Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Main Problem: Cannot update windows or connect to download.microsoft.com

This is a discussion on Main Problem: Cannot update windows or connect to download.microsoft.com within the Resolved HJT Threads forums, part of the Tech Support Forum category. have been having a long running problem with not being able to connect to Microsoft downloads, and I cannot update


 
 
Thread Tools Search this Thread
Old 02-28-2010, 01:55 PM   #1
Guest
 
Join Date: Feb 2010
Posts: 7
OS:



have been having a long running problem with not being able to connect to Microsoft downloads, and I cannot update my computer. It been going on for about 6 months now, and I have tried many many trouble shooting steps, and cannot resolve the problem. I think there many be a virus or trojan that my avast cannot get rid of. I have some problems with redirecting on firefox, this problem used to be worse, but has gotten better since I got avast. But nothing I have tried has fixed my inability to update or connect to microsoft downloads.

DSS.txt

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jessie at 14:58:36.44 on Sun 02/28/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.872 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Jessie\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jessie\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.att.net
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
uRun: [googletalk] c:\users\jessie\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [BitTorrent DNA] "c:\users\jessie\program files\dna\btdna.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [AdobeUpdater6] "c:\program files\common files\adobe\updater6\Adobe_Updater.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [sealmon.exe] c:\program files\oracle\information rights management\desktop\sealmon.exe
mRun: [ATT_WCC] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ATT-SST_UninstallTracking] c:\users\jessie\appdata\local\temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InternetDownload_upgrade] "c:\program files\versalsoft\internetdownload\InternetDownload.exe" /upgrade
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download by VersalSoft Internet Download - c:\program files\versalsoft\internetdownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: hithere.com\n1
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: motive.com\patttbc.att
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.81,85.255.112.148
TCP: {80B01CAC-59E0-4D9F-84D4-91EF0C16BEA0} = 85.255.112.81,85.255.112.148
TCP: {D484235D-DB3F-4F6F-8A48-DCF851FA5A7B} = 85.255.112.81,85.255.112.148
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jessie\appdata\roaming\mozilla\firefox\profiles\n2fvambu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\jessie\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\jessie\appdata\roaming\mozilla\firefox\profiles\n2fvambu.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\users\jessie\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-14 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-14 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-14 352920]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2009-5-25 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2009-5-25 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2009-5-25 31104]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]

=============== Created Last 30 ================

2010-02-28 20:53:58 100 ----a-w- c:\windows\WININIT.INI
2010-02-28 20:31:33 0 d-----w- C:\VersalSoft
2010-02-28 20:31:24 0 d-----w- c:\program files\VersalSoft
2010-02-28 20:31:16 0 d-----w- c:\program files\Universal
2010-02-23 16:27:14 0 d-----w- c:\programdata\vsosdk
2010-02-23 15:35:17 87608 ----a-w- c:\users\jessie\appdata\roaming\inst.exe
2010-02-23 15:35:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-23 15:35:17 47360 ----a-w- c:\users\jessie\appdata\roaming\pcouffin.sys
2010-02-20 23:01:01 0 d-----w- c:\program files\The Weather Channel FW
2010-02-09 00:00:17 0 d-----w- C:\a439ef273cfb40d0de6692a17d
2010-02-08 23:56:53 0 d-----w- C:\fe93582669065099470e4901d5f9fc
2010-02-03 16:41:00 210065006 ----a-w- c:\windows\MEMORY.DMP

==================== Find3M ====================

2010-02-23 15:36:20 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-23 15:36:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-23 15:36:17 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-26 00:40:51 11084 ----a-w- c:\windows\system32\7z80steal25159.exe
2009-12-23 18:43:17 13953 ----a-w- c:\windows\system32\7595t5izf1755.exe
2009-12-20 00:29:54 17319 ----a-w- c:\windows\system32\9ze5backdoor1545.dll
2009-12-17 14:35:25 2546 ----a-w- c:\windows\system32\96faaddwzre3547.dll
2009-12-16 23:41:12 14674 ----a-w- c:\windows\system32\4295vir235z.exe
2009-12-16 00:05:25 17650 ----a-w- c:\windows\system32\28e5spywz5e1459.bin
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-13 21:07:59 14673 ----a-w- c:\windows\system32\z5885acktool69e.dll
2009-12-05 02:03:36 17181 ----a-w- c:\windows\system32\31957not-z-virus365.bin
2009-12-02 16:53:19 17810 ----a-w- c:\windows\system32\184z3s9y925.dll
2009-05-29 04:20:13 174 --sha-w- c:\program files\desktop.ini
2009-05-29 04:09:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-12 19:54:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071220090713\index.dat
2009-07-17 19:43:04 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-17 19:43:04 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-17 19:43:04 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:00:04.66 ===============
Attached Files
File Type: zip Attach.zip (2.6 KB, 18 views)
casidylee is offline  
Sponsored Links
Advertisement
 
Old 02-28-2010, 08:42 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------
  1. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.

    Link 1
    Link 2

    --------------------------------------------------------------------
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here

  3. Double click on ComFx.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.


    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-28-2010, 09:57 PM   #3
Guest
 
Join Date: Feb 2010
Posts: 7
OS:



Here is the comfx log. I wasn't sure if I should just copy and paste or attach. So I'll do both to be safe. =^.^=

ComboFix 10-02-27.04 - Jessie 02/28/2010 23:30:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1024 [GMT -6:00]
Running from: c:\users\Jessie\Desktop\comfx.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Jessie\AppData\Roaming\inst.exe
c:\windows\10106n5tza-virus3a19.dll
c:\windows\10263troj945z.dll
c:\windows\10459not-9-virus1z3.dll
c:\windows\10626nz9-a-vir5s15d.exe
c:\windows\107aadd9are215z.ocx
c:\windows\108355ot-a9vizus2d7.cpl
c:\windows\10858worm392z.ocx
c:\windows\10c5spyw9ze1900.dll
c:\windows\11145n95-a-viruz3c4.bin
c:\windows\11243h9ckt5oz2df.dll
c:\windows\12507not-a-virus2z69.exe
c:\windows\12537szambot99.bin
c:\windows\12595sp9z28.bin
c:\windows\12625tr9j389z.ocx
c:\windows\12699not-a-v5ru9za0.cpl
c:\windows\12805troz6629.ocx
c:\windows\12z45hacktool955.cpl
c:\windows\13815v5zus943.dll
c:\windows\14044sp95zf.ocx
c:\windows\140949pa5bot53z.cpl
c:\windows\145859ackzool395.bin
c:\windows\1495parsz1623.cpl
c:\windows\14z5th5eat19995.exe
c:\windows\15282hacktz9l4a5.exe
c:\windows\153019iruz700.exe
c:\windows\15569spa9bzt24b.dll
c:\windows\157z9wo9m2c0.bin
c:\windows\15972trojzc4.bin
c:\windows\163945zt-a-vi9us3e9.exe
c:\windows\16579tr9z354.exe
c:\windows\1659vzr949.cpl
c:\windows\1659worm5fz9.bin
c:\windows\167c5tzal492.exe
c:\windows\167hack95ol29z.dll
c:\windows\16900hackt5o914z.dll
c:\windows\17023vzrus9b5.bin
c:\windows\17552h9zktool651.bin
c:\windows\17790h5ckt9ol6za.dll
c:\windows\18452hackto9lz4e.cpl
c:\windows\1899stezl5937.exe
c:\windows\18z42v9ru56bc.ocx
c:\windows\19018wor591z.dll
c:\windows\194z6not-a-9irus585.dll
c:\windows\1955zspy5559.dll
c:\windows\19658spambzt3899.bin
c:\windows\19z18spambot559.bin
c:\windows\19z365r9j535.bin
c:\windows\19z39t9oj35d5.bin
c:\windows\1b5bazdw9re9.dll
c:\windows\1bc0szeal597.cpl
c:\windows\1d5a5pzware972.bin
c:\windows\1e64sz5r9e2914.bin
c:\windows\1edf59zrse1635.exe
c:\windows\1z22spa9se2557.dll
c:\windows\1z555hackt9ol53e.cpl
c:\windows\1z59th5ef890.exe
c:\windows\1z5spambo93e5.cpl
c:\windows\1z743tr591e0.bin
c:\windows\2085vzr2948.exe
c:\windows\216etz9eat47885.bin
c:\windows\21791not-a-viz5s96a.cpl
c:\windows\21995zp5589.ocx
c:\windows\22067ha5kt9ol80z.cpl
c:\windows\22759hackzoo53b3.exe
c:\windows\22971wor5ze6.cpl
c:\windows\22z87not-a-virus15c9.exe
c:\windows\231z9hief2495.exe
c:\windows\235409acktool33z.exe
c:\windows\23553spzmbot559.cpl
c:\windows\23679v9ru5169z.bin
c:\windows\23695worm95z.exe
c:\windows\23823nzt-a-vir592fa.exe
c:\windows\23897s5y678z.ocx
c:\windows\23c95hief7z1.ocx
c:\windows\23ecsp9wa5ez050.exe
c:\windows\240ba59dzor570.exe
c:\windows\2418viru59z.bin
c:\windows\2455stezl5379.bin
c:\windows\24599szy7c95.bin
c:\windows\24653h95kzool4ca.ocx
c:\windows\2481zpambo59b1.exe
c:\windows\24azteal9531.exe
c:\windows\2532zsp53cc9.ocx
c:\windows\25396szambo5496.dll
c:\windows\25447z95us77e.cpl
c:\windows\25541not-a-9irus2f2z.dll
c:\windows\257zv9r220.dll
c:\windows\25b0spywaze2897.ocx
c:\windows\26670wo5z19d.exe
c:\windows\26797haczto9ld85.cpl
c:\windows\270asp9zare16695.ocx
c:\windows\27313s9azbot4635.cpl
c:\windows\279365ot-9zvirus50b.dll
c:\windows\279bthrea9z8555.bin
c:\windows\27dfdow9loazer5697.dll
c:\windows\28152wozm597.bin
c:\windows\28654n5t-a-virus4z9.ocx
c:\windows\28945hack9ool4z.exe
c:\windows\28952not-a9vir5s4aez.ocx
c:\windows\29541virus64z.bin
c:\windows\29623wo5m4fz.ocx
c:\windows\29631vizus4e55.cpl
c:\windows\29695spy579z.bin
c:\windows\299bthizf1510.ocx
c:\windows\29a1szywa5e711.dll
c:\windows\29abthre9z206965.bin
c:\windows\2ae5szyware2955.cpl
c:\windows\2be4zp95se3195.dll
c:\windows\2d40z593250.dll
c:\windows\2eb6b9ckdoor592z.cpl
c:\windows\2f0359zef2700.ocx
c:\windows\2f65stezl892.bin
c:\windows\2f73bac9door584z.bin
c:\windows\2z321n5t-9-virus665.dll
c:\windows\2z523s9y460.exe
c:\windows\30137h5zktool395.bin
c:\windows\303919p5383z.bin
c:\windows\31068notza5virus4bd9.ocx
c:\windows\314z9ro5512.cpl
c:\windows\315z3spy5be9.dll
c:\windows\316669p5mbotz2.bin
c:\windows\3197th5zf194.ocx
c:\windows\32b9azd5are2669.cpl
c:\windows\32dz9ddware755.exe
c:\windows\33b5zteal15719.exe
c:\windows\33d9bac5door895z.ocx
c:\windows\345aaddware98z2.cpl
c:\windows\34b59hief1z52.cpl
c:\windows\34z5v5r1592.ocx
c:\windows\3509backdzor265.exe
c:\windows\3594szea92189.exe
c:\windows\3598h5c9tooz477.dll
c:\windows\3599spazse2478.ocx
c:\windows\3599spyware2z08.exe
c:\windows\35czbackd9or525.dll
c:\windows\35e5sz9al2903.dll
c:\windows\3659szyware2691.exe
c:\windows\3735addw5re2z69.exe
c:\windows\3752tzre9t3105.cpl
c:\windows\3759szarse355.bin
c:\windows\37z0downloade5399.exe
c:\windows\381fsz59se3029.exe
c:\windows\3957download9z3063.bin
c:\windows\3959wormza1.ocx
c:\windows\39659hizf256.exe
c:\windows\39aspyware195z.bin
c:\windows\39bezpyware8599.exe
c:\windows\39w95m4z2.exe
c:\windows\39z5thief1918.exe
c:\windows\39z9sparse2005.cpl
c:\windows\3a3abackzoo511409.exe
c:\windows\3a5a59wnloader2z83.exe
c:\windows\3b2zadd9are5108.cpl
c:\windows\3c3vi92547z.ocx
c:\windows\3cf4backdoor295z.ocx
c:\windows\3ebfzow5loader32709.bin
c:\windows\3ff2tzi5f879.exe
c:\windows\3z24vi910015.bin
c:\windows\3za9th5ef2981.dll
c:\windows\4059addw9rez33.bin
c:\windows\40739ownl5adzr1536.bin
c:\windows\41d5ownlozder1759.exe
c:\windows\42305acztool5ec9.dll
c:\windows\4242not-a9vzru54a3.bin
c:\windows\4265pz9bot54c.exe
c:\windows\4309hack5ool725z.exe
c:\windows\430zs5e9l2443.exe
c:\windows\4393vir5z5a7.exe
c:\windows\44a1th5zat20639.exe
c:\windows\4593zh59f1634.dll
c:\windows\4595bazkdoor265.bin
c:\windows\4599virz531.ocx
c:\windows\459dbackdzor1635.exe
c:\windows\45ecstezl981.ocx
c:\windows\45f3s9ezl2355.bin
c:\windows\46fzthie59451.dll
c:\windows\470avi549z.dll
c:\windows\47eczteal59.exe
c:\windows\4889zre5t23715.ocx
c:\windows\48efstza59339.exe
c:\windows\4955steaz58.cpl
c:\windows\49c6thr5at2z480.ocx
c:\windows\4b65zte59389.dll
c:\windows\4bezv5r19929.exe
c:\windows\4c25backzoo913005.exe
c:\windows\4c29tz5ef1227.cpl
c:\windows\4cc5s9arsz1415.cpl
c:\windows\4cd7downl9a5erz399.dll
c:\windows\4da9tz5eat417.ocx
c:\windows\4e51s9arze2833.cpl
c:\windows\4eafa5dwaze2529.cpl
c:\windows\4ez29ir5196.cpl
c:\windows\4f0cs5ea91z78.dll
c:\windows\4fd5downloazer589.ocx
c:\windows\4fz5vir2599.exe
c:\windows\4zdct9reat30645.exe
c:\windows\5020zspy49a.bin
c:\windows\5044z9ot-a-virus5c8.exe
c:\windows\5195bazkdo9r600.ocx
c:\windows\5196zspambot53d9.ocx
c:\windows\525b9p5rsez647.dll
c:\windows\529zspambot2989.bin
c:\windows\52c8downloader958z.cpl
c:\windows\52z5yware2819.cpl
c:\windows\5319threat299z89.exe
c:\windows\534thief893z.dll
c:\windows\535zwo9m656.exe
c:\windows\5374addwa9e5z.exe
c:\windows\53bdaddza9e1039.bin
c:\windows\53dbbackdoor3z915.cpl
c:\windows\53z18hacktool398.ocx
c:\windows\5461ha9ktooz61e.bin
c:\windows\5555virus695z.dll
c:\windows\55609py2f0z.exe
c:\windows\55908worz956.ocx
c:\windows\55f39ddwaze3.ocx
c:\windows\55fzsp59are3123.cpl
c:\windows\565zdownloader955.exe
c:\windows\5697virzs1b5.cpl
c:\windows\5700wor924z.dll
c:\windows\5749ot-a-virzs6bd.cpl
c:\windows\576atzreat297935.bin
c:\windows\5799ste5l2z70.cpl
c:\windows\581worm5zc9.exe
c:\windows\5858backd9or274z.dll
c:\windows\58a4add9zre2905.dll
c:\windows\58bavzr2392.bin
c:\windows\58da9azkdoo5218.exe
c:\windows\58z49spy39d.dll
c:\windows\5918bzckdoo93145.dll
c:\windows\59195virus79z.dll
c:\windows\5927vz51579.cpl
c:\windows\595cspar5e575z.cpl
c:\windows\5978backzoor904.exe
c:\windows\5989thiez437.bin
c:\windows\5989wzrm555.ocx
c:\windows\59a55hzeat30439.exe
c:\windows\59a8viz1709.dll
c:\windows\59acspywaze2931.dll
c:\windows\59c7t5iez724.exe
c:\windows\5a0bad5ware3095z.cpl
c:\windows\5a1cbazkdo9r1695.exe
c:\windows\5a9b95reat5z28.ocx
c:\windows\5az1s9arse961.exe
c:\windows\5az5a9dware16305.dll
c:\windows\5ba8thrz9t7708.exe
c:\windows\5c22s9arse215z.exe
c:\windows\5d37thzef295.bin
c:\windows\5da35ack9oorz079.bin
c:\windows\5dc7zhief659.cpl
c:\windows\5e0fs5zrse19099.dll
c:\windows\5e3aa9dwar51z42.cpl
c:\windows\5e95zir933.cpl
c:\windows\5ez9steal2516.cpl
c:\windows\5f98z9ief3253.ocx
c:\windows\5fa9sp95sz1314.bin
c:\windows\5fe5vir9z775.cpl
c:\windows\5z0ethre9t10075.dll
c:\windows\5z19thief1599.ocx
c:\windows\5z57sp9mbo54bf.bin
c:\windows\5z599spyc2.bin
c:\windows\5z59thief621.cpl
c:\windows\5z832not-a-vir9s7b.ocx
c:\windows\5z99thief9195.dll
c:\windows\5zaespa59e863.cpl
c:\windows\60015a9ktooz5dd.exe
c:\windows\61ceste59z54.dll
c:\windows\646avir6z59.exe
c:\windows\656fbzckd9or1735.exe
c:\windows\65c4v9z2695.exe
c:\windows\6692zorm73c5.cpl
c:\windows\68349h5zf2131.bin
c:\windows\695caddwzre2947.bin
c:\windows\695fbackdoor3z94.ocx
c:\windows\6970adzwar5978.bin
c:\windows\69b7backdoo5979z.dll
c:\windows\69z0a5dware30519.exe
c:\windows\6a55vzr2995.bin
c:\windows\6b1sp9rse5z4.ocx
c:\windows\6b3e5ackdoor3992z.bin
c:\windows\6c91add5are14z5.ocx
c:\windows\6db7thi5z998.dll
c:\windows\6df0add5are96z1.exe
c:\windows\6f89threa512z019.exe
c:\windows\6z51backdoor3059.dll
c:\windows\70zno9-a-virus15.cpl
c:\windows\7157dzwnloader9541.exe
c:\windows\73295parsez319.ocx
c:\windows\7482ad9ware308z5.exe
c:\windows\74zd9ddware65.bin
c:\windows\7559hacztoo971.cpl
c:\windows\7595thi5f3z9.ocx
c:\windows\7690bzck5o9r2103.exe
c:\windows\7858vir197z.dll
c:\windows\7899tro962z5.bin
c:\windows\790c9zckdoor16755.ocx
c:\windows\797b5ozn9oader11.cpl
c:\windows\79f85ddware119z.bin
c:\windows\79zes59rse109.cpl
c:\windows\7c06spazse19465.cpl
c:\windows\7eb5addwzr53098.cpl
c:\windows\7z40t5reat10693.cpl
c:\windows\8395vizus698.ocx
c:\windows\8504tr9jz7f.bin
c:\windows\8652z9rus455.dll
c:\windows\8z65spy95f.bin
c:\windows\9016worm658z.bin
c:\windows\902not-z5virus6d5.bin
c:\windows\90fdspywz5e548.cpl
c:\windows\91214viruz405.bin
c:\windows\9234virus531z.bin
c:\windows\9505virus119z.exe
c:\windows\9506vzr411.cpl
c:\windows\950825pambotz9a.ocx
c:\windows\9517virz5630.exe
c:\windows\95195pamzot103.bin
c:\windows\952dsparsez959.bin
c:\windows\9575viruz2cd.cpl
c:\windows\959downloader39z8.exe
c:\windows\95b2zhief55.bin
c:\windows\95dzir985.exe
c:\windows\95z0troj49e.exe
c:\windows\96595irusf6z.cpl
c:\windows\96z6down5oader1832.exe
c:\windows\9702tzoj4e5.exe
c:\windows\97064zirus65.exe
c:\windows\971s9azbot455.exe
c:\windows\9778wo5m46z.dll
c:\windows\97988w5rm41z.bin
c:\windows\9855zacktool578.ocx
c:\windows\98c5sparze1108.bin
c:\windows\98c5thizf534.cpl
c:\windows\9909vir5sze.dll
c:\windows\99483w5rm3eaz.cpl
c:\windows\9975tzoj357.exe
c:\windows\999345iruz4b2.ocx
c:\windows\9999downloadz5332.dll
c:\windows\999bvz53237.dll
c:\windows\9b8zspy5are1074.cpl
c:\windows\9b95szarse214.bin
c:\windows\9bczvir2851.ocx
c:\windows\9cbthr95z19930.dll
c:\windows\9d5addware5z72.ocx
c:\windows\9z58w9rm206.bin
c:\windows\9z59steal1025.bin
c:\windows\9z70virus52a.dll
c:\windows\9z89hr5at1414.bin
c:\windows\a139p5rze395.bin
c:\windows\c09thr5at20z15.dll
c:\windows\d7dtzreat30095.cpl
c:\windows\d7ethzeat169205.bin
c:\windows\e45sp5warz1529.cpl
c:\windows\e59downzoader17309.exe
c:\windows\f5espywarz941.ocx
c:\windows\patchw.dll
c:\windows\system32\1095z9pambot514.bin
c:\windows\system32\10984szam59t3ea.dll
c:\windows\system32\11149vz9us1ce5.bin
c:\windows\system32\11499s5z98f.ocx
c:\windows\system32\11575szy296.dll
c:\windows\system32\11589zrus7155.cpl
c:\windows\system32\1200zvirus695.cpl
c:\windows\system32\1207v9519z.ocx
c:\windows\system32\124925acktooz294.exe
c:\windows\system32\1356spyware12z9.bin
c:\windows\system32\14429hacztool2995.ocx
c:\windows\system32\14562no9-z-virus38e.ocx
c:\windows\system32\14d55hr9at161z9.ocx
c:\windows\system32\15099not5a-viruz9ae.bin
c:\windows\system32\1539s5y46z.ocx
c:\windows\system32\154199ot-a5vizus178.ocx
c:\windows\system32\1549zdd9are1005.bin
c:\windows\system32\158z9spy68e.cpl
c:\windows\system32\159z0troj4ec.exe
c:\windows\system32\16283z5oj63a9.dll
c:\windows\system32\16385hz9f1297.bin
c:\windows\system32\165virz956.bin
c:\windows\system32\1697szeal2355.cpl
c:\windows\system32\16bzaddwar59056.dll
c:\windows\system32\16c9thre5z729.cpl
c:\windows\system32\1725stez91576.exe
c:\windows\system32\173spz59e2053.exe
c:\windows\system32\17f5zpyware9536.ocx
c:\windows\system32\184z3s9y925.dll
c:\windows\system32\18589worm599z.cpl
c:\windows\system32\18654hackt9o5z31.dll
c:\windows\system32\18934haczto9l6035.dll
c:\windows\system32\189z5s5amb9tdf.exe
c:\windows\system32\191zt5ief1702.bin
c:\windows\system32\19285ot-a-virus293z.bin
c:\windows\system32\192bvi5z104.exe
c:\windows\system32\1950backdoor1770z.ocx
c:\windows\system32\1955ba9kdooz2.ocx
c:\windows\system32\196535ot-a-vzrus4d8.exe
c:\windows\system32\1974vir576z.dll
c:\windows\system32\1995ztr5j7cd.exe
c:\windows\system32\19athzeat25139.exe
c:\windows\system32\19c0addzare2509.exe
c:\windows\system32\1c9do5nloazer155.dll
c:\windows\system32\1d21thief995z.bin
c:\windows\system32\1d89spywzr513589.bin
c:\windows\system32\1e795ackdoo928z.bin
c:\windows\system32\1ez5st59l595.ocx
c:\windows\system32\1z308spam9o554b.dll
c:\windows\system32\1z3989irus257.exe
c:\windows\system32\1z5795pambo95fd.ocx
c:\windows\system32\1z95troj18d.bin
c:\windows\system32\1zf0ba9kd5or2137.dll
c:\windows\system32\20001szy195.dll
c:\windows\system32\2032downloa9e53147z.ocx
c:\windows\system32\20515vzrus9e.cpl
c:\windows\system32\2076sparze15289.dll
c:\windows\system32\209z59orm12e.dll
c:\windows\system32\212255pz6e9.cpl
c:\windows\system32\2139995rm3z7.dll
c:\windows\system32\2191szarse435.cpl
c:\windows\system32\222fadzw9r5783.cpl
c:\windows\system32\22z54wor525e9.exe
c:\windows\system32\22zat9reat51845.ocx
c:\windows\system32\2330059rm5z1.cpl
c:\windows\system32\23496wor5z51.dll
c:\windows\system32\23590zpambot3f5.cpl
c:\windows\system32\23593zot-a-vi9us540.bin
c:\windows\system32\23959spazbot1b69.ocx
c:\windows\system32\23974zirus35e9.cpl
c:\windows\system32\23c9bac5doorz472.bin
c:\windows\system32\23d1t9zef1558.exe
c:\windows\system32\24385worm7z9.exe
c:\windows\system32\2489addware1z59.bin
c:\windows\system32\24z90w5rm21d.dll
c:\windows\system32\25353spzmbot349.cpl
c:\windows\system32\2593vizus3925.bin
c:\windows\system32\25982spamboz549.ocx
c:\windows\system32\25c7steaz9555.cpl
c:\windows\system32\26596s5y9bz.cpl
c:\windows\system32\26599orm52z.dll
c:\windows\system32\2659thr5at179z8.cpl
c:\windows\system32\27555zir9sd35.bin
c:\windows\system32\27805n9t-a-virzs7d55.ocx
c:\windows\system32\280z0sp5mbot99.bin
c:\windows\system32\2841vir9528z.exe
c:\windows\system32\28998h5cktool41z.cpl
c:\windows\system32\28e5spywz5e1459.bin
c:\windows\system32\28zwo59751.exe
c:\windows\system32\2901zhief5055.cpl
c:\windows\system32\29231not-a-vz5us282.bin
c:\windows\system32\292609z544.exe
c:\windows\system32\2929zw5r929b.cpl
c:\windows\system32\29311ha5ztool95.bin
c:\windows\system32\294a5pywaz91619.exe
c:\windows\system32\29569zr9j340.cpl
c:\windows\system32\297269or55ze.dll
c:\windows\system32\298809pzmbot7c5.dll
c:\windows\system32\29951spy75az.cpl
c:\windows\system32\29b5down5zader559.cpl
c:\windows\system32\2bzfthrea927522.ocx
c:\windows\system32\2c12szeal29565.exe
c:\windows\system32\2c93spyw5re29z9.ocx
c:\windows\system32\2cb7s5ywar91z20.ocx
c:\windows\system32\2cb9d5wnloader246z.bin
c:\windows\system32\2d8ab5czdo9r1897.dll
c:\windows\system32\2e119hzeat140825.bin
c:\windows\system32\2e2as5ywa9ez419.cpl
c:\windows\system32\2fczback59or588.cpl
c:\windows\system32\2z316vi5us23b9.cpl
c:\windows\system32\2z453sp9695.exe
c:\windows\system32\2z95b5ckdoor1914.exe
c:\windows\system32\2ze5backdoo92066.dll
c:\windows\system32\2zf059r357.cpl
c:\windows\system32\2zf69ir17545.ocx
c:\windows\system32\30464spz9bot513.exe
c:\windows\system32\30735szambot6f09.ocx
c:\windows\system32\3101virzs95e5.bin
c:\windows\system32\31143zot-a-vi5us89.dll
c:\windows\system32\31265spa9zot215.dll
c:\windows\system32\3132adz59re1933.dll
c:\windows\system32\31957not-z-virus365.bin
c:\windows\system32\31995ziru57fd.ocx
c:\windows\system32\31zc5pyware1939.cpl
c:\windows\system32\33z3add9are21505.exe
c:\windows\system32\3445hief99z1.bin
c:\windows\system32\349z5teal1238.ocx
c:\windows\system32\3545spywa9e14z0.cpl
c:\windows\system32\355z3tro963.cpl
c:\windows\system32\35959pam5otz83.dll
c:\windows\system32\359cvirz8.exe
c:\windows\system32\36f45za9se43.dll
c:\windows\system32\3823vi9zs7c5.dll
c:\windows\system32\3877do5nloader9228z.dll
c:\windows\system32\390z6worm157.dll
c:\windows\system32\3958zddware1890.exe
c:\windows\system32\3959ztroj143.exe
c:\windows\system32\396e9tza51128.cpl
c:\windows\system32\3987back5oor21z.bin
c:\windows\system32\39bbbac5door1z44.cpl
c:\windows\system32\3b32dowzl9ader12345.cpl
c:\windows\system32\3b3c9pywa5ez776.dll
c:\windows\system32\3b4za5dware7399.bin
c:\windows\system32\3b9zbackdoor5565.ocx
c:\windows\system32\3bb4backdzor9514.dll
c:\windows\system32\3bzcv9r513.bin
c:\windows\system32\3d2z9pywa5e1962.dll
c:\windows\system32\3e8bbackdoz95272.cpl
c:\windows\system32\3ez5ste9l14125.bin
c:\windows\system32\3z39threat59296.cpl
c:\windows\system32\3z4345pa9bot4ba.ocx
c:\windows\system32\408evirz509.ocx
c:\windows\system32\40ezsp9rs51313.ocx
c:\windows\system32\4224s5y9z6.dll
c:\windows\system32\4279add5are317z.cpl
c:\windows\system32\4295vir235z.exe
c:\windows\system32\42z95dware2496.exe
c:\windows\system32\4335ziru55539.exe
c:\windows\system32\434bbackd5o97z0.ocx
c:\windows\system32\44965zy328.bin
c:\windows\system32\4576v5r92z.bin
c:\windows\system32\45b0backdo9rz47.exe
c:\windows\system32\45espywarz1991.bin
c:\windows\system32\4647tr5z95c.bin
c:\windows\system32\4655dow9zoader1451.cpl
c:\windows\system32\467csparsz23519.bin
c:\windows\system32\4719thiz5165.dll
c:\windows\system32\47b9baczdoor945.exe
c:\windows\system32\4911downzoa59r506.exe
c:\windows\system32\4945spy6z5.ocx
c:\windows\system32\494bstezl2355.cpl
c:\windows\system32\49b59pyzare3102.bin
c:\windows\system32\4b59backdoor473z.cpl
c:\windows\system32\4c5zpa9se2189.dll
c:\windows\system32\4e49backdo5r58z.bin
c:\windows\system32\4eczthre5t9241.ocx
c:\windows\system32\4f95thzeat2016.exe
c:\windows\system32\4fa89z5al2236.cpl
c:\windows\system32\4fd8dz5nloade9994.bin
c:\windows\system32\4z0esteal9475.dll
c:\windows\system32\4z735teal15209.exe
c:\windows\system32\500f9parse33z.exe
c:\windows\system32\5078addware69z.bin
c:\windows\system32\50c4downloadzr3219.exe
c:\windows\system32\51593spambot2cz.exe
c:\windows\system32\51e5spa95e1z67.ocx
c:\windows\system32\522zaddwar9410.cpl
c:\windows\system32\52419i57z9.bin
c:\windows\system32\533zaddw9r53064.dll
c:\windows\system32\5399thiz51275.cpl
c:\windows\system32\539cthiefz6729.ocx
c:\windows\system32\542d5zywa9e228.exe
c:\windows\system32\5459s9yz4d.dll
c:\windows\system32\545vz92832.cpl
c:\windows\system32\5519tzoj247.dll
c:\windows\system32\551ba9d5arz578.dll
c:\windows\system32\55831spambzt1e9.exe
c:\windows\system32\55aaa5dw9rez706.cpl
c:\windows\system32\55addoz9loader999.cpl
c:\windows\system32\55b19hief2127z.exe
c:\windows\system32\55c3th5ef9716z.bin
c:\windows\system32\55fdthiez32699.cpl
c:\windows\system32\5640zo9m172.dll
c:\windows\system32\5729hack9ool5z5.cpl
c:\windows\system32\5729wozmed.dll
c:\windows\system32\5787hacktool1za9.bin
c:\windows\system32\579sp5rsez56.bin
c:\windows\system32\581z6vi9us58.exe
c:\windows\system32\58ecba5kdozr1399.cpl
c:\windows\system32\5926thief279z.ocx
c:\windows\system32\5929virus7b6z.cpl
c:\windows\system32\5971tzreat161469.exe
c:\windows\system32\59e2dzwnload9r2458.dll
c:\windows\system32\59z9troj293.exe
c:\windows\system32\59zt5i9f2610.bin
c:\windows\system32\5azaba5kdoo9889.exe
c:\windows\system32\5d18steal22z9.dll
c:\windows\system32\5d92virz58.bin
c:\windows\system32\5deathzeat679.ocx
c:\windows\system32\5f3ethzef2795.cpl
c:\windows\system32\5ffcstzal599.bin
c:\windows\system32\5z3049orm779.cpl
c:\windows\system32\5z49ba9kdoor258.dll
c:\windows\system32\6002s5azse1496.bin
c:\windows\system32\6007not-5-viruzef9.cpl
c:\windows\system32\605ebackdo5r9z5.ocx
c:\windows\system32\60z6addwar912635.cpl
c:\windows\system32\6147nzt-a-viru5392.cpl
c:\windows\system32\6239pam5oz6fa.cpl
c:\windows\system32\6295threat93z10.cpl
c:\windows\system32\6391spyz5d9.ocx
c:\windows\system32\64639zeal154.bin
c:\windows\system32\653a9aczdoor2253.cpl
c:\windows\system32\65f1doznloa5e9358.ocx
c:\windows\system32\669fspars5309z.ocx
c:\windows\system32\67355aczdo9r1810.dll
c:\windows\system32\67a7thr95z24252.cpl
c:\windows\system32\6841doz5loader1998.exe
c:\windows\system32\6959th5ef15z2.ocx
c:\windows\system32\6996ad5ware11z7.ocx
c:\windows\system32\699aspyware2527z.bin
c:\windows\system32\6azthreat5935.dll
c:\windows\system32\6bz6v9r3054.bin
c:\windows\system32\6c55downloz9er1742.cpl
c:\windows\system32\6c97steal2z85.cpl
c:\windows\system32\6e8bspy9aze1685.bin
c:\windows\system32\6edzspars51995.cpl
c:\windows\system32\6z22s5e9l1560.bin
c:\windows\system32\6z85thief14959.bin
c:\windows\system32\7072hac9tool575z.ocx
c:\windows\system32\7136sp5r9e6z.exe
c:\windows\system32\731zth59f1714.dll
c:\windows\system32\7329nz95a-virus100.ocx
c:\windows\system32\7459dowzloader420.exe
c:\windows\system32\745zvir9s15f.ocx
c:\windows\system32\747zth9eat22154.cpl
c:\windows\system32\750da9dware436z.cpl
c:\windows\system32\7561woz9109.cpl
c:\windows\system32\757fadzware9724.exe
c:\windows\system32\7595t5izf1755.exe
c:\windows\system32\759dzackdoor1291.exe
c:\windows\system32\75zevir2429.exe
c:\windows\system32\767zba9kdoor1950.dll
c:\windows\system32\76z55ack9ool6f3.ocx
c:\windows\system32\7739thi5z2197.ocx
c:\windows\system32\7746not-a-vi5zs9.ocx
c:\windows\system32\7905szyware2499.bin
c:\windows\system32\7910dzw5loader9084.bin
c:\windows\system32\7952wormzd6.ocx
c:\windows\system32\7953virus9zc.ocx
c:\windows\system32\7993spy5arz1164.bin
c:\windows\system32\79z4back5oor144.cpl
c:\windows\system32\7aa55ddzare2619.bin
c:\windows\system32\7d10down9zader5119.exe
c:\windows\system32\7ec5spazse4629.cpl
c:\windows\system32\7ee2spzrse32509.cpl
c:\windows\system32\7f819ddwarz3576.dll
c:\windows\system32\7fc9down5oader2435z.cpl
c:\windows\system32\7z0not-a9virus5cc.exe
c:\windows\system32\7z58thr9at25405.dll
c:\windows\system32\7z80steal25159.exe
c:\windows\system32\7z9av5r851.dll
c:\windows\system32\7zecspyware26795.cpl
c:\windows\system32\8473spa5bot9zf.exe
c:\windows\system32\8746trz5b39.exe
c:\windows\system32\8790trzj475.exe
c:\windows\system32\8920s5yzb9.bin
c:\windows\system32\8953w9rz605.cpl
c:\windows\system32\8z58spambot649.bin
c:\windows\system32\90564vi5usze5.bin
c:\windows\system32\90964worm1c5z.cpl
c:\windows\system32\90bbd5znloader2902.ocx
c:\windows\system32\90d3stz5l252.dll
c:\windows\system32\90z80troj4695.cpl
c:\windows\system32\92408not-a5virus34z.dll
c:\windows\system32\926z1spy5e5.ocx
c:\windows\system32\9284zviru558e.dll
c:\windows\system32\9433sparse5518z.bin
c:\windows\system32\94hackzo5l738.ocx
c:\windows\system32\955virusa5z.dll
c:\windows\system32\9562steal2z45.cpl
c:\windows\system32\9592virus109z.bin
c:\windows\system32\95bespyware13z35.dll
c:\windows\system32\960thizf5759.cpl
c:\windows\system32\96faaddwzre3547.dll
c:\windows\system32\97551spamboz729.cpl
c:\windows\system32\9831backdoorz519.dll
c:\windows\system32\985spazse519.ocx
c:\windows\system32\98861hackzoo529d.dll
c:\windows\system32\995z6worm2cb.bin
c:\windows\system32\99z05worm124.exe
c:\windows\system32\9dz9vir3095.exe
c:\windows\system32\9f25backd5or2622z.cpl
c:\windows\system32\9z96not-a-v5rus713.cpl
c:\windows\system32\9ze5backdoor1545.dll
c:\windows\system32\a4d9ir154z.cpl
c:\windows\system32\abd9p5rse318z.cpl
c:\windows\system32\afathzef15595.dll
c:\windows\system32\azcbackd5or1794.cpl
c:\windows\system32\b63vi91z795.bin
c:\windows\system32\d9es5arse7z5.ocx
c:\windows\system32\e1zspar5e21209.bin
c:\windows\system32\ebz9ow5loader1159.cpl
c:\windows\system32\ezd5hief14929.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\z0935t9oj9e.ocx
c:\windows\system32\z0df9pars51993.bin
c:\windows\system32\z10ba9dwar5533.ocx
c:\windows\system32\z1398hacktool3a5.ocx
c:\windows\system32\z14thi5f1719.dll
c:\windows\system32\z1d9thief3592.cpl
c:\windows\system32\z3250v9rus15f.ocx
c:\windows\system32\z3b5st9al555.cpl
c:\windows\system32\z4659vi5us263.bin
c:\windows\system32\z55085irus9a.bin
c:\windows\system32\z569spamb9t58c.exe
c:\windows\system32\z5885acktool69e.dll
c:\windows\system32\z5890spam9ot573.exe
c:\windows\system32\z58evir5964.exe
c:\windows\system32\z590worm399.bin
c:\windows\system32\z593hacktool5d.bin
c:\windows\system32\z6259h5cktool4d4.ocx
c:\windows\system32\z6f1down5oader9161.bin
c:\windows\system32\z76eba5k9oor3137.dll
c:\windows\system32\z8203ha5kto9l530.ocx
c:\windows\system32\z890hackt5ol7b9.bin
c:\windows\system32\z8aspywar5996.exe
c:\windows\system32\zbc3vir1529.dll
c:\windows\system32\zd51threat96859.cpl
c:\windows\system32\zd61v9r1005.ocx
c:\windows\system32\zf49threat24584.ocx
c:\windows\system32\zf99threat5995.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z09threat200625.ocx
c:\windows\z1875spy5239.cpl
c:\windows\z276downlo9der5880.dll
c:\windows\z299h5cktool5da.bin
c:\windows\z2a1spywa5e9195.bin
c:\windows\z43caddwa5e2059.bin
c:\windows\z446hacktoo548d9.cpl
c:\windows\z517sparse9585.cpl
c:\windows\z599virus9a9.dll
c:\windows\z5fsteal9505.ocx
c:\windows\z641n95-a-virus719.cpl
c:\windows\z7b1spywar5956.dll
c:\windows\z897ste5l3056.dll
c:\windows\z899vi53968.dll
c:\windows\z89s95al721.cpl
c:\windows\z97sp5mbot9e6.ocx
c:\windows\z985sparse1540.bin
c:\windows\z9893v5rus2bf.exe
c:\windows\z996th5ef144.dll
c:\windows\z9c8addw5re1589.exe
c:\windows\zab3t9reat8152.dll
c:\windows\zb2cthief9845.dll
c:\windows\zc03vir8159.exe
c:\windows\zc58steal809.cpl
c:\windows\zd5cvir2989.bin
c:\windows\zee9vir195.cpl
c:\windows\zf93s9arse19305.cpl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSIVXSERV.SYS
-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 05:39 . 2010-03-01 05:44 -------- d-----w- c:\users\Jessie\AppData\Local\temp
2010-03-01 05:39 . 2010-03-01 05:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-01 01:30 . 2010-03-01 05:28 -------- d-----w- c:\programdata\NOS
2010-03-01 01:30 . 2010-03-01 05:28 -------- d-----w- c:\program files\NOS
2010-03-01 01:23 . 2010-03-01 01:23 -------- d-----w- c:\windows\system32\Adobe
2010-02-28 20:31 . 2010-02-28 20:31 -------- d-----w- C:\VersalSoft
2010-02-28 20:31 . 2010-02-28 20:31 -------- d-----w- c:\program files\VersalSoft
2010-02-28 20:31 . 2010-02-28 20:31 -------- d-----w- c:\program files\Universal
2010-02-23 16:27 . 2010-02-23 16:27 -------- d-----w- c:\programdata\vsosdk
2010-02-23 15:35 . 2010-02-23 15:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-23 15:35 . 2010-02-28 20:51 -------- d-----w- c:\users\Jessie\AppData\Roaming\Vso
2010-02-20 23:01 . 2010-02-20 23:01 -------- d-----w- c:\program files\The Weather Channel FW
2010-02-20 23:00 . 2010-02-20 23:00 -------- d-----w- c:\users\Jessie\AppData\Local\The Weather Channel
2010-02-08 23:57 . 2010-02-08 23:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-08 23:56 . 2010-02-08 23:59 -------- d-----w- C:\fe93582669065099470e4901d5f9fc
2010-02-04 00:48 . 2010-02-04 00:48 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 05:40 . 2009-05-28 03:40 -------- d-----w- c:\users\Jessie\AppData\Roaming\DNA
2010-02-28 20:53 . 2009-08-13 04:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-28 20:51 . 2010-02-23 15:35 47360 ----a-w- c:\users\Jessie\AppData\Roaming\pcouffin.sys
2010-02-28 20:51 . 2010-02-23 15:35 47360 ----a-w- c:\users\Jessie\AppData\Roaming\pcouffin.sys
2010-02-27 03:09 . 2010-02-27 03:09 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-23 15:28 . 2009-05-28 03:40 -------- d-----w- c:\users\Jessie\AppData\Roaming\BitTorrent
2010-02-13 03:05 . 2010-02-13 02:48 154349936 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ CP_Guest_3148(4)_ver1 }\spore_dd_patch_all_v5_1.exe
2010-02-13 02:20 . 2009-11-08 07:29 -------- d-----w- c:\program files\Electronic Arts
2010-02-13 02:20 . 2009-05-25 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 00:49 . 2009-11-08 07:31 -------- d-----w- c:\programdata\Electronic Arts
2010-02-04 00:48 . 2010-02-04 00:49 38784 ----a-w- c:\users\Jessie\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airapp...pinstaller.exe
2010-02-04 00:48 . 2010-02-04 00:48 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airapp...pinstaller.exe
2010-01-23 05:56 . 2009-06-01 18:05 -------- d-----w- c:\program files\DivX
2010-01-23 05:55 . 2009-06-01 18:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-01 08:37 . 2009-09-27 20:53 -------- d-----w- c:\program files\ATTToolbar
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 23:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Jessie\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BitTorrent DNA"="c:\users\Jessie\Program Files\DNA\btdna.exe" [2009-11-17 323392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-24 2923192]
"Aim"="c:\program files\AIM\aim.exe" [2009-12-01 3951976]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-12-21 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-06 4423680]
"Skytel"="Skytel.exe" [2007-06-06 1822720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-03 835584]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-04-02 411768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2009-03-13 370952]
"ATT_WCC"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2007-12-04 1474048]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2007-12-04 1474048]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"InternetDownload_upgrade"="c:\program files\VersalSoft\InternetDownload\InternetDownload.exe" [2009-12-21 364544]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-04-23 22:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [8/14/2009 5:28 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [8/14/2009 5:28 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [8/14/2009 5:28 PM 53328]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [5/25/2009 3:12 PM 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [5/25/2009 3:12 PM 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [5/25/2009 3:34 PM 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [4/23/2007 12:29 PM 812544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-03-01 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download by VersalSoft Internet Download - c:\program files\VersalSoft\InternetDownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: hithere.com\n1
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\n2fvambu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\Jessie\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\n2fvambu.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\users\Jessie\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4259746663-2794309167-523774974-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,35,44,5c,c1,78,08,04,be,a0,da,7e,86,66,ee,d6,d6,65,fe,04,d7,
7c,77,39,eb,3d,fd,3b,f4,1b,2a,6b,66,62,c9,9d,1e,3c,84,2b,da,37,19,07,8f,50,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\vssvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-02-28 23:51:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-01 05:51

Pre-Run: 42,955,313,152 bytes free
Post-Run: 44,565,352,448 bytes free

- - End Of File - - 133388D7D455C36C2E6ACCB23B475346
Attached Files
File Type: txt comfxlog.txt (38.5 KB, 17 views)
casidylee is offline  
Sponsored Links
Advertisement
 
Old 02-28-2010, 10:01 PM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Pasting the logs will be just fine going forward, unless otherwise requested. Thanks for asking.

Can you update Windows now?

Next steps...

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-28-2010, 10:06 PM   #5
Guest
 
Join Date: Feb 2010
Posts: 7
OS:



Windows is updating! Its download SP2 right now. I am getting the malware program and will run it as well. Thank you so much. I'll post a log it needed.
casidylee is offline  
Old 03-01-2010, 08:49 AM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Yes, please post the log from Malwarebytes' Anti-Malware.

I was only seeking an answer to the question about updates. It's not always a good idea to perform Windows Updates until the machine is clean. However, many users are on automatic updates, so it may have just started on it's own, once we removed the malware blocking it.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-01-2010, 09:06 AM   #7
Guest
 
Join Date: Feb 2010
Posts: 7
OS:



I scanned last night with the Malware programe, it came out clean no infections. Here is the Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3808
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/1/2010 12:19:43 AM
mbam-log-2010-03-01 (00-19-43).txt

Scan type: Quick Scan
Objects scanned: 109018
Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
casidylee is offline  
Old 03-01-2010, 09:18 AM   #8
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Great!

A few more things to take care of

As mentioned in our preposting topic:

https://www.techsupportforum.com/f50/...lp-305963.html

Quote:
3. Uninstall the following via Add or Remove Programs in Control Panel:

  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.

P2P - I see you have P2P software ( BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

https://www.techsupportforum.com/f50/...ng-305923.html

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Uninstall a Program.

---------------------------------------------------------------------------------------------


Your Java is out of date.

Java(TM) 6 Update 15 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan. Vista users will need to right click on their IE shortcut, run as Administrator.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

---------------------------------------------------------------------------------------------

Also post new logs from DDS.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-01-2010, 11:32 AM   #9
Guest
 
Join Date: Feb 2010
Posts: 7
OS:



Scan Finished with 1 infection:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fb399ebbaf572e44a746e54cfd42e52d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-01 06:51:34
# local_time=2010-03-01 12:51:34 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=769 16775165 100 98 0 202828256 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 104072630 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=213180
# found=1
# cleaned=0
# scan_time=4392
C:\Qoobox\Quarantine\C\Windows\System32\24385worm7z9.exe.vir probably unknown STEALTH.POLY.CRYPT.TSR.DRIVER virus 00000000000000000000000000000000 I
casidylee is offline  
Old 03-01-2010, 11:37 AM   #10
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi -

That item is in ComboFix quarantine, which we'll deal with shortly.


Quote:
and also let me know how things are now.

---------------------------------------------------------------------------------------------

Also post new logs from DDS.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-01-2010, 11:45 AM   #11
Guest
 
Join Date: Feb 2010
Posts: 7
OS:



Okay, missed that part. Here is the new DDS.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jessie at 13:40:54.76 on Mon 03/01/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.837 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Jessie\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Jessie\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jessie\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.att.net
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
uRun: [googletalk] c:\users\jessie\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [BitTorrent DNA] "c:\users\jessie\program files\dna\btdna.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [sealmon.exe] c:\program files\oracle\information rights management\desktop\sealmon.exe
mRun: [ATT_WCC] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InternetDownload_upgrade] "c:\program files\versalsoft\internetdownload\InternetDownload.exe" /upgrade
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download by VersalSoft Internet Download - c:\program files\versalsoft\internetdownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: hithere.com\n1
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: motive.com\patttbc.att
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jessie\appdata\roaming\mozilla\firefox\profiles\n2fvambu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\jessie\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\jessie\appdata\roaming\mozilla\firefox\profiles\n2fvambu.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\users\jessie\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-14 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-14 138680]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2009-5-25 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2009-5-25 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2009-5-25 31104]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-14 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-14 352920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-5-26 21504]

=============== Created Last 30 ================

2010-03-01 17:33:13 0 d-----w- c:\program files\ESET
2010-03-01 17:18:24 0 d-----w- c:\programdata\Office Genuine Advantage
2010-03-01 17:09:43 0 d-----w- c:\program files\Windows Portable Devices
2010-03-01 17:09:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-01 17:08:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-01 17:00:32 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-03-01 16:59:30 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-01 16:59:30 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-01 16:59:30 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-01 16:54:12 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-01 16:54:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-01 16:54:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-01 16:41:46 0 d-----w- c:\program files\MSXML 4.0
2010-03-01 16:37:48 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-03-01 16:37:47 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-03-01 16:37:46 270848 ----a-w- c:\windows\system32\schannel.dll
2010-03-01 16:37:45 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-03-01 16:37:44 9728 ----a-w- c:\windows\system32\lsass.exe
2010-03-01 16:37:44 72704 ----a-w- c:\windows\system32\secur32.dll
2010-03-01 16:37:44 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-03-01 16:37:37 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-01 16:37:35 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-01 12:48:00 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-03-01 12:48:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-03-01 12:48:00 23552 ----a-w- c:\windows\system32\lpk.dll
2010-03-01 12:48:00 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-03-01 12:48:00 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-03-01 12:46:45 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-03-01 12:45:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-01 12:43:52 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-03-01 12:42:19 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-01 12:42:19 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-01 07:25:53 0 d-----w- c:\windows\system32\drivers\NSS
2010-03-01 07:25:53 0 d-----w- c:\programdata\Symantec
2010-03-01 07:25:53 0 d-----w- c:\programdata\Norton
2010-03-01 07:25:53 0 d-----w- c:\program files\Norton Security Scan
2010-03-01 07:25:47 0 d-----w- c:\programdata\NortonInstaller
2010-03-01 07:25:47 0 d-----w- c:\program files\NortonInstaller
2010-03-01 07:18:16 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-03-01 07:17:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-03-01 07:17:34 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-03-01 07:17:34 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-03-01 07:16:18 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-01 07:01:57 0 d-----w- c:\windows\system32\eu-ES
2010-03-01 07:01:57 0 d-----w- c:\windows\system32\ca-ES
2010-03-01 07:01:55 0 d-----w- c:\windows\system32\vi-VN
2010-03-01 06:42:34 0 d-----w- c:\windows\system32\EventProviders
2010-03-01 06:27:59 968192 ----a-w- c:\windows\system32\wcnwiz2.dll
2010-03-01 06:26:59 87040 ----a-w- c:\windows\system32\mssitlb.dll
2010-03-01 06:25:59 852992 ----a-w- c:\windows\system32\mcmde.dll
2010-03-01 06:24:59 9212 ----a-w- c:\windows\system32\RacUR.xml
2010-03-01 06:07:45 0 d-----w- c:\users\jessie\appdata\roaming\Malwarebytes
2010-03-01 06:07:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 06:07:38 0 d-----w- c:\programdata\Malwarebytes
2010-03-01 06:07:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 06:07:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 05:44:47 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-01 05:29:11 98816 ----a-w- c:\windows\sed.exe
2010-03-01 05:29:11 77312 ----a-w- c:\windows\MBR.exe
2010-03-01 05:29:11 261632 ----a-w- c:\windows\PEV.exe
2010-03-01 05:29:11 161792 ----a-w- c:\windows\SWREG.exe
2010-03-01 01:30:01 0 d-----w- c:\programdata\NOS
2010-03-01 01:23:45 0 d-----w- c:\windows\system32\Adobe
2010-02-28 20:53:58 100 ----a-w- c:\windows\WININIT.INI
2010-02-28 20:31:33 0 d-----w- C:\VersalSoft
2010-02-28 20:31:24 0 d-----w- c:\program files\VersalSoft
2010-02-28 20:31:16 0 d-----w- c:\program files\Universal
2010-02-23 16:27:14 0 d-----w- c:\programdata\vsosdk
2010-02-23 15:35:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-23 15:35:17 47360 ----a-w- c:\users\jessie\appdata\roaming\pcouffin.sys
2010-02-20 23:01:01 0 d-----w- c:\program files\The Weather Channel FW
2010-02-08 23:56:53 0 d-----w- C:\fe93582669065099470e4901d5f9fc
2010-02-03 16:41:00 301714606 ----a-w- c:\windows\MEMORY.DMP

==================== Find3M ====================

2010-03-01 17:09:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-01 17:09:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-01 17:09:32 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-01 17:09:32 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-01 06:49:49 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-18 13:01:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 11:44:23 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-05-29 04:20:13 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-12 19:54:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071220090713\index.dat

============= FINISH: 13:42:36.18 ===============
casidylee is offline  
Old 03-01-2010, 12:02 PM   #12
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



The other items Eset found are in ComboFix quarantine, and will be addressed by uninstalling ComboFix as instructed below.

Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.


Disconnect from the internet and disable your AntiVirus temporarily.

Press the Windows key + R -> in the Run box which opens -> copy/paste in the following single line command & click OK

ComboFix /Uninstall



This will uninstall ComboFix. It will also implement some cleanup procedures.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

After malware removal, it's a good idea to flush out existing, possibly infected System Restore points, and set a new clean point with which to go forward.

Clear & Reset System Restore's Cache
  • Press the Windows key + R
  • Type or copy/paste control sysdm.cpl,,4 & press Enter
  • Click on Continue
  • Under Automatic Restore points
    • Uncheck (untick) all the boxes under Create restore points automatically on the selected disks section.
    • Click Turn System Restore Off.
    • Click Apply

    Turn System Restore back on now.

  • Check (tick) all the boxes under Create restore points automatically on the selected disks section.
  • Click OK.

============================================

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update -

    To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - https://update.microsoft.com/ .

    This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • Scan here https://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

  • https://www.trillian.cc ? Trillian or https://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • https://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-01-2010, 12:18 PM   #13
Guest
 
Join Date: Feb 2010
Posts: 7
OS:



I have uninstalled combofix, as well as refreshing the system restore cache. Thank you so much for all the help! I am going to bookmark this page and look into all the programs you have provided. Thank you again, its nice to have my laptop running well again!
casidylee is offline  
Old 03-01-2010, 12:50 PM   #14
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Cheers! I'm glad to have helped.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:06 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts