cheddaboy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.1 (09.08.2015:1) OS: Windows 8.1 x64 Ran by Terry on Sun 09/13/2015 at 17:00:36.49 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 09/13/2015 at 17:02:04.50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.007 - Logfile created 13/09/2015 at 16:54:34 # Updated 08/09/2015 by Xplode # Database : 2015-09-10.1 [server] # Operating system : Windows 8.1 (x64) # Username : Terry - KITCHEN # Running from : C:\Users\Terry\Desktop\AdwCleaner (2).exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\{4B9BA358-1B19-72DE-AA9F-025C7A1DD1D2} [-] Folder Deleted : C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1} [-] Folder Deleted : C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp [!] Key Not Deleted : HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\AppDataLow\Software\adawarebp ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [1002 bytes] ########## HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : KITCHEN Windows . . . . . . . : 6.3.0.9600.X64/8 User name . . . . . . : KITCHEN\Terry UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-09-13 17:04:41 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 48 Objects scanned . . . : 1,725,694 Files scanned . . . . : 39,436 Remnants scanned . . : 375,711 files / 1,310,547 keys Suspicious files ____________________________________________________________ C:\Users\Terry\Desktop\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2,190,336 bytes Age . . . . . . . : 3.9 days (2015-09-09 20:15:38) Entropy . . . . . : 7.5 SHA-256 . . . . . : 18FE5FED416A8674D19B3735348EAF7AF9C27CF342AF5DA4968436294AC383F2 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Terry\Desktop\FRST64.exe Size . . . . . . . : 2,190,848 bytes Age . . . . . . . : 3.2 days (2015-09-10 13:04:16) Entropy . . . . . : 7.5 SHA-256 . . . . . : 91AEFEC0D643AED08373A2815CECC770BE3D25A576AE037FB409130FAA3D15CB Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\Terry\Desktop\FRST64.exe 1.6s C:\Users\Terry\Desktop\FRST-OlderVersion\ 6.2s C:\FRST\Logs\ct 6.2s C:\Users\Terry\Desktop\Fixlog.txt Cookies _____________________________________________________________________ C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.360yield.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adlegend.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.creative-serving.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pointroll.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pubmatic.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.smartstream.tv C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.stickyadstv.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.undertone.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.vidible.tv C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adserver.adreactor.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtech.de C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtechus.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:advertising.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ar.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:at.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atdmt.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:bs.serving-sys.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:burstnet.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:casalemedia.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:collective-media.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:dmtracker.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:fastclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:in.getclicky.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:kontera.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:media6degrees.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:mediaplex.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:msnbc.112.2o7.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:pointroll.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:questionmarket.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:revsci.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ru4.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:serving-sys.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:smartadserver.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stat.komoona.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statcounter.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stats.paypal.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statse.webtrendslive.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:survey.g.doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tacoda.at.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tribalfusion.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:www.burstnet.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:yellgroup.122.2o7.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:zedo.com HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : KITCHEN Windows . . . . . . . : 6.3.0.9600.X64/8 User name . . . . . . : KITCHEN\Terry UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-09-13 17:04:41 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 48 Objects scanned . . . : 1,725,694 Files scanned . . . . : 39,436 Remnants scanned . . : 375,711 files / 1,310,547 keys Suspicious files ____________________________________________________________ C:\Users\Terry\Desktop\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2,190,336 bytes Age . . . . . . . : 3.9 days (2015-09-09 20:15:38) Entropy . . . . . : 7.5 SHA-256 . . . . . : 18FE5FED416A8674D19B3735348EAF7AF9C27CF342AF5DA4968436294AC383F2 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Terry\Desktop\FRST64.exe Size . . . . . . . : 2,190,848 bytes Age . . . . . . . : 3.2 days (2015-09-10 13:04:16) Entropy . . . . . : 7.5 SHA-256 . . . . . : 91AEFEC0D643AED08373A2815CECC770BE3D25A576AE037FB409130FAA3D15CB Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\Terry\Desktop\FRST64.exe 1.6s C:\Users\Terry\Desktop\FRST-OlderVersion\ 6.2s C:\FRST\Logs\ct 6.2s C:\Users\Terry\Desktop\Fixlog.txt Cookies _____________________________________________________________________ C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.360yield.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adlegend.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.creative-serving.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pointroll.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pubmatic.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.smartstream.tv C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.stickyadstv.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.undertone.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.vidible.tv C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adserver.adreactor.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtech.de C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtechus.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:advertising.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ar.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:at.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atdmt.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:bs.serving-sys.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:burstnet.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:casalemedia.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:collective-media.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:dmtracker.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:fastclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:in.getclicky.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:kontera.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:media6degrees.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:mediaplex.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:msnbc.112.2o7.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:pointroll.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:questionmarket.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:revsci.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ru4.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:serving-sys.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:smartadserver.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stat.komoona.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statcounter.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stats.paypal.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statse.webtrendslive.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:survey.g.doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tacoda.at.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tribalfusion.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:www.burstnet.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:yellgroup.122.2o7.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:zedo.com

ComboFix 11-02-14.02 - Terry 02/15/2011 14:06:20.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.628 [GMT -6:00] Running from: c:\documents and settings\Terry\Desktop\schrauber.exe Command switches used :: c:\documents and settings\Terry\Desktop\CFScript.txt AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FILE :: "c:\windows\system32\620FA159.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\620FA159.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_620FA159 -------\Service_620FA159 ((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 ))))))))))))))))))))))))))))))) . 2011-02-15 05:15 . 2011-02-15 05:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-15 05:15 . 2011-02-15 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-02-14 18:06 . 2011-02-14 18:06 -------- d-----w- c:\documents and settings\Donald\Application Data\Inbox Toolbar 2011-02-14 18:06 . 2011-02-14 18:06 -------- d-----w- c:\documents and settings\Donald\Application Data\HPAppData 2011-02-14 16:56 . 2011-02-14 16:56 -------- d-----w- c:\documents and settings\Terry\Application Data\Malwarebytes 2011-02-14 16:45 . 2011-02-14 16:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2011-02-11 12:56 . 2011-02-11 12:57 -------- d-----w- c:\program files\Chronicles of Albian - The Magic Convention 2011-02-11 12:20 . 2011-02-11 12:21 -------- d-----w- c:\documents and settings\Donald\Application Data\Babylon 2011-02-11 04:07 . 2011-02-11 04:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SpookyManor 2011-02-11 01:34 . 2011-02-11 01:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Babylon 2011-02-11 01:29 . 2011-02-11 06:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylon 2011-02-11 00:19 . 2007-08-21 19:32 98304 ----a-w- c:\windows\system32\redmonnt.dll 2011-02-11 00:18 . 2011-02-14 04:49 -------- d-----w- c:\program files\FoxTabPDFConverter 2011-02-10 07:13 . 2011-02-11 07:18 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Temp 2011-02-07 22:28 . 2011-02-07 22:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Vogat Interactive 2011-02-06 02:01 . 2011-02-06 02:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Flood Light Games 2011-02-06 02:01 . 2011-02-06 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games 2011-02-06 01:34 . 2011-02-06 01:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Mystery of Mortlake Mansion 2011-02-05 07:03 . 2011-02-05 18:50 -------- d-----w- c:\program files\Microsoft Works 2011-02-05 07:02 . 2011-02-05 07:02 -------- d-----w- c:\program files\Microsoft.NET 2011-02-05 06:59 . 2011-02-05 06:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-02-05 06:59 . 2011-02-05 07:03 -------- d-----w- c:\windows\SHELLNEW 2011-02-05 06:54 . 2011-02-05 06:54 -------- d-----r- C:\MSOCache 2011-02-03 19:45 . 2011-02-03 19:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple 2011-02-03 07:10 . 2011-02-03 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software 2011-01-30 20:57 . 2011-01-30 20:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-01-30 06:33 . 2011-01-30 06:33 -------- d-----w- c:\documents and settings\Terry\Application Data\MyFamily.com 2011-01-27 17:31 . 2011-01-27 17:31 -------- d-----w- c:\program files\MSXML 4.0 2011-01-27 00:48 . 2011-01-27 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2011-01-27 00:48 . 2011-01-27 00:54 -------- d-----w- c:\documents and settings\Terry\Application Data\HP 2011-01-27 00:48 . 2011-01-27 00:48 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\HP 2011-01-27 00:47 . 2009-05-18 21:33 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2011-01-27 00:47 . 2009-05-18 21:33 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2011-01-27 00:46 . 2009-04-20 18:23 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll 2011-01-27 00:46 . 2009-06-01 23:35 452408 ----a-r- c:\windows\system32\hpzids01.dll 2011-01-27 00:46 . 2009-04-20 18:23 123904 ----a-w- c:\windows\system32\hpf3l70w.dll 2011-01-27 00:46 . 2009-05-18 21:33 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2011-01-27 00:46 . 2009-06-01 23:36 966656 ----a-r- c:\windows\system32\hpwtiop6.dll 2011-01-27 00:46 . 2009-06-01 23:36 716288 ----a-r- c:\windows\system32\hpwwiax7.dll 2011-01-27 00:46 . 2009-06-01 23:36 315392 ----a-r- c:\windows\system32\hpwvst01.dll 2011-01-27 00:46 . 2009-05-18 21:33 372736 ----a-r- c:\windows\system32\hppldcoi.dll 2011-01-27 00:42 . 2011-01-27 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2011-01-27 00:41 . 2011-01-27 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2011-01-27 00:40 . 2011-01-27 00:40 -------- d-----w- c:\program files\Common Files\HP 2011-01-27 00:40 . 2011-01-27 00:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2011-01-27 00:40 . 2011-01-27 00:40 -------- d-----w- c:\windows\hpoj4500g510a-f 2011-01-27 00:35 . 2011-01-27 00:44 -------- d-----w- c:\program files\HP 2011-01-24 23:56 . 2011-01-24 23:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Artifex Mundi 2011-01-24 01:22 . 2011-01-24 01:22 -------- d-----w- c:\documents and settings\Owner\Application Data\MasterThief 2011-01-23 15:45 . 2011-01-23 16:44 -------- d-----w- c:\program files\Millionaire Manor - The Hidden Object Show 2011-01-23 15:36 . 2011-01-23 15:36 -------- d-----w- c:\documents and settings\Owner\Application Data\World-Loom 2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll 2011-01-21 02:21 . 2011-01-21 02:29 -------- d-----w- c:\documents and settings\Ryan\Application Data\Inbox Toolbar 2011-01-21 02:20 . 2011-01-21 02:20 -------- d-----w- c:\documents and settings\Ryan\Application Data\NCH Swift Sound 2011-01-20 01:17 . 2011-01-20 01:17 -------- d-----w- c:\documents and settings\Terry\Application Data\ieSpell . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-28 05:09 . 2010-12-28 05:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-21 00:09 . 2010-08-27 20:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-08-27 20:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-03 09:05 . 2010-12-28 05:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-11-18 18:12 . 2010-01-29 09:19 81920 ----a-w- c:\windows\system32\isign32.dll 2010-06-05 00:34 . 2010-06-05 00:34 441 ----a-w- c:\program files\0604201019344103.bat . ((((((((((((((((((((((((((((( [email protected]_06.19.05 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-15 20:13 . 2009-10-07 06:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ffed9d8-942f-4384-aa29-d3bd083a346a}] 2011-01-14 09:42 60416 ----a-w- c:\program files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc1e426b-fa76-428f-b680-86ef1edb13c1}] 2011-01-14 09:42 702464 ----a-w- c:\progra~1\RETROG~2\bar\1.bin\2zbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{54ba686e-738f-42fe-badd-d8cb7cfbc07e}"= "c:\program files\Retrogamer_2z\bar\1.bin\2zbar.dll" [2011-01-14 702464] [HKEY_CLASSES_ROOT\clsid\{54ba686e-738f-42fe-badd-d8cb7cfbc07e}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}"= "c:\program files\Retrogamer_2z\bar\1.bin\2zbar.dll" [2011-01-14 702464] [HKEY_CLASSES_ROOT\clsid\{54ba686e-738f-42fe-badd-d8cb7cfbc07e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-29 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk backup=c:\windows\pss\IMVU.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\Terry\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Terry\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 14:01 136176 ----atw- c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Retrogamer_2z Browser Plugin Loader] 2011-01-14 09:42 27648 ----a-w- c:\progra~1\RETROG~2\bar\1.bin\2zbrmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection] 2010-07-05 15:12 544768 ----a-w- c:\program files\GamesBar\SearchEngineProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 21:28 577536 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate] 2010-05-20 05:32 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 21:21 246504 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-01-29 08:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2010-01-29 09:25 81920 -c--a-w- c:\windows\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] 2010-01-29 09:25 204800 -c--a-w- c:\windows\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor] 2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iWinTrusted"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"= "c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/27/2010 11:09 PM 64288] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/29/2010 1:27 AM 13696] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5/19/2010 11:32 PM 142592] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/15/2010 1:03 AM 88176] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 2:41 AM 135664] S2 Retrogamer_2zService;Retrogamer Service;c:\progra~1\RETROG~2\bar\1.bin\2zbarsvc.exe [1/14/2011 3:42 AM 36864] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 3:05 AM 1405384] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 3:05 AM 15232] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232] S3 Normandy;Normandy SR2; [x] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [1/29/2010 3:10 AM 85504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2011-02-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 12:55] 2011-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-10-22 c:\windows\Tasks\expressburnSevenDays.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-10-15 08:14] 2010-10-18 c:\windows\Tasks\expressburnShakeIcon.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-10-15 08:14] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:41] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:41] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 12:56] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 12:56] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1007Core.job - c:\documents and settings\Sommer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-07 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1007UA.job - c:\documents and settings\Sommer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-07 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1008Core.job - c:\documents and settings\Zach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-14 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1008UA.job - c:\documents and settings\Zach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-14 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1010Core.job - c:\documents and settings\Zach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-14 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1010UA.job - c:\documents and settings\Zach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-14 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1012Core.job - c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-10 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1012UA.job - c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-10 14:01] 2011-01-24 c:\windows\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-15 07:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Lookup on Merriam Webster IE: Lookup on Wikipedia IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://signature.edu:3535/activex/AMC.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-15 14:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(5028) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-02-15 14:24:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-15 20:24 ComboFix2.txt 2011-02-15 06:48 ComboFix3.txt 2011-02-15 06:21 Pre-Run: 141,006,573,568 bytes free Post-Run: 141,164,343,296 bytes free - - End Of File - - C8855B65B114351E4AC2C018E3B3F129

At this time, I am back up and running. How can I find out which files were bad, and where they were located? Thanks for the help.

Here's the ComboFix log from my account. I had to log in here as a different user, but I am the OP. I was able to run ComboFix from my account by going into My Computer, and pulling up the program from girlfriend's account. Here's the log from my account: ComboFix 11-02-14.02 - Terry 02/15/2011 0:40.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.574 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\schrauber.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 ))))))))))))))))))))))))))))))) . 2011-02-15 05:15 . 2011-02-15 05:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-15 05:15 . 2011-02-15 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-02-14 18:06 . 2011-02-14 18:06 -------- d-----w- c:\documents and settings\Donald\Application Data\Inbox Toolbar 2011-02-14 18:06 . 2011-02-14 18:06 -------- d-----w- c:\documents and settings\Donald\Application Data\HPAppData 2011-02-14 18:00 . 2011-02-14 18:00 6656 ----a-w- c:\windows\system32\620FA159.exe 2011-02-14 16:56 . 2011-02-14 16:56 -------- d-----w- c:\documents and settings\Terry\Application Data\Malwarebytes 2011-02-14 16:45 . 2011-02-14 16:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2011-02-11 12:56 . 2011-02-11 12:57 -------- d-----w- c:\program files\Chronicles of Albian - The Magic Convention 2011-02-11 12:20 . 2011-02-11 12:21 -------- d-----w- c:\documents and settings\Donald\Application Data\Babylon 2011-02-11 04:07 . 2011-02-11 04:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SpookyManor 2011-02-11 01:34 . 2011-02-11 01:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Babylon 2011-02-11 01:29 . 2011-02-11 06:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylon 2011-02-11 00:19 . 2007-08-21 19:32 98304 ----a-w- c:\windows\system32\redmonnt.dll 2011-02-11 00:18 . 2011-02-14 04:49 -------- d-----w- c:\program files\FoxTabPDFConverter 2011-02-10 07:13 . 2011-02-11 07:18 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Temp 2011-02-07 22:28 . 2011-02-07 22:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Vogat Interactive 2011-02-06 02:01 . 2011-02-06 02:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Flood Light Games 2011-02-06 02:01 . 2011-02-06 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games 2011-02-06 01:34 . 2011-02-06 01:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Mystery of Mortlake Mansion 2011-02-05 07:03 . 2011-02-05 18:50 -------- d-----w- c:\program files\Microsoft Works 2011-02-05 07:02 . 2011-02-05 07:02 -------- d-----w- c:\program files\Microsoft.NET 2011-02-05 06:59 . 2011-02-05 06:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-02-05 06:59 . 2011-02-05 07:03 -------- d-----w- c:\windows\SHELLNEW 2011-02-05 06:54 . 2011-02-05 06:54 -------- d-----r- C:\MSOCache 2011-02-03 19:45 . 2011-02-03 19:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple 2011-02-03 07:10 . 2011-02-03 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software 2011-01-30 20:57 . 2011-01-30 20:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-01-30 06:33 . 2011-01-30 06:33 -------- d-----w- c:\documents and settings\Terry\Application Data\MyFamily.com 2011-01-27 17:31 . 2011-01-27 17:31 -------- d-----w- c:\program files\MSXML 4.0 2011-01-27 00:48 . 2011-01-27 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2011-01-27 00:48 . 2011-01-27 00:54 -------- d-----w- c:\documents and settings\Terry\Application Data\HP 2011-01-27 00:48 . 2011-01-27 00:48 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\HP 2011-01-27 00:47 . 2009-05-18 21:33 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2011-01-27 00:47 . 2009-05-18 21:33 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2011-01-27 00:46 . 2009-04-20 18:23 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll 2011-01-27 00:46 . 2009-06-01 23:35 452408 ----a-r- c:\windows\system32\hpzids01.dll 2011-01-27 00:46 . 2009-04-20 18:23 123904 ----a-w- c:\windows\system32\hpf3l70w.dll 2011-01-27 00:46 . 2009-05-18 21:33 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2011-01-27 00:46 . 2009-06-01 23:36 966656 ----a-r- c:\windows\system32\hpwtiop6.dll 2011-01-27 00:46 . 2009-06-01 23:36 716288 ----a-r- c:\windows\system32\hpwwiax7.dll 2011-01-27 00:46 . 2009-06-01 23:36 315392 ----a-r- c:\windows\system32\hpwvst01.dll 2011-01-27 00:46 . 2009-05-18 21:33 372736 ----a-r- c:\windows\system32\hppldcoi.dll 2011-01-27 00:42 . 2011-01-27 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2011-01-27 00:41 . 2011-01-27 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2011-01-27 00:40 . 2011-01-27 00:40 -------- d-----w- c:\program files\Common Files\HP 2011-01-27 00:40 . 2011-01-27 00:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2011-01-27 00:40 . 2011-01-27 00:40 -------- d-----w- c:\windows\hpoj4500g510a-f 2011-01-27 00:35 . 2011-01-27 00:44 -------- d-----w- c:\program files\HP 2011-01-24 23:56 . 2011-01-24 23:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Artifex Mundi 2011-01-24 01:22 . 2011-01-24 01:22 -------- d-----w- c:\documents and settings\Owner\Application Data\MasterThief 2011-01-23 15:45 . 2011-01-23 16:44 -------- d-----w- c:\program files\Millionaire Manor - The Hidden Object Show 2011-01-23 15:36 . 2011-01-23 15:36 -------- d-----w- c:\documents and settings\Owner\Application Data\World-Loom 2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll 2011-01-21 02:21 . 2011-01-21 02:29 -------- d-----w- c:\documents and settings\Ryan\Application Data\Inbox Toolbar 2011-01-21 02:20 . 2011-01-21 02:20 -------- d-----w- c:\documents and settings\Ryan\Application Data\NCH Swift Sound 2011-01-20 01:17 . 2011-01-20 01:17 -------- d-----w- c:\documents and settings\Terry\Application Data\ieSpell . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-28 05:09 . 2010-12-28 05:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-21 00:09 . 2010-08-27 20:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-08-27 20:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-03 09:05 . 2010-12-28 05:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-11-18 18:12 . 2010-01-29 09:19 81920 ----a-w- c:\windows\system32\isign32.dll 2010-06-05 00:34 . 2010-06-05 00:34 441 ----a-w- c:\program files\0604201019344103.bat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ffed9d8-942f-4384-aa29-d3bd083a346a}] 2011-01-14 09:42 60416 ----a-w- c:\program files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc1e426b-fa76-428f-b680-86ef1edb13c1}] 2011-01-14 09:42 702464 ----a-w- c:\progra~1\RETROG~2\bar\1.bin\2zbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{54ba686e-738f-42fe-badd-d8cb7cfbc07e}"= "c:\program files\Retrogamer_2z\bar\1.bin\2zbar.dll" [2011-01-14 702464] [HKEY_CLASSES_ROOT\clsid\{54ba686e-738f-42fe-badd-d8cb7cfbc07e}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}"= "c:\program files\Retrogamer_2z\bar\1.bin\2zbar.dll" [2011-01-14 702464] [HKEY_CLASSES_ROOT\clsid\{54ba686e-738f-42fe-badd-d8cb7cfbc07e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-29 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk backup=c:\windows\pss\IMVU.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\Terry\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Terry\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 14:01 136176 ----atw- c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Retrogamer_2z Browser Plugin Loader] 2011-01-14 09:42 27648 ----a-w- c:\progra~1\RETROG~2\bar\1.bin\2zbrmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection] 2010-07-05 15:12 544768 ----a-w- c:\program files\GamesBar\SearchEngineProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 21:28 577536 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate] 2010-05-20 05:32 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 21:21 246504 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-01-29 08:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2010-01-29 09:25 81920 -c--a-w- c:\windows\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] 2010-01-29 09:25 204800 -c--a-w- c:\windows\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor] 2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iWinTrusted"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"= "c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/27/2010 11:09 PM 64288] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/29/2010 1:27 AM 13696] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5/19/2010 11:32 PM 142592] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 2:41 AM 135664] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/15/2010 1:03 AM 88176] S2 Retrogamer_2zService;Retrogamer Service;c:\progra~1\RETROG~2\bar\1.bin\2zbarsvc.exe [1/14/2011 3:42 AM 36864] S3 620FA159;620FA159;c:\windows\system32\620FA159.exe [2/14/2011 12:00 PM 6656] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 3:05 AM 1405384] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 3:05 AM 15232] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232] S3 Normandy;Normandy SR2; [x] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [1/29/2010 3:10 AM 85504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2011-02-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 12:55] 2011-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-10-22 c:\windows\Tasks\expressburnSevenDays.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-10-15 08:14] 2010-10-18 c:\windows\Tasks\expressburnShakeIcon.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-10-15 08:14] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:41] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:41] 2011-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 12:56] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 12:56] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1007Core.job - c:\documents and settings\Sommer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-07 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1007UA.job - c:\documents and settings\Sommer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-07 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1008Core.job - c:\documents and settings\Zach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-14 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1008UA.job - c:\documents and settings\Zach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-14 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1010Core.job - c:\documents and settings\Zach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-14 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1010UA.job - c:\documents and settings\Zach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-14 14:01] 2011-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1012Core.job - c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-10 14:01] 2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-796845957-725345543-1012UA.job - c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-10 14:01] 2011-01-24 c:\windows\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-15 07:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Lookup on Merriam Webster IE: Lookup on Wikipedia IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://signature.edu:3535/activex/AMC.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-15 00:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3376) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll - - - - - - - > 'explorer.exe'(1796) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-02-15 00:48:56 ComboFix-quarantined-files.txt 2011-02-15 06:48 ComboFix2.txt 2011-02-15 06:21 Pre-Run: 140,975,452,160 bytes free Post-Run: 140,971,630,592 bytes free - - End Of File - - CBF203BEB6496404D8EA0BF0376CE8AD