- 2007-09-13 15:32 222504 c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"<NO NAME>"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EFB2612-BEB1-4647-9DC3-9ED1B6D0D9BB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6FB32505-7F0B-44E7-8703-EB9A59BB25A3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F9A471-8027-46D7-B87D-3B00E00613F1}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B53655B4-6403-4A16-BB77-041FD462C49C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AA77CB1F-E389-47C9-9BCB-F854CBC26CED}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{958009E7-8CD9-4EF9-9A5B-46DFB951DC6E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{DE596D91-7AB7-4C48-A03D-5E9BBD6CC6F6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ABFFA408-33AB-4437-AD7A-7BBBCC361DEB}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{AA319791-E5C2-4105-BC25-2D81CF5FCCCF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C7E9B0CB-0AE6-4EE6-8640-5A9DF9AA5996}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8ADC35B0-E197-4F7B-BA0A-5C291862D0EE}"= UDP:9420:Akamai NetSession Interface
"{99ABCA8D-1726-4A2C-9B5F-77FA75BFC3D8}"= TCP:5000:Akamai NetSession Interface
"{BE6A414F-528C-4664-ADE2-865CD6AD7A49}"= UDP:9420:Akamai NetSession Interface
"{12BDFFDB-CF87-4FF9-9D6A-E2FF1C35797A}"= TCP:5000:Akamai NetSession Interface
"{10D37B89-F089-4906-84EE-5C36593EE52A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.exe
"{A14C9CA9-6D1B-44F4-B0EE-A56CD39CC418}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.exe
"{72570941-C915-4517-BDBA-19D2CBD4C137}"= UDP:9363:BitComet 9363 TCP
"{8F57DEA1-3EEB-4779-9F4A-498F38F0DF0B}"= TCP:9363:BitComet 9363 UDP
"{E927F776-68E0-45AE-B6BB-C252583AB7C1}"= UDP:9363:BitComet 9363 TCP
"{C602B008-0682-4C6D-AA1B-D43E27913584}"= TCP:9363:BitComet 9363 UDP
"{FAD56924-0642-466B-936D-42C6E52B5EFE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A2B105FD-C0F1-4FB3-8A29-5A3E2E13AA47}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {8B538F60-D6D5-46BA-835C-AF8A1DFF4D70},{D91B9C61-DC39-43E4-9811-9E801EA3C626}[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {8B538F60-D6D5-46BA-835C-AF8A1DFF4D70},{D91B9C61-DC39-43E4-9811-9E801EA3C626}[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:EarthlinkR1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080305.003\IDSvix86.sys [2008-03-06 261680]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.exe [2008-02-10 149352]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-06-13 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2007-05-29 23888]--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58968f16-a588-11dd-a318-001b24ef874c}]
\shell\AutoRun\command - F:\PortableVault.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8033b92e-fb77-11dd-8b41-001b24ef874c}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL F:\m.exe /s[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder2009-02-24 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Drak.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath ----- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 21:58:40
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2009-02-24 21:59:56
ComboFix-quarantined-files.txt 2009-02-25 02:59:52
ComboFix2.txt 2009-02-22 19:38:04Pre-Run: 81,210,798,080 bytes free
Post-Run: 81,243,131,904 bytes free372 --- E O F --- 2009-02-23 15:26:26
again thanks so much for all your help...
Any programs you recommend so this doesn't happen again??
0
Your java appears to be out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 11 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.Your computer appears to be clean
Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.Go to start> control panel> add/remove programs and uninstall these programs:
Hijack This
Malwarebytes
Kaspersky
You should keep AFT Cleaner and run it weekly.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link SpywareblasterJust download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
How is the computer operating?
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
