Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

2 Pages V   1 2 >  
 Closed TopicStart new topic
> [Resolved] Way too many popups, What else can I do to get rid of pop-ups
CherBear
post Dec 1 2008, 03:14 PM
Post #1


New Member
*

Group: Authentic Member
Posts: 9
Joined: 1-December 08
Member No.: 82,656
Operating System: windows xp sp 3
I've recently run ad-aware 2008 and also malware's antispyware programs which found items that they've deleted, but I'm still getting alot of popups in the internet. They seem to be worse when my son tries to open his myspace page. Can you tell me what else I can try to get rid of them?
Logfile of HijackThis v1.99.1
Scan saved at 3:52:42 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\Cher\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Commonwealth of Pennsylvania VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe



This post has been edited by CherBear: Dec 1 2008, 03:21 PM
Go to the top of the page
 
+Quote Post
ken545
post Dec 2 2008, 03:52 AM
Post #2


SuperHelper
Group Icon

Group: Malware Expert
Posts: 7,144
Joined: 3-December 04
From: Darien, Connecticut
Member No.: 19,436
Operating System: Win Xp Home SP3/ Vista Home Premium SP1
Hello CherBear

Welcome to the Whatthetech Malware Removal Forum

C:\Program Files\Hijackthis <---Your version of Hijackthis is outdated, delete this version so there won't be any confusion in the future.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a New Hijackthis log.






Download Trendmicros Hijackthis to your desktop.
  • Double click it to install
  • Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.


Post the Malwarebytes log and a new hijackthis log please
Go to the top of the page
 
+Quote Post
CherBear
post Dec 2 2008, 06:49 PM
Post #3


New Member
*

Group: Authentic Member
Posts: 9
Joined: 1-December 08
Member No.: 82,656
Operating System: windows xp sp 3

Ken545,
Thank you for your quick response.

I removed the old version of HiJack This.
I installed Malwarebytes Anti-malware and ran it. It said nothing was found. This is the program that I had run before I created this post.
Here is the log
Malwarebytes' Anti-Malware 1.30
Database version: 1450
Windows 5.1.2600 Service Pack 3

12/2/2008 7:43:22 PM
mbam-log-2008-12-02 (19-43-22).txt

Scan type: Quick Scan
Objects scanned: 79269
Time elapsed: 12 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Installed new version of Hijack this from trend and here is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:59 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\Cher\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [lphcglpj0erdj] C:\WINDOWS\system32\lphcglpj0erdj.exe (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [lovikupibu] Rundll32.exe "C:\Documents and Settings\All Users\Application Data\sotujuba\sotujuba.dll",s (User 'Kyle')
O4 - HKUS\S-1-5-21-2372229341-3047002395-576542031-1007\..\Run: [CPM27ee027a] Rundll32.exe "C:\Documents and Settings\All Users\Application Data\yugepiyo\yugepiyo.dll",a (User 'Kyle')
O4 - Global Startup: Commonwealth of Pennsylvania VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 13632 bytes
Thanks for your help!!
CherBear
Go to the top of the page
 
+Quote Post
ken545
post Dec 2 2008, 11:46 PM
Post #4


SuperHelper
Group Icon

Group: Malware Expert
Posts: 7,144
Joined: 3-December 04
From: Darien, Connecticut
Member No.: 19,436
Operating System: Win Xp Home SP3/ Vista Home Premium SP1
Hello,

The newer version of HJT is showing more than the older, thanks for changing it.


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Go to the top of the page
 
+Quote Post
CherBear
post Dec 3 2008, 03:18 PM
Post #5


New Member
*

Group: Authentic Member
Posts: 9
Joined: 1-December 08
Member No.: 82,656
Operating System: windows xp sp 3
Here is the Combo Fix log;
ComboFix 08-12-02.02 - Cher 2008-12-03 16:12:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.611 [GMT -5:00]
Running from: c:\documents and settings\Cher\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 06:18 . 2008-12-03 06:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\fomikago
2008-12-03 06:18 . 2008-12-03 06:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\biwiluga
2008-12-02 19:46 . 2008-12-02 19:46 <DIR> d-------- c:\program files\Trend Micro
2008-12-02 18:17 . 2008-12-02 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\yugepiyo
2008-12-02 18:17 . 2008-12-02 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\nidawila
2008-12-02 06:17 . 2008-12-02 12:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\tisisiga
2008-12-02 06:17 . 2008-12-02 06:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\huwiyuke
2008-12-01 18:17 . 2008-12-01 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\vufewuta
2008-12-01 18:17 . 2008-12-01 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\jayoriji
2008-12-01 17:16 . 2008-12-01 17:16 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-01 17:15 . 2008-12-01 17:15 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-01 16:49 . 2008-12-01 16:49 <DIR> d-------- c:\program files\NOS
2008-12-01 16:49 . 2008-12-01 16:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-29 20:06 . 2008-11-29 20:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\sisofeda
2008-11-29 20:06 . 2008-11-29 20:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\lunazuse
2008-11-29 11:37 . 2008-11-29 11:37 <DIR> d-------- c:\windows\system32\scripting
2008-11-29 11:37 . 2008-11-29 11:37 <DIR> d-------- c:\windows\system32\en
2008-11-29 11:37 . 2008-11-29 11:37 <DIR> d-------- c:\windows\system32\bits
2008-11-29 11:37 . 2008-11-29 11:37 <DIR> d-------- c:\windows\l2schemas
2008-11-29 11:34 . 2008-11-29 11:37 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-29 09:47 . 2008-12-02 19:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 09:47 . 2008-11-29 09:47 <DIR> d-------- c:\documents and settings\Cher\Application Data\Malwarebytes
2008-11-29 09:47 . 2008-11-29 09:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-29 09:47 . 2008-10-22 16:28 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-29 09:47 . 2008-10-22 16:28 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-29 08:05 . 2008-11-29 08:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\yijeyenu
2008-11-29 08:05 . 2008-11-29 08:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\kayezera
2008-11-28 20:05 . 2008-11-28 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\punefovu
2008-11-28 20:05 . 2008-11-28 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\hotajumo
2008-11-28 19:05 . 2008-11-28 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\sotujuba
2008-11-28 19:05 . 2008-11-28 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\sokawuge
2008-11-28 19:05 . 2008-11-28 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\ruyoneta
2008-11-28 19:05 . 2008-11-28 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\norolija
2008-11-28 19:05 . 2008-11-28 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\hivoneka
2008-11-28 19:05 . 2008-11-28 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\bawesawe
2008-11-28 07:05 . 2008-11-28 07:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\yubitadi
2008-11-28 07:05 . 2008-11-28 07:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\harugidu
2008-11-27 19:05 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\zisigohu
2008-11-27 19:05 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\jibagiba
2008-11-27 07:05 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\wedaboya
2008-11-27 07:05 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\pudepila
2008-11-26 19:05 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\pazimovu
2008-11-26 19:05 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\papulifu
2008-11-26 07:05 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\zimisefi
2008-11-26 07:05 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\tisugute
2008-11-25 19:05 . 2008-11-29 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\juyereni
2008-11-25 19:05 . 2008-11-29 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\filarilu
2008-11-24 19:04 . 2008-11-24 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\rinotune
2008-11-24 19:04 . 2008-11-24 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\bareyufa
2008-11-24 07:04 . 2008-11-24 07:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\mesasodu
2008-11-24 07:04 . 2008-11-24 07:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\fuwupiga
2008-11-23 19:03 . 2008-11-23 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\holurohu
2008-11-23 19:03 . 2008-11-23 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\fodobore
2008-11-23 07:03 . 2008-11-23 07:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\pefedoki
2008-11-23 07:03 . 2008-11-23 07:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\girodili
2008-11-22 19:03 . 2008-11-22 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\tenejive
2008-11-22 19:03 . 2008-11-22 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\mukozora
2008-11-22 07:03 . 2008-11-22 07:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\yotukano
2008-11-22 07:03 . 2008-11-22 07:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\tutumowu
2008-11-21 21:44 . 2008-11-21 21:44 <DIR> d-------- c:\documents and settings\Kyle\WINDOWS
2008-11-21 19:02 . 2008-11-21 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\hahupidi
2008-11-21 19:02 . 2008-11-21 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\fujuyiya
2008-11-21 07:02 . 2008-11-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\tutizoka
2008-11-21 07:02 . 2008-11-29 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\kuhabero
2008-11-20 19:02 . 2008-11-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\yeniboja
2008-11-20 19:02 . 2008-11-29 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\kotamili
2008-11-20 07:02 . 2008-11-29 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\rifewimi
2008-11-20 07:02 . 2008-11-29 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\nudebame
2008-11-19 19:02 . 2008-11-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\wulamolu
2008-11-19 19:02 . 2008-11-29 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\kotipuki
2008-11-19 07:02 . 2008-11-29 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\robofada
2008-11-19 07:02 . 2008-11-29 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\jeyibefa
2008-11-18 19:02 . 2008-11-29 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\nedakodo
2008-11-18 19:02 . 2008-11-29 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\dasidetu
2008-11-18 07:01 . 2008-11-22 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\vosahesa
2008-11-18 07:01 . 2008-11-29 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\miyebogu
2008-11-17 19:01 . 2008-11-21 18:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\wihohize
2008-11-17 19:01 . 2008-11-21 18:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\geyeziju
2008-11-17 07:01 . 2008-11-27 08:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\waledidu
2008-11-17 07:01 . 2008-11-27 08:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\ragakune
2008-11-16 19:01 . 2008-11-22 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\suhayiya
2008-11-16 19:01 . 2008-11-22 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\gipitobi
2008-11-16 07:00 . 2008-11-29 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\hatapuni
2008-11-16 07:00 . 2008-11-29 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\guborusi
2008-11-15 19:00 . 2008-11-29 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\rawopupi
2008-11-15 19:00 . 2008-11-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\lirumega
2008-11-15 07:00 . 2008-11-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\wimiwufa
2008-11-15 07:00 . 2008-11-29 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\nimiwuvi
2008-11-14 19:00 . 2008-11-29 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\papehehi
2008-11-14 19:00 . 2008-11-29 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\gesumeye
2008-11-14 07:00 . 2008-11-29 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\ledekuka
2008-11-14 07:00 . 2008-11-22 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\bojitebu
2008-11-13 18:59 . 2008-11-29 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\gozonisi
2008-11-13 18:59 . 2008-11-29 09:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\gokegaze
2008-11-13 06:59 . 2008-11-22 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\layeyiro
2008-11-12 18:59 . 2008-11-29 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\fulefoze
2008-11-12 06:59 . 2008-11-29 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\mizuyoha
2008-11-12 06:59 . 2008-11-22 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\jaditibi
2008-11-11 18:58 . 2008-11-29 09:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\zobirawa
2008-11-11 18:58 . 2008-11-29 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\jisanifu
2008-11-11 17:47 . 2008-11-11 17:47 <DIR> d-------- c:\program files\Sun
2008-11-11 17:47 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-11 17:18 . 2008-11-11 17:18 <DIR> d-------- c:\documents and settings\Kyle\SERVER 508 oo
2008-11-11 16:26 . 2008-11-11 16:30 <DIR> d-------- C:\.mpr_file_store_32
2008-11-11 14:29 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 06:58 . 2008-11-21 18:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\vuzepeta
2008-11-11 06:58 . 2008-11-21 18:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\basahipo
2008-11-10 18:58 . 2008-11-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\vopidoko
2008-11-10 18:58 . 2008-11-29 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\gihezawo
2008-11-10 06:58 . 2008-11-29 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\ravoruna
2008-11-10 06:58 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\babupata
2008-11-09 20:09 . 2008-11-09 20:09 <DIR> d-------- c:\program files\Lavasoft
2008-11-09 20:09 . 2008-11-09 20:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-09 20:09 . 2008-11-09 20:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-08 15:28 . 2008-11-27 08:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\yikiwasu
2008-11-08 15:28 . 2008-11-27 08:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\gipopahu
2008-11-08 03:27 . 2008-11-29 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\ketisozi
2008-11-08 03:27 . 2008-11-29 09:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\bujusafu
2008-11-07 15:27 . 2008-11-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\yaleweyu
2008-11-07 15:27 . 2008-11-29 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\dozuferi
2008-11-07 13:22 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ponigadi
2008-11-07 13:22 . 2008-11-29 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\pipakuja
2008-11-07 13:22 . 2008-11-29 11:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\gozohapi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 11:35 31 ----a-w c:\documents and settings\Kyle\jagex_runescape_preferences.dat
2008-11-29 17:11 --------- d-----w c:\program files\CMS Products
2008-11-29 16:12 --------- d-----w c:\documents and settings\Kyle\Application Data\FrostWire
2008-11-11 22:47 --------- d-----w c:\program files\Java
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 00:28 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-10-20 00:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-10-20 00:27 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-10-20 00:23 --------- d-----w c:\program files\Zune
2008-10-20 00:19 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-10-20 00:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 18:55 4,236 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-12 22:48 245,664 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-09-12 22:46 61,856 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-09-12 22:32 73,216 ----a-w c:\windows\system32\ZuneUsbTransport.dll
2008-09-12 22:32 57,344 ----a-w c:\windows\system32\ZuneRegUtil.dll
2008-09-12 22:32 310,272 ----a-w c:\windows\system32\ZuneNetProxy.dll
2008-09-12 22:32 18,944 ----a-w c:\windows\system32\ZuneTcp2Udp.dll
2008-09-12 22:32 145,920 ----a-w c:\windows\system32\ZuneMTPZ.dll
2008-09-12 22:32 12,800 ----a-w c:\windows\system32\ZunePTDNS.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:15 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-07-23 21:01 4 ----a-w c:\documents and settings\Kyle\version.dat
2008-07-19 03:19 5,287,936 ----a-w c:\documents and settings\Kyle\soul.exe
2008-07-18 23:15 614,400 ----a-w c:\documents and settings\Kyle\C3_CORE_DLL.dll
2008-07-17 18:33 200,704 ----a-w c:\documents and settings\Kyle\GraphicData.dll
2008-07-17 18:33 159,744 ----a-w c:\documents and settings\Kyle\graphic.dll
2008-07-17 18:33 135,168 ----a-w c:\documents and settings\Kyle\Role3D.dll
2008-05-28 04:43 167,936 ----a-w c:\documents and settings\Kyle\Chat.dll
2008-05-26 19:11 360,448 ----a-w c:\documents and settings\Kyle\GameData.dll
2008-05-26 19:10 122,880 ----a-w c:\documents and settings\Kyle\RoleView.dll
2007-12-04 01:14 3,932 ----a-w c:\documents and settings\Cher\Application Data\LMLayout.dat
2007-12-04 01:14 268 ----a-w c:\documents and settings\Cher\Application Data\LMCPaper.dat
2007-12-04 01:05 3,932 ----a-w c:\documents and settings\Kyle\Application Data\LMLayout.dat
2007-12-04 01:05 268 ----a-w c:\documents and settings\Kyle\Application Data\LMCPaper.dat
1998-12-08 21:53 99,840 ------w c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 21:53 70,144 ------w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 21:53 48,640 ------w c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 21:53 31,744 ------w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 21:53 186,368 ------w c:\program files\Common Files\IRAREG.DLL
1998-12-08 21:53 17,920 ------w c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 389120]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-02-17 26112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
"LMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-09-05 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-07 282624]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2005-05-19 c:\windows\system32\CTMBHA.DLL]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Commonwealth of Pennsylvania VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-03-25 1470480]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R3 EL99X;3Com 3C99x EtherLink XL Adapter;c:\windows\system32\DRIVERS\EL99XN51.SYS [2006-08-04 138240]
S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys []
S3 AVC3310F;AVC-3310/AVC-3610 USB Loader;c:\windows\system32\Drivers\avcuwfl2.sys [2006-09-04 17536]
S3 AvcUWil2;Adaptec AVC-3210/3310/3610 USB Device;c:\windows\system32\DRIVERS\avcuwil2.sys [2006-09-04 1434080]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73c5282a-afca-11da-9de6-00038a000015}]
\Shell\AutoRun\command - J:\LinksysConnectPC.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 16:14:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-03 16:15:16
ComboFix-quarantined-files.txt 2008-12-03 21:15:12

Pre-Run: 3,858,173,952 bytes free
Post-Run: 5,139,247,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

295 --- E O F --- 2008-11-30 08:01:14
And here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:35 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Zune\Zu