Tech Support Forum - View Single Post - Request for help, Dr. Watson Postmortem

You are viewing a conversation about Request for help, Dr. Watson Postmortem. To view the entire conversation, or to join in, click here: Thread: Request for help, Dr. Watson Postmortem

View Single Post
Old 12-07-2009, 02:26 PM  
Athlynne
Registered Member
 
Join Date: Nov 2009
Posts: 22
OS: Win XP



Log is below!

Also, I don't know if this is important, but the AT&T antivirus you had me remove still seems to be there. The icon for it is still on my taskbar and it's still listed (and refusing to be banished) from my add/remove programs screen.

Thank you again!

--------------------------------------------------------------

ComboFix 09-12-07.01 - Amber Gorby 12/07/2009 16:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.219 [GMT -5:00]
Running from: c:\documents and settings\Amber Gorby\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091207-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ipocysyp.bat
c:\documents and settings\Krista Gorby\Application Data\iniasd.txt
c:\documents and settings\Krista Gorby\Local Settings\Application Data\amyfonule.vbs
c:\documents and settings\Krista Gorby\Local Settings\Application Data\suxy.inf
c:\documents and settings\Krista Gorby\Local Settings\Temporary Internet Files\exim.dll
C:\p2hhr.bat
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-2738528725-3377773627-2742169642-1003
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\temp\tn3
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Fonts\acrsec.fon
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_105300.htm
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.htm
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_105300.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_1_0_449200.htm
c:\windows\system32\cache329\t_B_329_1_0_449600.htm
c:\windows\system32\cache329\t_B_329_1_0_454300.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_105300.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\comres(2)(2).dll
c:\windows\system32\ilicisoto.vbs
c:\windows\system32\JSvEffii.ini
c:\windows\system32\muzapp.exe
c:\windows\system32\olizezim.ini
c:\windows\system32\wEhiPqss.ini
c:\windows\system32\yjogah.vbs

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_SFX
-------\Legacy_SFXDRV
-------\Legacy_TDSSSERV.SYS
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 21:49 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-07 21:49 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-07 01:31 . 2009-12-07 01:31 1445888 ----a-w- c:\documents and settings\Amber Gorby\DesktopWinsockxpFix.exe
2009-12-07 01:30 . 2009-12-07 01:30 186368 ----a-w- c:\documents and settings\Amber Gorby\DesktopLSPFix.exe
2009-12-07 01:30 . 2009-12-07 01:30 36864 ----a-w- c:\documents and settings\Amber Gorby\DesktopSafeMSI.exe
2009-12-07 01:27 . 2009-12-07 01:27 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2009-12-07 01:27 . 2009-12-07 01:27 615688 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
2009-12-07 01:26 . 2009-12-07 01:27 357640 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2009-12-07 01:24 . 2009-12-07 01:26 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2009-12-07 01:09 . 2009-12-07 01:09 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-05 00:19 . 2009-12-07 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2009-12-02 20:18 . 2009-12-02 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-12-02 20:11 . 2009-12-02 20:11 -------- d-----w- c:\program files\Siber Systems
2009-12-01 19:45 . 2009-12-01 19:45 -------- d-----w- c:\program files\CCleaner
2009-11-29 19:31 . 2009-11-29 19:31 -------- d-----w- c:\program files\Webroot
2009-11-29 19:31 . 2009-11-29 19:31 -------- d-----w- c:\documents and settings\Amber Gorby\Application Data\Webroot
2009-11-29 19:23 . 2009-11-29 19:29 -------- d-----w- c:\documents and settings\Amber Gorby\Application Data\Lavasoft
2009-11-26 01:47 . 2009-11-26 01:47 -------- d-----w- c:\program files\MSXML 4.0
2009-11-26 01:06 . 2009-11-26 01:07 -------- d-----w- c:\program files\MKVtoolnix
2009-11-24 20:24 . 2009-11-24 20:24 152576 ----a-w- c:\documents and settings\Amber Gorby\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 18:28 . 2009-11-24 20:24 79488 ----a-w- c:\documents and settings\Amber Gorby\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-24 15:51 . 2009-11-24 15:51 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-24 15:51 . 2007-05-21 07:29 235648 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-11-24 15:51 . 2006-11-15 21:23 38144 ----a-r- c:\windows\system32\drivers\EAPPkt.sys
2009-11-24 15:51 . 2009-11-24 15:51 -------- d-----w- c:\windows\system32\RTL8187
2009-11-24 15:50 . 2009-11-24 15:50 -------- d-----w- c:\documents and settings\Amber Gorby\Application Data\InstallShield
2009-11-24 15:39 . 2009-11-24 15:39 -------- d-----w- c:\program files\IrfanView
2009-11-24 15:38 . 2009-11-24 15:38 -------- d-----w- c:\documents and settings\Krista Gorby\Local Settings\Application Data\SpiralfrogClient
2009-11-21 22:03 . 2009-11-24 15:52 -------- d-----w- c:\program files\REALTEK USB Wireless LAN Driver and Utility
2009-11-10 12:50 . 2009-11-10 12:50 1408800 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 06:55 . 2009-07-21 15:42 117760 ----a-w- c:\documents and settings\Krista Gorby\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-07 01:08 . 2009-09-10 15:05 -------- d-----w- c:\documents and settings\Krista Gorby\Application Data\mjusbsp
2009-12-07 01:08 . 2009-09-08 14:32 -------- d-----w- c:\documents and settings\Nancy Gorby\Application Data\mjusbsp
2009-12-07 01:08 . 2009-09-11 14:29 -------- d-----w- c:\documents and settings\finngorby\Application Data\mjusbsp
2009-12-03 18:03 . 2009-05-23 00:51 117760 ----a-w- c:\documents and settings\Amber Gorby\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-03 05:45 . 2007-12-31 23:21 -------- d-----w- c:\program files\WinAVI Video Capture
2009-12-03 05:41 . 2005-12-12 11:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 05:29 . 2009-06-10 02:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-03 05:29 . 2005-05-12 03:51 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 05:23 . 2009-06-10 02:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-02 16:20 . 2009-05-29 23:25 1 ----a-w- c:\documents and settings\Amber Gorby\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-01 19:49 . 2005-12-12 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-01 19:20 . 2009-05-22 20:59 -------- d-----w- c:\program files\LimeWire
2009-11-29 23:47 . 2008-09-16 21:05 -------- d-----w- c:\documents and settings\Amber Gorby\Application Data\LimeWire
2009-11-29 19:04 . 2008-11-28 20:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-24 23:54 . 2008-12-10 18:02 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-10 18:03 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-12-10 18:03 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-12-10 18:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-10 18:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-10 18:03 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-10 18:03 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-10 18:03 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-10 18:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 20:26 . 2005-05-12 03:39 -------- d-----w- c:\program files\Java
2009-11-21 22:04 . 2005-05-12 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-16 09:30 . 2009-10-14 17:55 -------- d-----w- c:\documents and settings\Krista Gorby\Application Data\LimeWire
2009-11-11 06:21 . 2005-10-07 00:36 7368 -c--a-w- c:\documents and settings\Krista Gorby\Application Data\wklnhst.dat
2009-11-10 12:51 . 2007-09-29 22:19 -------- d-----w- c:\documents and settings\Nancy Gorby\Application Data\Move Networks
2009-11-10 12:51 . 2009-08-06 09:40 127325 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Move Networks\uninstall.exe
2009-11-10 12:51 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-08 15:21 . 2008-05-29 04:47 22352 ----a-w- c:\documents and settings\Amber Gorby\Application Data\wklnhst.dat
2009-11-04 02:14 . 2009-11-04 02:14 -------- d-----w- c:\documents and settings\Nancy Gorby\Application Data\FCTB000060497
2009-11-04 02:13 . 2009-11-04 02:13 -------- d-----w- c:\documents and settings\finngorby\Application Data\FCTB000060497
2009-11-02 14:11 . 2005-05-12 03:51 -------- d-----w- c:\program files\MSN Encarta Plus
2009-11-02 06:00 . 2009-11-02 06:00 3584 ----a-r- c:\documents and settings\Krista Gorby\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-02 06:00 . 2009-11-02 06:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-11-02 05:59 . 2009-11-02 05:59 -------- d-----w- c:\program files\MSECACHE
2009-11-02 04:12 . 2009-11-02 04:12 593920 ----a-w- c:\documents and settings\Krista Gorby\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...190-0-main.dll
2009-11-02 04:11 . 2009-11-02 04:11 319488 ----a-w- c:\documents and settings\Krista Gorby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-11-01 14:50 . 2009-11-04 02:14 72551 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\FCTB000060497\Toolbar\Uninst.exe
2009-11-01 14:50 . 2009-11-04 02:14 1432576 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\FCTB000060497\Toolbar\Toolbar.dll
2009-11-01 14:50 . 2009-11-04 02:14 242688 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\FCTB000060497\Toolbar\Helper.dll
2009-11-01 14:50 . 2009-11-01 14:51 72551 ----a-w- c:\documents and settings\Krista Gorby\Application Data\FCTB000060497\Toolbar\Uninst.exe
2009-11-01 14:50 . 2009-11-01 14:51 1432576 ----a-w- c:\documents and settings\Krista Gorby\Application Data\FCTB000060497\Toolbar\Toolbar.dll
2009-11-01 14:50 . 2009-11-01 14:51 242688 ----a-w- c:\documents and settings\Krista Gorby\Application Data\FCTB000060497\Toolbar\Helper.dll
2009-11-01 14:50 . 2009-10-31 11:46 -------- d-----w- c:\program files\MyPoints Toolbar 2.0
2009-10-31 14:58 . 2009-10-31 11:59 -------- d-----w- c:\program files\AIM
2009-10-31 14:47 . 2009-10-31 14:47 -------- d-----w- c:\documents and settings\Amber Gorby\Application Data\FCTB000060497
2009-10-31 12:00 . 2009-10-31 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-10-31 11:59 . 2005-10-04 08:29 -------- d-----w- c:\program files\Common Files\AOL
2009-10-31 11:48 . 2009-10-31 11:48 -------- d-----w- c:\documents and settings\Krista Gorby\Application Data\FCTB000060497
2009-10-31 00:28 . 2009-10-31 00:28 -------- d-----w- c:\documents and settings\finngorby\Application Data\SUPERAntiSpyware.com
2009-10-30 15:36 . 2009-10-30 15:36 -------- d-----w- c:\program files\SpywareBlaster
2009-10-30 15:36 . 2009-10-30 15:36 -------- d-----w- c:\program files\Instant RAM Booster
2009-10-30 15:36 . 2007-05-25 20:23 -------- d--h--w- c:\documents and settings\Krista Gorby\Application Data\Move Networks
2009-10-30 15:36 . 2005-05-12 04:07 -------- d-----w- c:\program files\QuickTime
2009-10-13 02:31 . 2009-11-04 02:14 371200 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\FCTB000060497\Toolbar\RSSReader_plugin.dll
2009-10-13 02:31 . 2009-11-01 14:51 371200 ----a-w- c:\documents and settings\Krista Gorby\Application Data\FCTB000060497\Toolbar\RSSReader_plugin.dll
2009-10-11 09:17 . 2008-11-24 22:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 00:07 . 2009-10-07 00:07 17772 ----a-w- c:\windows\pynyxax.bin
2009-10-07 00:07 . 2009-10-07 00:07 17106 ----a-w- c:\program files\Common Files\habe.lib
2009-10-07 00:07 . 2009-10-07 00:07 10905 ----a-w- c:\documents and settings\Krista Gorby\Application Data\ecyqafoxeg.dll
2009-10-07 00:07 . 2009-10-07 00:07 10905 ----a-w- c:\documents and settings\Krista Gorby\Application Data\ecyqafoxeg.dll
2009-10-07 00:07 . 2009-10-07 00:07 10295 ----a-w- c:\program files\Common Files\inupy.com
2009-10-07 00:07 . 2009-10-07 00:07 15467 ----a-w- c:\documents and settings\Krista Gorby\Local Settings\Application Data\vavefadi.com
2009-10-07 00:07 . 2009-10-07 00:07 16696 ----a-w- c:\windows\lefoq.com
2009-10-05 22:00 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-05 22:00 . 2009-10-05 22:00 1407680 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-10-05 21:39 . 2009-10-05 21:39 64000 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-10-05 21:39 . 2009-10-05 21:39 52288 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-10-05 21:39 . 2009-10-05 21:39 50688 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-10-05 21:39 . 2009-10-05 21:39 114688 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-10-03 02:41 . 2009-11-04 02:14 290816 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\FCTB000060497\Toolbar\msgboxplugin.dll
2009-10-03 02:41 . 2009-11-01 14:51 290816 ----a-w- c:\documents and settings\Krista Gorby\Application Data\FCTB000060497\Toolbar\msgboxplugin.dll
2009-10-01 02:11 . 2009-11-04 02:14 399872 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\FCTB000060497\Toolbar\RadioPlugin.dll
2009-10-01 02:11 . 2009-11-01 14:51 399872 ----a-w- c:\documents and settings\Krista Gorby\Application Data\FCTB000060497\Toolbar\RadioPlugin.dll
2009-09-23 04:11 . 2009-09-23 04:10 17204720 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Real\Update\setup\rp\.exe
2009-09-23 04:10 . 2009-09-23 04:10 8406648 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-23 04:09 . 2009-09-23 04:08 10309448 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-23 04:06 . 2009-09-23 04:06 488968 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\Real\Update\setup\setup.exe
2009-09-11 14:30 . 2009-09-11 14:29 7621144 ---h--w- c:\documents and settings\finngorby\Application Data\mjusbsp\ar00000\upgrade.exe
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-05-25 19:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-05-25 19:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 23:32 . 2009-11-04 02:14 207360 ----a-w- c:\documents and settings\Nancy Gorby\Application Data\FCTB000060497\Toolbar\SearchComponent.dll
2009-09-08 23:32 . 2009-11-01 14:51 207360 ----a-w- c:\documents and settings\Krista Gorby\Application Data\FCTB000060497\Toolbar\SearchComponent.dll
2008-12-08 19:58 . 2008-12-08 19:58 1543089 -csh--w- c:\windows\system32\olizezim.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2009-11-01 14:50 1432576 ----a-w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-01 1432576]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-01 1432576]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-27 3660848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-29 2001648]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-06-28 3209728]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-02 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-10 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-15 132624]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK USB Wireless LAN Utility.lnk - c:\program files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2009-11-24 794624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-01 14:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-07-16 02:12 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2000-06-07 20:32 36864 ----a-w- c:\windows\system32\spool\drivers\w32x86\2\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"=
"c:\\Program Files\\Samsung\\Samsung Media Studio 5\\SMSTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Documents and Settings\\finngorby\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Nancy Gorby\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Krista Gorby\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/10/2008 1:03 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 4:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 4:22 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/10/2008 1:03 PM 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11/24/2009 10:51 AM 38144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/8/2008 11:31 AM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [3/22/2005 9:39 AM 200192]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [11/24/2009 10:51 AM 235648]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 4:22 PM 7408]
S1 cpqdap011;cpqdap011;c:\windows\system32\drivers\cpqdap011.sys --> c:\windows\system32\drivers\cpqdap011.sys [?]
S3 PentaxUsb;PENTAX Optio 60 on USB;c:\windows\system32\drivers\CoachUsb.sys [11/20/2005 5:30 AM 50976]
S3 PentaxVc;PENTAX Optio 60 Video Capture;c:\windows\system32\drivers\CoachVc.sys [11/20/2005 5:30 AM 44256]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
DPF: Jungle Gin by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/gin2/gin2-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
Notify-nnnnKCuT - nnnnKCuT.dll
MSConfigStartUp-Aim6 - c:\program files\Common Files\AOL\Launch\AOLLaunch.exe
MSConfigStartUp-Blubster - c:\program files\Blubster\blubster.exe
MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
MSConfigStartUp-SpiralFrog - c:\program files\SpiralFrog\Spiralfrog.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu
AddRemove-SBC Self Support Tool - c:\progra~1\SBCSEL~1\CustomUninstall.exe
AddRemove-SBC Yahoo! UMUninstaller - c:\program files\SBC Yahoo!\umuninst.exe
AddRemove-Xvid_is1 - c:\program files\Xvid\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\AMBERG~1\LOCALS~1\Temp\mc22.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,07,a3,88,32,90,0f,49,83,1e,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,07,a3,88,32,90,0f,49,83,1e,5e,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1396)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-12-07 17:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 22:14

Pre-Run: 27,119,136,768 bytes free
Post-Run: 27,127,607,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=9 Default=9 Failed=8 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 42C69495C39D80B964135AF30535CBA2
__________________
Athlynne is offline