lisab0303

12 Posts

August 30th, 2010 10:00

Searches using different search engines being redirected to ad sites. Problems started after a fake Yahoo IM sent.

Hi,

I know you are all volunteers and are inundated with requests for help. I sent a request on August 23rd then replied to my own post (being new to these kinds of posts) to add information. I am not sure that doing that made it seem like my help request was responded too as I have seen newer posts being addressed so I thought it best to send another. I am attaching a brand new Trend Micro log even though I have not used the internet since my original post. I got a fake Yahoo IM a few weeks ago. Started problems with taking over my mouse and such. I uninstalled and reinstalled Yahoo and that helped. Ran Lavasoft Ad-aware. added and ran Microsoft Security Essentials and Malwarebyte Anti-malware software. Got rid of some trojan horses and Exploit entries. Still having problems with my search engine. I do a search (tried Google and Yahoo using both IE8 and Mozilla) and if I click on a result, it takes me to an ad page unrelated to my search. Any assistance with this matter will be greatly appreciated.

Thanks,

Lisa

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:16 AM, on 8/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\RocketFish\Rocketfish Bluetooth Combo\TSR\xDaemon.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Rocketfish Input Device Main Program] C:\Program Files\RocketFish\Rocketfish Bluetooth Combo\TSR\xDaemon.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

--
End of file - 7830 bytes

Responses(18)

lisab0303

12 Posts

September 1st, 2010 09:00

Hi Kevin,

I ran both the Combofix adding that text file and the Kaspersky antivirus. Kaspersky found nothing, but here is the Combofix log:

ComboFix 10-08-31.02 - Lisa531 09/01/2010 8:40.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1403 [GMT -4:00]
Running from: c:\documents and settings\Lisa531\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lisa531\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"c:\windows\system32\drivers\rbbtm.SYS"
"c:\windows\system32\drivers\rbmouse.SYS"
"c:\windows\system32\drivers\rbusblf.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\All Users\Application Data\avg9\Cfg\cachesrv.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\emssrv.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg9\emc\Log\emc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmac.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmacstat.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrmacstat.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\commonpub.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000002.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000003.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000063.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000064.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg9\Temp\000306c4-675c-4491-97c2-7fb9e5462476-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\01c9a525-5dbe-4f0b-9e5e-23797a9c3522-19c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\05728ccc-57ff-4cbb-ab65-c6614a950e44-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\05728ccc-57ff-4cbb-ab65-c6614a950e44-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\07240e44-b557-45ed-8b1b-6317421bf5ea-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0c37df5f-a9dd-4c9e-aadf-e9bc9b6778d9-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0e4fe194-f070-4886-8a1c-fa502bf2cb26-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0e5d5cc6-c4c6-4d11-9eca-fea6511668c1-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0f05505b-26f3-4d0f-ae30-7a5937183416-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0f68e4ca-3703-456d-aa59-0be5bb7c1e72-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0fb61d85-60c9-425a-8b8a-c791a05ae9b8-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1083da34-ba5e-4fe3-8c81-08b0adc873f1-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\133cf075-747d-4284-bc10-cf4f06f0f4cf-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1551007d-5bf6-443b-932e-e8cbd9bc6133-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\15c30838-ddc0-4fed-a47a-74c934256943-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\160d55a5-2d5b-4083-824c-4d230562b23e-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\19792c4c-37c6-475d-8cea-4350cf8f0438-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1a631936-540b-4feb-99cb-7004f299fdb7-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1b410292-1acb-4ac8-880c-aa01167b8c0e-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1b6e5f7b-4aa7-4321-8241-8f74448cff72-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1befdc88-19d9-4385-a37b-0b021cfc3f7e-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1cb5b9b4-5e7b-4829-9e28-7c98b208463b-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1ebe479e-3453-42bd-a842-92ba6a8e7cd4-518-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1f24838f-a4ad-4b91-aab0-5ffbdff69a67-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\202e1173-9fd8-44c7-baff-80fff179b5b7-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\20823196-3e2d-4ad2-a005-16199dd98260-554-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\21db2d27-1b86-41a9-b888-cdce0f6e1d1f-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2563b879-2aab-4dd3-8135-d4f8b4730fa0-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\266c4663-ff84-4768-8b4e-ea1b6cf94539-518-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\273809f7-bbb5-4629-8bd0-341fc8864f59-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\28500c2d-0248-4311-ab0d-45b35710a2a6-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\29ebc641-5963-40ea-9648-bf9fe35c50c7-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\29faf9d5-282b-4077-821d-c26249f0d4cc-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2d04bc89-342f-4d43-93ad-2d743d38aec6-4d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2d203270-c933-4609-b8ef-30afdd0375a0-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2e30a0dc-b3ff-4883-8953-165b0cea2fb5-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2f96dccc-2358-4158-8bc1-e39c81524c47-514-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2fc62cea-8dfc-4740-87e0-b5461224c1dd-510-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\30926ffb-5cd6-4652-8a7c-05ba1a303d59-4c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\336ddbac-9b99-4bfe-9f62-953d2f8723d5-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35422c2a-2da3-4454-a9fd-f663439a638f-514-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35747662-35ab-4903-a791-be29854c583d-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35c4e409-3d2b-4546-b4fb-5fbb3f5bbd62-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35d21d83-6d8f-460b-9f5b-6b62f30fc14f-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3768aa91-488c-45c7-9ee8-0a4df9495377-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\37a76f01-ff98-4f61-aaf6-cc8907220008-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3ccab467-65d9-4965-9dde-4d9f3873a0aa-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3db55ab3-7c8f-4cf3-83e6-79c09aed8093-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3e4fd310-30b8-4706-85d3-fbfdb4c89505-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3e5e475c-a272-4a59-9af6-f66f8ccdb2b9-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3f434ede-4928-49c9-a303-49b5e955a8d5-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3fb7081b-3e75-4fa2-88b6-bf5adb1033b1-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\414d9429-1873-4e5e-8644-5e45e04ac5d8-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\430010bb-132e-4558-a76e-f1178ab02d97-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\44969cca-ee2c-4415-a6fc-90028feabfbf-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4584354a-41aa-4533-8eee-a85a5524a1da-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\465986c2-f806-4d29-9ebe-1461c235c54b-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\47244f3c-17d2-4d24-9ccb-68486ce24e52-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\48f82264-0dba-4a25-84e5-b32ad39b2941-a34-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\491b76a0-657c-4677-950c-a1a443a04abd-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4a129d0a-8dd3-4129-8818-d01fc1606171-510-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4a9454e9-9d5b-421b-9316-3976bd21bc45-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4ad4d89a-d6c7-478f-bc0b-0ee3b387b4e0-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4c1937b9-4d36-4dcf-967d-04eb70237b90-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4d13d1d4-c3fe-4461-8e8e-250dfd2206d1-460-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4e5f91f8-3cb7-4336-ab2f-e52e84a1dda2-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4eec8f1d-41dc-485e-9fa3-6ef6d2553a31-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4eef8251-7ca3-45ed-a18d-5b2d35163b62-510-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4f256e24-8159-48da-a6dc-56c31aace45f-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\50429e60-4509-44de-b3c7-4259304953a5-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\51f8cc68-fded-4341-b4c2-d59424fc079f-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5287bdc7-1887-4658-a4eb-40b27b7380a7-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\535d0e3f-cfe2-4e4e-b4bc-acb9e884a418-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\553552f1-9cb3-4434-8141-f9165f58e503-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\55b0e996-f556-4979-9da7-9b36724623ad-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\568e13aa-5e09-471d-b436-cde208994bb2-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5bb0f976-6321-4ad4-93ef-04748acd63b4-3c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5bbbe115-3785-4a7d-b4ad-5a37a251a206-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5d58553f-ca81-4959-9f5e-99f5ad4f768c-138c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5dc275e4-6ffa-454a-bd51-7a3ea8f65786-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5dc56818-aac2-42d9-bf3c-67750bb758b8-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5e0fb585-fa5d-436f-9d0d-40cfddf3a1b3-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5f06dce9-4806-4dc2-964f-792bb4b19d1e-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6042ad25-c34b-4acd-a072-4e2f5fc9497e-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6063cbae-6027-4128-b0bd-1d1689073a0f-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\60e113cf-509f-4f37-a5be-b4be8d45df3b-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\62c51a51-f755-4fa6-aecc-0705eaced657-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\63acd34f-35e0-47df-9074-4fd338a734f5-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\64282156-88f4-4825-8401-f0608b055909-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\64d7f566-2466-4ea9-a0e6-467d42668d92-518-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\65a2bee1-4233-4fa4-9ef2-9b65ec131699-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\67b3e194-75d3-43a5-b8e6-db70053ce66a-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\67f4dbf0-0b99-4d95-b02c-8190e8462edc-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\68c4491a-fd03-44e7-8abe-b837e5042098-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\69bb16c3-7273-47c6-b291-bcd3b6c1f802-3d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6c38bb70-c7d1-4767-a2c1-e2315ff48cb1-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6c661273-9411-4e87-9d6b-bdc03ee57f2e-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6d54ebac-8a82-426b-aeac-cec67590faf7-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6f14a79d-183e-4c63-bac1-772421c9e48a-514-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\71a83a92-55d7-4d58-b7da-1ff47523f699-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\72687b0e-db15-4655-a422-5cbd5c6ce437-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\733cd36c-f40d-4f85-b37d-d1a8189c878f-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\74c8d197-d4df-450c-a0bc-50900c53ff66-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\75512426-a4cb-43a4-b91f-edb5b7d77359-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\756485c6-c95e-42ad-8c6c-c097497f2d9f-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\75822cab-e38e-45ec-882f-b3eb2c1aeaa1-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\76dce77e-4247-479d-bc9a-7dd2873cd068-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\774710bd-8bcc-4bc8-8267-2d6511467045-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\774710bd-8bcc-4bc8-8267-2d6511467045-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\79d9af7e-8d9e-4f2d-bc96-e9fe02de8023-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7a878974-8bac-48ea-9705-49ff08603493-554-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7b4c6c86-33ea-4ec6-903d-c479ec8bba37-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7c26a46c-3b83-413a-a0ad-fe0dc51ffc54-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7c2997a1-774a-4ec9-a297-eb4428e0fe85-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7cead231-c03e-442f-9689-2a091a0750f4-508-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7f8500db-97e9-4229-9bd2-fbc5c326976a-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\82082b50-2701-443c-80dd-bcedddba8a94-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8262e523-86ba-46ed-b447-86d437dc705b-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\82c57992-97c9-4f4b-b070-175fba405bb8-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8416fb2e-e304-4303-88ed-d11d3d01b54a-3bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8504f34f-7257-4ccd-80d8-2819585c3a4e-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\89cc7ee2-78df-431f-bf56-df482e8cf428-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8a481587-d181-4965-9bbc-8168417a32d1-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8ae6bcea-01c8-4295-8957-dea6e167613c-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8bc0b8f8-ed5d-421c-b438-3551f1a86e49-514-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8d119935-756d-4e7f-9bae-2eb3c98a6cc5-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8d40f039-42ad-469f-9759-0a42a77c6041-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8dc26760-af43-44ca-b808-7beb32cc2166-54c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8e8b36c0-30ac-46fd-b69f-d9b72a992955-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\90bd6689-b990-4429-ac02-90a51bcee7b4-a5c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\910b6e00-84fc-4a81-98c0-ada8e16c1b4d-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\912a51b8-e082-4f4e-be47-8ec5e858f116-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9257aea1-0f5e-48a6-b97c-73391569657a-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\961b4ce7-3dba-44a2-b49a-4716d7f89c0a-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9746b79c-31cf-406c-ace5-3f53a1480e3c-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\97847c0c-e8db-4a06-b8f2-018eaf21bbce-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9b01c118-0264-42fa-9829-e8480333ac94-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9bb19429-9ed6-497e-b40e-3f64ba95e01d-588-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9e2e7994-7c89-48c7-854b-e77ab9872dfb-3c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9efe8917-4cba-4a8b-9825-54747ed55c4e-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a1197587-9689-4baf-a6f6-996c71d57c80-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a4769c09-1336-4c49-b6e2-b13e9baa7cb6-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a47a8957-ec61-479f-ba41-9490af4bfe00-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a48bf7bd-fb7f-48ba-91da-851d38309ccd-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a91b5897-e50c-4378-8c79-a4fe564cdd7d-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a95bb780-fea6-432d-8a03-1db0c0e5683f-3d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\aa22ed66-1d81-4f45-951e-c3055cf193fe-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\aa26dab5-f6ac-4a9b-997d-a75771921448-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\acc8edc1-6939-4154-a9cf-5d62393042d9-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ad34101a-5021-4446-af12-0410751a63ce-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\afc7a9f4-ef57-4674-abb5-b6c51793f4c5-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b17c18ba-25da-4afd-8fca-36cd24ba5db5-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b380c03c-8424-4b73-950f-728216be90eb-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b585a290-24c4-4d77-8518-9d022b13dee9-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b6ceae45-d06c-4b47-b99b-7ead8bdf8d35-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ba54871b-47bc-4daa-a9ac-904f3f951733-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bbdd9211-ebc7-46a2-9400-2100d08a8dd9-50c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bd02165f-694d-494d-8777-3fcfd459fda8-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bf770859-c800-4a9b-8122-f44f3939ede5-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c001d192-ef6b-4e6d-895d-9832b2bcae94-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c12a83eb-c3bc-4195-a34c-8721e39f54a4-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c17c683d-21bb-4512-9f8e-2f716bad0786-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c5526e02-fc99-41f0-b2b9-eaf667015efb-50c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c66e5d86-1c58-492e-9656-dedd0b2d3392-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c6c91859-7c11-4bdf-8ac0-a8c4664f195a-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c7e6817a-278a-4294-acb7-8d560fdcfdae-404-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c832477e-2732-4143-8e19-623c3e78381e-538-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c9eca292-36e0-4022-b68d-c5975f3f2359-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ca059ee2-1bd7-4bd1-973f-cc47a0aaf7be-51c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cab53034-39aa-4e2f-900a-369540997750-12d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cb6d15a5-cc87-4734-8371-885239642f18-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cd51db6f-cf4a-42dd-a32f-e3e9247c8c85-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ceae47be-c6d9-4e57-b035-a25870eddad0-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cedd9ec1-9319-4577-ace0-7ee74edfce4c-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d040e77e-c8ab-42bd-ab64-5ef16186ebad-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d0b2ef3f-2522-4ecd-b67b-df0e62f20e06-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d169d79c-0cb3-406e-9f1f-5aa2cd776a6b-4cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d2487b4e-0020-4e89-b409-7ef9672ca02e-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d5661939-e1c4-4876-9c75-b7794c7b28e2-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d785b71e-e8bb-4104-8a18-fcdb8bc8954e-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d7a98624-1c6c-4127-b4fe-c04aa656ee61-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d83e1918-5905-421c-b116-691afaafff70-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d93832b0-e376-48fe-ac42-8fac342efd0d-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d95a089c-7ac4-4a5a-95b3-5d019edbd507-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\db0d842e-7480-4154-b6dd-f0d348413cc6-508-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dcc7df3c-a981-4fd4-a486-5e0ec2060cb9-528-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ddb18a6e-23d4-449c-8919-9314739f6b89-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e2074fff-4b83-4404-a098-b6f561d7b702-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e5322c49-bf28-40ee-b2f0-060149fac18a-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e5627d67-2acc-46d5-af0f-d8acd9cb3620-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e9cdfa53-5bfd-463c-a83f-99199df86418-384-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ea2574b2-e33e-47c1-9359-85f923cb4e7f.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ea6328ba-14c2-416b-9e14-6f5769c334d7-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eb8f4ad1-0349-4835-ae86-660073838d73-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ebb16175-3d89-4e58-bf45-2b034fa1fe1c-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ecd6a40b-171c-4d3d-896d-5224e1ffd43d-520-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eda16d85-36e9-4d37-887a-a60c8bab5d44-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ef9893e9-8492-478a-81bb-df67636959b0-530-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f0229fdf-289d-4082-ac0f-7118f35fcf55-534-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f1588ab2-2d52-436f-b15e-6caed9f67852-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f2075ec3-c9c4-4af3-8d43-c3cb9057addb-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f215d8f5-9d1b-4e7e-a1f2-c721b67c4976-52c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f31e67df-73f4-4813-ab0b-dd446e017f0f-524-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f3800134-e6a0-43a9-a6bf-77b44085e953-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f5d5cfbf-47db-4b63-9195-53682c086919-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f8638231-6f82-4472-8864-2cae0900f7ac-540-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f8d3d290-d288-4582-bb54-ad5ecafc339a-548-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fd33a294-ae7e-4792-9086-02e5e6d56606-550-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fd9149b5-e662-449a-8850-af1f5598cf18-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ff98e46b-8073-429f-907f-d90baa5d0480-544-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\file9514.tmp
c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty
c:\documents and settings\Lisa531\Application Data\AVG9
c:\documents and settings\Lisa531\Application Data\AVG9\cfgall\usergui.cfg
c:\windows\system32\drivers\rbbtm.SYS
c:\windows\system32\drivers\rbmouse.SYS
c:\windows\system32\drivers\rbusblf.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rbbtm
-------\Service_rbmouse
-------\Service_rbusblf

((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-31 22:58 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-31 22:58 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-08-23 02:09 . 2010-08-23 02:09 -------- d-----w- c:\documents and settings\Jim-531\Application Data\Malwarebytes
2010-08-22 18:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 18:44 . 2010-08-22 18:44 -------- d-----w- c:\program files\Bobby MB
2010-08-22 18:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 18:27 . 2008-04-13 17:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-22 17:33 . 2010-08-22 17:33 -------- d-----w- c:\documents and settings\Lisa531\Application Data\PeaZip
2010-08-22 15:31 . 2010-08-22 15:31 -------- d-----w- c:\program files\Trend Micro
2010-08-21 20:56 . 2010-08-21 20:56 -------- d-----w- c:\documents and settings\Lisa531\Application Data\Malwarebytes
2010-08-21 20:56 . 2010-08-22 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 20:56 . 2010-08-21 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-21 18:15 . 2010-08-21 18:15 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-11 12:51 . 2010-08-11 12:51 -------- d-----w- c:\program files\AC3Filter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 23:14 . 2010-03-13 22:58 -------- d-----w- c:\documents and settings\Lisa531\Application Data\MSN6
2010-08-31 19:59 . 2010-03-15 13:45 -------- d-----w- c:\documents and settings\Lisa531\Application Data\Skype
2010-08-31 19:59 . 2010-03-15 13:46 -------- d-----w- c:\documents and settings\Lisa531\Application Data\skypePM
2010-08-30 16:01 . 2010-01-29 21:30 0 ----a-w- c:\documents and settings\Tim-531\Local Settings\Application Data\prvlcl.dat
2010-08-23 15:13 . 2010-08-23 15:13 388096 ----a-r- c:\documents and settings\Lisa531\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-22 17:19 . 2010-03-13 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-22 17:19 . 2010-03-13 19:23 -------- d-----w- c:\program files\Yahoo!
2010-08-21 14:53 . 2010-01-27 02:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-20 19:03 . 2010-08-20 18:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-20 13:03 . 2010-08-20 13:03 -------- d-----w- c:\program files\Common Files\Java
2010-08-20 13:03 . 2010-04-17 12:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-20 13:03 . 2010-08-20 13:03 -------- d-----w- c:\program files\Java
2010-08-19 00:54 . 2010-01-28 17:08 -------- d-----w- c:\program files\Defraggler
2010-08-18 15:43 . 2010-08-18 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNDynFiles
2010-08-18 00:20 . 2010-08-18 00:20 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-13 21:52 . 2010-03-13 22:03 -------- d-----w- c:\documents and settings\Lisa531\Application Data\Yahoo!
2010-08-13 11:36 . 2010-08-11 09:44 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-09 19:49 . 2010-08-09 19:49 61440 ----a-w- c:\documents and settings\Tim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-53c85e7f-n\decora-sse.dll
2010-08-09 19:49 . 2010-08-09 19:49 503808 ----a-w- c:\documents and settings\Tim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36fe99ba-n\msvcp71.dll
2010-08-09 19:49 . 2010-08-09 19:49 499712 ----a-w- c:\documents and settings\Tim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36fe99ba-n\jmc.dll
2010-08-09 19:49 . 2010-08-09 19:49 348160 ----a-w- c:\documents and settings\Tim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36fe99ba-n\msvcr71.dll
2010-08-09 19:49 . 2010-08-09 19:49 12800 ----a-w- c:\documents and settings\Tim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-53c85e7f-n\decora-d3d.dll
2010-08-05 15:17 . 2010-08-05 15:17 503808 ----a-w- c:\documents and settings\Lisa531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2f06a25d-n\msvcp71.dll
2010-08-05 15:17 . 2010-08-05 15:17 499712 ----a-w- c:\documents and settings\Lisa531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2f06a25d-n\jmc.dll
2010-08-05 15:17 . 2010-08-05 15:17 348160 ----a-w- c:\documents and settings\Lisa531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2f06a25d-n\msvcr71.dll
2010-08-05 15:17 . 2010-08-05 15:17 61440 ----a-w- c:\documents and settings\Lisa531\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ecb30a8-n\decora-sse.dll
2010-08-05 15:17 . 2010-08-05 15:17 12800 ----a-w- c:\documents and settings\Lisa531\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ecb30a8-n\decora-d3d.dll
2010-08-03 06:26 . 2010-08-03 06:26 503808 ----a-w- c:\documents and settings\Jim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-245746c9-n\msvcp71.dll
2010-08-03 06:26 . 2010-08-03 06:26 499712 ----a-w- c:\documents and settings\Jim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-245746c9-n\jmc.dll
2010-08-03 06:26 . 2010-08-03 06:26 348160 ----a-w- c:\documents and settings\Jim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-245746c9-n\msvcr71.dll
2010-08-03 06:26 . 2010-08-03 06:26 61440 ----a-w- c:\documents and settings\Jim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2dd0dbf1-n\decora-sse.dll
2010-08-03 06:26 . 2010-08-03 06:26 12800 ----a-w- c:\documents and settings\Jim-531\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2dd0dbf1-n\decora-d3d.dll
2010-07-26 09:58 . 2010-08-18 15:43 150016 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\vid_wide.dll
2010-07-26 09:58 . 2010-08-18 15:43 148992 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\vid_fly.dll
2010-07-26 09:58 . 2010-08-18 15:43 123392 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\msndupd.exe
2010-07-26 09:49 . 2010-08-18 15:43 388608 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\txsrvc.dll
2010-07-26 09:48 . 2010-08-18 15:43 476672 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\unicows.dll
2010-07-21 03:56 . 2010-08-18 15:43 536960 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\SpellChecker\mssp7en.dll
2010-06-30 12:31 . 2001-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2001-08-18 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-08-18 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-08-18 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-01-25 21:06 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:41 . 2001-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 16:32 . 2010-06-08 16:32 50354 ----a-w- c:\documents and settings\Lisa531\Application Data\Facebook\uninstall.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\NetworkService\Local Settings\Application Data\tyunstwff ----

(((((((((((((((((((((((((((((   SnapShot@2010-08-30_18.58.53   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-01 12:47 . 2010-09-01 12:47 16384              c:\windows\temp\Perflib_Perfdata_120.dat
+ 2010-01-28 05:05 . 2010-06-01 17:37 221568              c:\windows\system32\MpSigStub.exe
- 2010-01-28 05:05 . 2010-05-21 18:14 221568              c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-09-03 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Rocketfish Input Device Main Program"="c:\program files\RocketFish\Rocketfish Bluetooth Combo\TSR\xDaemon.exe" [2009-07-02 376832]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/27/2010 3:40 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:40]

2010-06-18 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2010-07-30 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Lisa531\Application Data\Mozilla\Firefox\Profiles\1ejj9yrq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Lisa531\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 08:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-09-01 08:54:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 12:54
ComboFix2.txt 2010-08-31 22:18
ComboFix3.txt 2010-08-30 19:04

Pre-Run: 149,798,006,784 bytes free
Post-Run: 149,758,017,536 bytes free

- - End Of File - - 1FA422B1B0AD55AABBF3248454FE8FE5

So far so good with my computer. I will let you know if any more problems arise. Thanks again for your assistance.

Lisa

lisab0303

12 Posts

September 2nd, 2010 18:00

Hi Kevin,

First I can't thank you enough for all your assistance. I really appreciate it. That being said, I think your work is done. I searched a bunch today and was going to various sites without any garbage sites coming up. I think I tested it enough that I'm satisfied that you have resolved my problem. Now my only other problem is if my house on Cape Cod will get destroyed by Hurricane Earl! LOL

Thanks again,

Lisa

kevinf80_1d0ac6

1.1K Posts

September 3rd, 2010 00:00

Hiya Lisa,

That is really good news about your system, wish I could helpwith Hurricane Earl. Proceed as follows please :-

Step 1

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Let me know if Combofix uninstalled successfully, if not we need to reset your system restore cache.

Step 2

Download OTC by OldTimer and save it to your desktop. Alternative mirror
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.

Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

Here are some tips to reduce the potential for malware infection in the future; I strongly recommend that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

Firefox,

Opera, and

Chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.
So how did I get infected in the first place by Tony Klein
How to prevent Malware by Miekiemoes
Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Please reply so I know you have read this, its been a pleasure to work with you.
Take care,

Kevin

View All

No Events found!

Virus & Spyware

Searches using different search engines being redirected to ad sites. Problems started after a fake Yahoo IM sent.