|
|
rsmig29
new user
Reg'd: Sun
Posts: 4
Loc: Seattle, WA. USA
|
|
Anyhelp with this is appreciated. This is my ComboFix and HJT output:-
HJT output:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:24 PM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/?wl=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061205
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=10"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1208290891968
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10929 bytes
ComboFix:-
ComboFix 09-10-30.01 - Sarah 10/31/2009 17:29.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.433 [GMT -7:00]
Running from: c:\documents and settings\Sarah\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\program files\AlphaAV
c:\program files\Common
c:\program files\Common\_helper.sig
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\windows\desktop
c:\windows\desktop\Diva Starz(TM) CD-ROM.lnk
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\kb913800.exe
----- BITS: Possible infected sites -----
hxxp://getupdatesoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SFC
-------\Service_MyWebSearchService
-------\Service_sfc
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.
2009-10-31 07:53 . 2009-10-31 07:53 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-31 05:40 . 2009-10-31 05:40 -------- d-----w- c:\documents and settings\Sarah\Application Data\Malwarebytes
2009-10-31 05:40 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 05:40 . 2009-10-31 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 05:40 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 05:40 . 2009-10-31 05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 10:27 . 2009-10-29 10:27 -------- d-----w- c:\program files\Common Files\AlphaAVUninstall
2009-10-29 10:27 . 2009-10-29 10:27 351744 ----a-w- c:\windows\system32\IEaddonscontrol.dll
2009-10-19 01:40 . 2009-10-19 01:40 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-04 22:43 . 2009-10-04 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 00:42 . 2007-12-27 04:27 -------- d-----w- c:\documents and settings\Sarah\Application Data\WTablet
2009-10-29 10:34 . 2009-09-12 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-19 00:59 . 2009-04-27 07:34 -------- d-----w- c:\documents and settings\Sarah\Application Data\IMVU
2009-10-15 11:52 . 2008-10-27 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 11:48 . 2006-12-05 09:12 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 22:40 . 2008-09-10 23:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-04 22:40 . 2008-09-10 23:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-04 22:40 . 2008-09-10 23:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-04 22:36 . 2006-12-05 09:02 77096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 22:58 . 2007-01-08 19:39 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-18 22:58 . 2006-12-27 04:31 -------- d-----w- c:\documents and settings\Sarah\Application Data\Corel
2009-09-18 22:57 . 2007-01-08 19:39 88 --sh--r- c:\windows\system32\787441D491.sys
2009-09-12 07:17 . 2009-09-12 07:17 -------- d-----w- c:\program files\NOS
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 07:10 . 2008-09-10 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 02:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2005-08-16 10:40 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2008-09-22 21:34 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-07-31 02:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2005-08-16 10:18 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 68856]
"SmileboxTray"="c:\documents and settings\Sarah\Application Data\Smilebox\SmileboxTray.exe" [2009-03-30 254600]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-05 236544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-18 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SGPUpdater"="c:\program files\Search Guard PlusU\sgpUpdaters.exe" [2009-05-15 67456]
"FBSearch"="c:\program files\Search Guard Plus\SearchGuardPlus.exe" [2009-05-04 194432]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-5 24576]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2007-4-22 241664]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-04 22:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Sarah\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"seclogon"=2 (0x2)
"Spooler"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/10/2008 4:03 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/10/2008 4:03 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/10/2008 4:03 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/10/2008 4:03 PM 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/16/2005 3:18 AM 14336]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-11-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
2009-08-28 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2009-01-13 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com/?wl=true
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=x7a33J1OxtwcQ.SyPNJiEw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Sarah\Start Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
AddRemove-AlphaAV - c:\program files\AlphaAV\alpha.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 17:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?????????????????????????????????????????????
FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe?????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(1572)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\Tablet.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2009-11-01 17:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 00:49
Pre-Run: 19,335,675,904 bytes free
Post-Run: 20,577,751,040 bytes free
- - End Of File - - 9BF6195C44B820541A04FEF2F2161FCD
Thanks Much
Rick
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
Welcome to the Webuser forum. 
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
Folder::
c:\program files\Common Files\AlphaAVUninstall
c:\program files\Enigma Software Group\SpyHunter
c:\program files\Search Guard
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FBSearch"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
This will start ComboFix again.(it may ask you to reboot your computer)
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
 
When the only tool you own is a hammer, every problem begins to look like a nail. 
|
rsmig29
new user
Reg'd: Sun
Posts: 4
Loc: Seattle, WA. USA
|
|
Thanks for the quick response. I tried the steps outlined, and I can know access the Control Panel, Users, etc and the .MSIMG.32 dll error is also gone. Here are the files you requested..
ComboFix 09-10-30.01 - Sarah 11/01/2009 17:07.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.428 [GMT -8:00]
Running from: c:\documents and settings\Sarah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sarah\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Enigma Software Group\SpyHunter
c:\program files\Enigma Software Group\SpyHunter\akcmd.dat
c:\program files\Enigma Software Group\SpyHunter\AXList.txt
c:\program files\Enigma Software Group\SpyHunter\def.dat.bak
c:\program files\Enigma Software Group\SpyHunter\hosts.bak
c:\program files\Enigma Software Group\SpyHunter\key.dat
c:\program files\Enigma Software Group\SpyHunter\pr_support.log
c:\program files\Enigma Software Group\SpyHunter\Rollback\000000.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000001.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000002.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000003.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000004.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000005.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000006.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000007.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000008.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000009.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00000a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00000b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00000c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00000d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00000e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00000f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000010.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000011.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000012.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000013.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000014.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000015.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000016.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000017.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000018.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000019.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00001a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00001b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00001c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00001d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00001e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00001f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000020.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000021.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000022.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000023.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000024.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000025.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000026.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000027.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000028.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000029.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00002a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00002b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00002c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00002d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00002e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00002f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000030.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000031.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000032.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000033.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000034.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000035.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000036.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000037.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000038.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000039.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00003a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00003b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00003c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00003d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00003e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00003f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000040.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000041.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000042.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000043.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000044.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000045.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000046.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000047.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000048.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000049.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00004a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00004b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00004c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00004d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00004e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00004f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000050.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000051.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000052.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000053.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000054.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000055.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000056.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000057.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000058.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000059.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00005a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00005b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00005c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00005d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00005e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00005f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000060.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000061.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000062.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000063.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000064.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000065.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000066.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000067.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000068.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000069.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00006a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00006b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00006c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00006d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00006e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00006f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000070.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000071.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000072.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000073.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000074.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000075.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000076.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000077.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000078.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000079.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00007a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00007b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00007c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00007d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00007e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00007f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000080.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000081.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000082.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000083.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000084.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000085.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000086.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000087.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000088.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000089.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00008a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00008b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00008c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00008d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00008e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00008f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000090.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000091.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000092.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000093.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000094.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000095.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000096.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000097.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000098.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000099.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00009a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00009b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00009c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00009d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00009e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00009f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000a9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000aa.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ab.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ac.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ad.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ae.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000af.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000b9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ba.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000bb.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000bc.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000bd.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000be.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000bf.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000c9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ca.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000cb.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000cc.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000cd.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ce.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000cf.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000d9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000da.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000db.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000dc.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000dd.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000de.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000df.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000e9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ea.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000eb.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ec.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ed.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ee.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ef.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000f9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000fa.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000fb.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000fc.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000fd.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000fe.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0000ff.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000100.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000101.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000102.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000103.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000104.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000105.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000106.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000107.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000108.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000109.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00010a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00010b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00010c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00010d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00010e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00010f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000110.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000111.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000112.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000113.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000114.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000115.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000116.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000117.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000118.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000119.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00011a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00011b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00011c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00011d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00011e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00011f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000120.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000121.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000122.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000123.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000124.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000125.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000126.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000127.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000128.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000129.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00012a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00012b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00012c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00012d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00012e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00012f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000130.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000131.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000132.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000133.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000134.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000135.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000136.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000137.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000138.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000139.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00013a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00013b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00013c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00013d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00013e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00013f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000140.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000141.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000142.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000143.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000144.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000145.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000146.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000147.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000148.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000149.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00014a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00014b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00014c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00014d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00014e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00014f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000150.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000151.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000152.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000153.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000154.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000155.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000156.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000157.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000158.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000159.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00015a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00015b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00015c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00015d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00015e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00015f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000160.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000161.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000162.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000163.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000164.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000165.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000166.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000167.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000168.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000169.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00016a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00016b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00016c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00016d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00016e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00016f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000170.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000171.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000172.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000173.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000174.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000175.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000176.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000177.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000178.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000179.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00017a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00017b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00017c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00017d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00017e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00017f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000180.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000181.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000182.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000183.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000184.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000185.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000186.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000187.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000188.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000189.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00018a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00018b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00018c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00018d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00018e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00018f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000190.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000191.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000192.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000193.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000194.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000195.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000196.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000197.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000198.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000199.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00019a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00019b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00019c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00019d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00019e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00019f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001a9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001aa.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ab.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ac.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ad.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ae.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001af.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001b9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ba.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001bb.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001bc.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001bd.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001be.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001bf.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001c9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ca.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001cb.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001cc.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001cd.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ce.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001cf.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001d9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001da.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001db.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001dc.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001dd.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001de.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001df.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001e9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ea.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001eb.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ec.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ed.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ee.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ef.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f0.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f1.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f2.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f3.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f4.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f5.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f6.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f7.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f8.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001f9.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001fa.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001fb.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001fc.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001fd.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001fe.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0001ff.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000200.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000201.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000202.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000203.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000204.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000205.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000206.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000207.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000208.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000209.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00020a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00020b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00020c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00020d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00020e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00020f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000210.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000211.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000212.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000213.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000214.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000215.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000216.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000217.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000218.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000219.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00021a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00021b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00021c.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00021d.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00021e.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00021f.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000220.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000221.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000222.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000223.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000224.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000225.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000226.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000227.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000228.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\000229.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00022a.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\00022b.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\0x84.ecd
c:\program files\Enigma Software Group\SpyHunter\Rollback\rollback.dat
c:\program files\Enigma Software Group\SpyHunter\scan.log
c:\program files\Enigma Software Group\SpyHunter\spyhunter.log
c:\program files\Enigma Software Group\SpyHunter\support.log
.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.
2009-11-01 04:42 . 2009-11-01 06:25 -------- d-----w- c:\windows\system32\NtmsData
2009-11-01 03:22 . 2009-11-01 03:24 108712 ----a-w- C:\MGlogs.zip
2009-11-01 03:22 . 2009-11-01 03:24 -------- d-----w- C:\MGtools
2009-11-01 03:22 . 2009-11-01 03:22 2384067 ----a-w- C:\MGtools.exe
2009-11-01 03:12 . 2009-11-01 03:12 0 ----a-w- c:\documents and settings\Sarah\settings.dat
2009-11-01 02:02 . 2009-11-01 02:02 -------- d-----w- c:\program files\Trend Micro
2009-11-01 00:58 . 2009-11-01 00:58 -------- d-----w- c:\program files\CCleaner
2009-10-31 07:53 . 2009-10-31 07:53 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-31 05:40 . 2009-10-31 05:40 -------- d-----w- c:\documents and settings\Sarah\Application Data\Malwarebytes
2009-10-31 05:40 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 05:40 . 2009-10-31 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 05:40 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 05:40 . 2009-10-31 05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 01:40 . 2009-10-19 01:40 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-04 22:43 . 2009-10-04 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 04:12 . 2007-12-27 04:27 -------- d-----w- c:\documents and settings\Sarah\Application Data\WTablet
2009-11-01 01:44 . 2006-12-05 09:11 -------- d-----w- c:\program files\Google
2009-11-01 01:26 . 2009-04-01 18:45 -------- d-----w- c:\program files\Enigma Software Group
2009-11-01 01:25 . 2009-03-26 07:05 -------- d-----w- c:\program files\MySpace
2009-10-29 10:34 . 2009-09-12 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-19 00:59 . 2009-04-27 07:34 -------- d-----w- c:\documents and settings\Sarah\Application Data\IMVU
2009-10-15 11:52 . 2008-10-27 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 11:48 . 2006-12-05 09:12 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 22:40 . 2008-09-10 23:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-04 22:40 . 2008-09-10 23:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-04 22:40 . 2008-09-10 23:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-04 22:36 . 2006-12-05 09:02 77096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 22:58 . 2007-01-08 19:39 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-18 22:58 . 2006-12-27 04:31 -------- d-----w- c:\documents and settings\Sarah\Application Data\Corel
2009-09-18 22:57 . 2007-01-08 19:39 88 --sh--r- c:\windows\system32\787441D491.sys
2009-09-12 07:17 . 2009-09-12 07:17 -------- d-----w- c:\program files\NOS
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 07:10 . 2008-09-10 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-08-16 10:18 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 02:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2005-08-16 10:40 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2008-09-22 21:34 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-07-31 02:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2005-08-16 10:18 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-11-01_04.12.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-16 10:18 . 2009-11-02 00:55 62434 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2009-11-01 04:00 62434 c:\windows\system32\perfc009.dat
+ 2005-08-16 10:18 . 2009-11-02 00:55 402994 c:\windows\system32\perfh009.dat
- 2005-08-16 10:18 . 2009-11-01 04:00 402994 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-18 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-5 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-04 22:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Sarah\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"seclogon"=2 (0x2)
"Spooler"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"lanmanserver"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/10/2008 3:03 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/10/2008 3:03 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/10/2008 3:03 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/10/2008 3:03 PM 297752]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/16/2005 2:18 AM 14336]
--- Other Services/Drivers In Memory ---
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-11-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com/?wl=true
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=x7a33J1OxtwcQ.SyPNJiEw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 17:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(888)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2009-11-02 17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 01:20
ComboFix2.txt 2009-11-01 02:26
Pre-Run: 21,014,315,008 bytes free
Post-Run: 20,986,793,984 bytes free
- - End Of File - - C39AD536043ACEBC4F1BD01FACF14300
***************************************************************************
Hijackthisfile.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:23 PM, on 11/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/?wl=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061205
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run:
|
rsmig29
new user
Reg'd: Sun
Posts: 4
Loc: Seattle, WA. USA
|
|
This is the rest of the HJT file:
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=10"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1208290891968
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9729 bytes
Thanks
Rick
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
that looks clean now, just some tidying up to do.
combofix cleanup.
Time for some housekeeping
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
[list] 
When shown the disclaimer, Select "2"[/list]
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.[/list]
Then :-
Download and scan with CCleaner - CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
rsmig29
new user
Reg'd: Sun
Posts: 4
Loc: Seattle, WA. USA
|
|
The computer is running great no issues at this time... I want to thank you very much for all your help.
Rick
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
Happy to help
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
