Author Topic: I got Yoog Search on IE and Firefox (Read 6329 times)

AmazonXD · « **on:** December 11, 2008, 10:28:17 PM »

Hey. I was doing some Google searches trying to see how to get this stuff off my PC, and I found this forum. So I joined up. Already DLed Hijackthis, and made a log.

I've already ran CA Anti-Virus about 4 times, it found a few things, probably related.
I've also run CA Anti-Spyware about 6 or 7 times, which (the first time I ran it) came up with a few trojans and stuff (related or caused by Yoog malware), and now it finds about 4 or 5 low threat ad clickers and stuff like that every hour or so. It's usually the same stuff.

So, basically.. I want to get this Yoog search off my computer. I was also getting two or three pop-ups through IE (even though I browse with Firefox), so I DLed a pop-up blocker, which is temporarly helping me keep my sanity.

Here's the log. You just tell me what to do, and hopefully this will work out.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:06 PM, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=66005
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - http://www.desktopcountdown.com/countdown/...amily+Sleepover

--
End of file - 12423 bytes

guestolo · « **Reply #1 on:** December 11, 2008, 10:35:17 PM »

Download ComboFix from one of these locations:

[color=\"#0000ff\"]Link 1[/color]
[color=\"#0000ff\"]Link 2[/color]

[color=\"#ff0000\"]* IMPORTANT !!! Save ComboFix.exe to your Desktop
[/color]

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

AmazonXD · « **Reply #2 on:** December 11, 2008, 10:44:16 PM »

Downloaded ComboFix, ensured that all my anti-virus, firewall, and anti-spyware were off.

Went to run it.

I got a small bar that said "combo-fix", and it loaded. Then nothing happened. I got a command prompt window.

That's it. It didn't work.

guestolo · « **Reply #3 on:** December 11, 2008, 10:59:04 PM »

Try the following
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#0000FF\"]Link 3[/color]

If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:

--------------------------------------------------------------------
[color=\"#2E8B57\"]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with some tools[/color]

Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combo-Fix.txt in your next reply

AmazonXD · « **Reply #4 on:** December 11, 2008, 11:07:35 PM »

Still doing the same thing.

Disabled all anti-virus software, then tried to run it.

I did re-name it, while it was downloading.

I don't see how adding a hyphen would make it run, it did the same thing.

A big blue command box. The one that has the logo of a command box with "C:\" in it. But you can't type anything into the command box.

Any other ideas?

guestolo · « **Reply #5 on:** December 11, 2008, 11:13:09 PM »

Try rebooting into safe mode and let me know if it will run
Also, let me know if you can get to safe mode

Quote

I don't see how adding a hyphen would make it run, it did the same thing.

Play along please, this malware know's what tools are being run, sometime renaming them help

AmazonXD · « **Reply #6 on:** December 11, 2008, 11:39:50 PM »

I ran it in Safe Mode, it worked.

But there's no way to copy it to the clipboard.

guestolo · « **Reply #7 on:** December 11, 2008, 11:42:30 PM »

Quote

But there's no way to copy it to the clipboard.

What do you mean by that?
Did you let it run uninterrupted?

Is there a copy of ComboFix.txt in the C:\ folder?

AmazonXD · « **Reply #8 on:** December 12, 2008, 12:21:57 AM »

Okay, I ran it and then it rebooted.

Right now it's stuck on this...

"Preparing Log Report
Do not run any programs until ComboFix has finished
temp01The system cannot find the file specified."

That's all it says.

guestolo · « **Reply #9 on:** December 12, 2008, 12:25:05 AM »

Are you posting on the same computer as running ComboFix?
Give it a few more minutes to complete

In addition, you said this earlier

Quote

A big blue command box. The one that has the logo of a command box with "C:\" in it. But you can't type anything into the command box.

That's part of the process of ComboFix, it's a bad idea interrupting it while it's running
It only needs your interraction when prompted

AmazonXD · « **Reply #10 on:** December 12, 2008, 12:27:04 AM »

Yes. Let me re-run the program

guestolo · « **Reply #11 on:** December 12, 2008, 12:29:40 AM »

AmazonXD, I'll have to redo instructions
I need you to let this tool run without interruption
As it stated
Do not run any programs until ComboFix has finished

This could take up to 15 minutes making the log
If your running your browser and such, you have interrupted it

AmazonXD · « **Reply #12 on:** December 12, 2008, 12:50:06 AM »

DOuble Posted

AmazonXD · « **Reply #13 on:** December 12, 2008, 12:51:36 AM »

I re-ran it. Here's the log, but the Yoog Search is still there.

ComboFix 08-12-11.04 - Compaq_Owner 2008-12-11 12:30:20.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.761 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\ppcb_32.lnk
c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\ecobar.dll
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\tbhelper.dll
c:\program files\IEToolbar\ECO Bar\uninstall.exe
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\program files\ppcbooster
c:\program files\ppcbooster\ppcb_32.exe
c:\program files\ppcbooster\ppcbu_32.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\TDSSorvd.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-11 22:59 . 2008-12-11 23:02 <DIR> d-------- C:\ComboFix
2008-12-11 22:21 . 2008-12-11 22:21 <DIR> d-------- c:\program files\Trend Micro
2008-12-11 20:51 . 2008-12-11 20:51 <DIR> d-------- c:\program files\CleanMyPC Popup Blocker
2008-12-11 17:08 . 2008-12-11 17:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 17:08 . 2008-12-11 17:08 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2008-12-11 17:08 . 2008-12-11 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 17:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 17:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-11 05:48 . 2008-12-11 05:48 <DIR> d-------- c:\program files\p2pmax
2008-12-09 17:05 . 2008-12-09 17:05 <DIR> d-------- c:\program files\AskBarDis
2008-12-02 11:22 . 2008-12-02 11:22 671,232 --a------ c:\windows\system32\nsr56.dll
2008-12-01 21:12 . 2008-12-01 21:12 268 --ah----- C:\sqmdata19.sqm
2008-12-01 21:12 . 2008-12-01 21:12 244 --ah----- C:\sqmnoopt19.sqm
2008-12-01 21:05 . 2008-12-11 12:17 268 --ah----- C:\sqmdata18.sqm
2008-12-01 21:05 . 2008-12-11 12:17 244 --ah----- C:\sqmnoopt18.sqm
2008-12-01 19:54 . 2008-12-11 12:00 268 --ah----- C:\sqmdata17.sqm
2008-12-01 19:54 . 2008-12-11 12:00 244 --ah----- C:\sqmnoopt17.sqm
2008-12-01 15:07 . 2008-12-11 18:16 268 --ah----- C:\sqmdata16.sqm
2008-12-01 15:07 . 2008-12-11 18:16 244 --ah----- C:\sqmnoopt16.sqm
2008-11-30 21:00 . 2008-12-11 07:14 268 --ah----- C:\sqmdata15.sqm
2008-11-30 21:00 . 2008-12-11 07:14 244 --ah----- C:\sqmnoopt15.sqm
2008-11-30 11:46 . 2008-12-11 07:10 268 --ah----- C:\sqmdata14.sqm
2008-11-30 11:46 . 2008-12-11 07:10 244 --ah----- C:\sqmnoopt14.sqm
2008-11-29 22:02 . 2008-12-11 03:54 268 --ah----- C:\sqmdata13.sqm
2008-11-29 22:02 . 2008-12-11 03:54 244 --ah----- C:\sqmnoopt13.sqm
2008-11-29 13:37 . 2008-12-10 14:33 268 --ah----- C:\sqmdata12.sqm
2008-11-29 13:37 . 2008-12-10 14:33 244 --ah----- C:\sqmnoopt12.sqm
2008-11-28 19:47 . 2008-12-09 23:13 268 --ah----- C:\sqmdata11.sqm
2008-11-28 19:47 . 2008-12-09 23:13 244 --ah----- C:\sqmnoopt11.sqm
2008-11-28 00:56 . 2008-12-09 00:56 268 --ah----- C:\sqmdata10.sqm
2008-11-28 00:56 . 2008-12-09 00:56 244 --ah----- C:\sqmnoopt10.sqm
2008-11-23 23:03 . 2008-12-11 06:05 <DIR> d-------- c:\program files\DNA
2008-11-13 17:46 . 2008-11-13 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-13 16:02 . 2008-12-08 17:01 268 --ah----- C:\sqmdata09.sqm
2008-11-13 16:02 . 2008-12-08 17:01 244 --ah----- C:\sqmnoopt09.sqm
2008-11-12 22:51 . 2008-12-07 16:08 268 --ah----- C:\sqmdata08.sqm
2008-11-12 22:51 . 2008-12-07 16:08 244 --ah----- C:\sqmnoopt08.sqm
2008-11-12 20:53 . 2008-12-07 04:07 268 --ah----- C:\sqmdata07.sqm
2008-11-12 20:53 . 2008-12-07 04:07 244 --ah----- C:\sqmnoopt07.sqm
2008-11-12 17:19 . 2008-12-07 01:03 268 --ah----- C:\sqmdata06.sqm
2008-11-12 17:19 . 2008-12-07 01:03 244 --ah----- C:\sqmnoopt06.sqm
2008-11-12 02:47 . 2008-12-06 11:37 268 --ah----- C:\sqmdata05.sqm
2008-11-12 02:47 . 2008-12-06 11:37 244 --ah----- C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 01:26 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-11 23:09 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-12-11 23:09 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-12-11 23:09 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-12-11 23:09 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-12-11 23:09 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-12-11 23:09 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-12-11 23:09 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-12-11 23:09 179,794 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-12-10 06:46 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2008-12-08 23:06 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Gizmo5
2008-11-25 22:45 --------- d-----w c:\program files\StepMania
2008-11-17 02:54 --------- d-----w c:\program files\HyCam2
2008-10-27 16:44 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-26 04:08 --------- d-----w c:\program files\MSN Messenger
2008-10-26 04:07 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-26 04:06 --------- d-----w c:\program files\Windows Live
2008-10-26 04:05 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-20 02:23 --------- d-----w c:\program files\Peggle Nights
2008-10-17 07:08 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 03:00 --------- d-----w c:\program files\Frets on Fire
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-11 07:12 --------- d-----w c:\program files\PhanTim3
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-04 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-26 180269]
"PVR Agent"="c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [2005-04-13 751104]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-01-26 14088]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
p2pmax.lnk - c:\program files\p2pmax\p2pmax.exe [2008-12-10 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-08 113664]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-07-06 1564672]
SpeedStream Wireless LAN Utility.lnk - c:\program files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe [2007-11-04 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\DUKE3D\\eduke32.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\plutduke\\DN3DINST\\eduke32.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Gizmo5\\Gizmo5.exe"=
"c:\\World of Warcraft\\WoW-2.4.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-2.0.0.6080-expansion-speech-enUS.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2008-07-06 38144]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
S2 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 801296]
S2 UmxPol;HIPS Policy Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2008-06-24 281104]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-11-09 24652]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2008-07-06 238848]
S3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\DRIVERS\Cap713x.sys [2008-01-13 672128]
S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\iMSPQMn.sys []
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 SS1024;Siemens SpeedStream Wireless PCI Driver;c:\windows\system32\DRIVERS\SSPCIN51.sys [2007-11-04 50560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd9780dc-8b46-11dc-a3f7-00040b808080}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-23 c:\windows\Tasks\CAAntiSpywareScan_Daily as Compaq_Owner at 12 37 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-01-26 21:06]

2008-08-23 c:\windows\Tasks\CAAntiSpywareScan_Daily as Compaq_Owner at 12 37 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\ [2008-12-11 22:40]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{10000000-1000-1000-1000-100000000000} - c:\program files\IEToolbar\ECO Bar\ecobar.dll
HKCU-Run-Aim6 - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\System32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 12:34:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(252)
c:\windows\system32\UmxWnp.Dll
.
Completion time: 2008-12-11 12:36:23
ComboFix-quarantined-files.txt 2008-12-11 17:35:35

Pre-Run: 98,352,984,064 bytes free
Post-Run: 98,338,750,464 bytes free

281 --- E O F --- 2008-12-10 19:49:18

guestolo · « **Reply #14 on:** December 12, 2008, 01:02:21 AM »

Can I see the following
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

AmazonXD · « **Reply #15 on:** December 12, 2008, 01:07:48 AM »

1.0
A Tale of Two Kingdoms 1.2
Acrobat.com
Acrobat.com
Ad-Aware 2007
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Photoshop 6.0 Tryout
Adobe Reader 9
Adobe Shockwave Player 11
Agatha Christie Death On The Nile
Agatha Christie Peril At End House
Agere Systems PCI-SV92PP Soft Modem
AIM 6
Alien Outbreak 2
Alien Shooter
Ancient Sudoku
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Azada
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe
Belkin Wireless G USB Adapter Software
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bonjour
Bonnie's Bookstore
Bookworm Deluxe
Bounce Symphony
Bricks of Atlantis
Bricks of Egypt
Build in Time
Buildalot
CA Internet Security Suite
Cate West The Vanishing Files
Chicken Invaders 3
Chuzzle Deluxe
Chuzzle Deluxe
CleanMyPC Popup Blocker
CLUE Classic
Compaq Connections (remove only)
Compaq Organize
Contextual Platform Adsoftinc
Cooking Academy
Crystal Maze
Customer Experience Enhancement
D-Fend Reloaded 0.3.2 (deinstall)
Diner Dash
Diner Dash
DivX Web Player
D-Link VGA Webcam
Doom 3
Dream Chronicles
Eamonn
Easy Internet Sign-up
ECO Bar
EDuke32 1.4.0 beta 2
Escape From Paradise
Fairies
Fallout
Family Feud
Feeding Frenzy
Flip Words
GameSpy Arcade
GameTap
GEAR 32bit Driver Installer
GIMP 2.4.4
Gizmo5
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Heavy Weapon
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hollywood High
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Rhapsody
HP Software Update
HP Support Overview
HP Web Helper
Hyperballoid Golden Pack
HyperCam 2
Incrediball - The Seven Sapphires
Insaniquarium Deluxe
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(tm) 6 Update 5
Java(tm) SE Runtime Environment 6 Update 1
Jewel Quest
King's Quest 1 VGA
King's Quest 2 VGA
Larva Mortus
Leisure Suit Larry Collection(tm)
Magic Ball 3
Magic Match Adventures
Mah Jong Quest
Malwarebytes' Anti-Malware
ManyCam 2.2 (remove only)
Mario Forever 4.0
Max Payne 2
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office 97, Professional Edition
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
MixMeister Express 6.1.8
Mozilla Firefox (3.0.4)
Mpeg2Decoder 1.3
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
My HP Games
Mystery Case Files
Mystery Case Files Huntsville
Mystery Case Files Madame Fate
Mystery PI The Vegas Heist
Netscape Browser (remove only)
NVIDIA Drivers
P2P Max
Painkiller Gold Edition
PC-Doctor 5 for Windows
Peggle Deluxe
Peggle Nights
PhanTim3
Poker Superstars
Polar Bowler
Polar Golfer
Project64 1.6
Psychonauts
Puzzle Hero
PVR Plus
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Ricochet Lost Worlds
Roll
RON Tool Adsoftinc
Sam & Max Season 1
Sandlot Games Client Services
SandScript
SCRABBLE
ScummVM 0.11.1
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Serious Sam: The First Encounter
Serious Sam: The Second Encounter
Siemens SpeedStream Wireless PCI
Skypeâ„¢ 3.8
Slingo Deluxe
Snowy The Bears Adventure
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
StepMania (remove only)
Super Granny
SWAT 4
Symantec KB-DocID:2003093015493306
Talismania
Tennis Titans
The Lost Cases Of Sherlock Holmes
The Nightshift Code
The Sims 2
Tornado Jockey
Tradewinds
Treasures Of The Deep
Turbo Pizza
Turbo Subs
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Viewpoint Media Player
WildTangent Web Driver
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
WinRAR archiver
World of Warcraft
XPort 360
Zuma Deluxe

guestolo · « **Reply #16 on:** December 12, 2008, 01:25:18 AM »

Access your Add and Remove Programs
Remove all the following ( If you can)
Supply verification code and click Uninstall if prompted
Don't worry if you can't remove something, just carry on

Ask Toolbar
Contextual Platform Adsoftinc
ECO Bar
RON Tool Adsoftinc

Continue removing all the following
Don't reboot if prompted till all are removed
Viewpoint Media Player
WildTangent Web Driver
J2SE Runtime Environment 5.0 Update 5
Javaâ„¢ 6 Update 5
Javaâ„¢ SE Runtime Environment 6 Update 1

Now reboot your computer

Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
Click the "Download" button to the right.
In the Window that opens, select Windows, next to the drop down box Platform:>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded click Perform a Quick Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log, can you do the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe to launch program.
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Can you just post the log from log.txt
You can find a copy in this folder C:\rsit

NOTE: If you do get an error message trying to post the log from RSIT.exe
Can you simply upload it, Use the Browse..>>UPLOAD buttons on the bottom right of a reply box

AmazonXD · « **Reply #17 on:** December 12, 2008, 01:58:50 AM »

Here's the RSIT log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Owner at 2008-12-11 13:57:15
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 93 GB (50%) free of 183 GB
Total RAM: 958 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:25 PM, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 1: (no name) - http://www.desktopcountdown.com/countdown/...amily+Sleepover

--
End of file - 11568 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Compaq_Owner at 12 37 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A9BC6B1-7F27-47c6-A66D-13582E81E537}]
CleanMyPCPopupBlocker Class - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll [2004-12-10 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-11-04 2554944]
{04164EC4-1E48-4279-818E-3721931E7636} - CleanMyPC Toolbar - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll [2004-12-10 167936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-10-26 180269]
"PVR Agent"=C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe [2005-04-13 751104]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-16 177416]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-07-31 1193200]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2008-01-26 14088]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-07-31 173296]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-07-31 259312]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-08-20 230664]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-04 68856]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Belkin Wireless G USB Adapter Client Utility.lnk - C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
SpeedStream Wireless LAN Utility.lnk - C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
p2pmax.lnk - C:\Program Files\p2pmax\p2pmax.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\DUKE3D\eduke32.exe"="C:\DUKE3D\eduke32.exe:*:Enabled:eduke32"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\plutduke\DN3DINST\eduke32.exe"="C:\plutduke\DN3DINST\eduke32.exe:*:Enabled:eduke32"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Gizmo5\Gizmo5.exe"="C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5"
"C:\World of Warcraft\WoW-2.4.0-enUS-downloader.exe"="C:\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\World of Warcraft\WoW-2.0.0.6080-expansion-speech-enUS.exe"="C:\World of Warcraft\WoW-2.0.0.6080-expansion-speech-enUS.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd9780dc-8b46-11dc-a3f7-00040b808080}]
shell\AutoRun\command - K:\LaunchU3.exe

======List of files/folders created in the last 1 months======

2008-12-11 23:32:25 ----A---- C:\WINDOWS\zip.exe
2008-12-11 23:32:25 ----A---- C:\WINDOWS\VFIND.exe
2008-12-11 23:32:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-11 23:32:25 ----A---- C:\WINDOWS\SWSC.exe
2008-12-11 23:32:25 ----A---- C:\WINDOWS\SWREG.exe
2008-12-11 23:32:25 ----A---- C:\WINDOWS\sed.exe
2008-12-11 23:32:25 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-11 23:32:25 ----A---- C:\WINDOWS\grep.exe
2008-12-11 23:32:25 ----A---- C:\WINDOWS\fdsv.exe
2008-12-11 23:30:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-11 22:59:20 ----D---- C:\ComboFix
2008-12-11 22:41:46 ----D---- C:\WINDOWS\ERDNT
2008-12-11 22:41:46 ----D---- C:\Qoobox
2008-12-11 22:21:26 ----D---- C:\Program Files\Trend Micro
2008-12-11 20:51:58 ----D---- C:\Program Files\CleanMyPC Popup Blocker
2008-12-11 17:08:39 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-12-11 17:08:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-11 17:08:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-11 13:57:15 ----D---- C:\rsit
2008-12-11 13:48:37 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-11 13:48:37 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-11 13:48:37 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 13:48:37 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-11 12:36:25 ----D---- C:\WINDOWS\temp
2008-12-11 12:36:24 ----A---- C:\ComboFix.txt
2008-12-11 12:29:38 ----D---- C:\Combo-Fix
2008-12-11 05:48:49 ----A---- C:\WINDOWS\system32\dat32vn.exe
2008-12-11 05:48:48 ----A---- C:\WINDOWS\system32\dat32tb10.exe
2008-12-11 05:48:47 ----A---- C:\WINDOWS\system32\dat32tb9.exe
2008-12-11 05:48:47 ----A---- C:\WINDOWS\system32\dat32tb8.exe
2008-12-11 05:48:46 ----A---- C:\WINDOWS\system32\dat32tb7.exe
2008-12-11 05:48:42 ----D---- C:\Program Files\p2pmax
2008-12-11 05:48:41 ----A---- C:\WINDOWS\system32\dat32tb6.exe
2008-12-11 05:48:40 ----A---- C:\WINDOWS\system32\dat32tb5.exe
2008-12-11 05:48:30 ----A---- C:\WINDOWS\system32\dat32tb4.exe
2008-12-11 05:48:30 ----A---- C:\WINDOWS\system32\dat32tb3.exe
2008-12-11 05:48:29 ----A---- C:\WINDOWS\system32\dat32tb1.exe
2008-12-11 05:48:24 ----A---- C:\WINDOWS\system32\dat32bn.exe
2008-12-11 05:48:12 ----H---- C:\WINDOWS\jmm.exe
2008-12-11 05:48:12 ----H---- C:\WINDOWS\20081203051514-downloader_silent.exe
2008-12-10 14:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 14:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 14:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 14:37:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-23 23:03:39 ----D---- C:\Program Files\DNA
2008-11-13 17:46:31 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-12 17:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 17:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-11 20:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-11 17:08:17 ----D---- C:\WINDOWS\Prefetch
2008-12-11 13:48:55 ----D---- C:\WINDOWS\system32
2008-12-11 13:48:55 ----AD---- C:\WINDOWS
2008-12-11 13:48:50 ----SHD---- C:\WINDOWS\Installer
2008-12-11 13:48:48 ----SHD---- C:\Config.Msi
2008-12-11 13:48:13 ----D---- C:\Program Files\Java
2008-12-11 13:43:39 ----D---- C:\Program Files\Mozilla Firefox
2008-12-11 13:43:05 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2008-12-11 13:43:00 ----A---- C:\WINDOWS\RTacDbg.txt
2008-12-11 13:42:08 ----D---- C:\WINDOWS\CAVTemp
2008-12-11 13:40:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 13:40:06 ----D---- C:\Program Files\Common Files
2008-12-11 13:35:15 ----D---- C:\Program Files\WildTangent
2008-12-11 13:35:12 ----D---- C:\Program Files\HP Games
2008-12-11 13:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-12-11 13:33:03 ----D---- C:\Program Files
2008-12-11 12:34:15 ----A---- C:\WINDOWS\system.ini
2008-12-11 12:32:40 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 12:32:38 ----D---- C:\WINDOWS\AppPatch
2008-12-11 12:30:22 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 12:13:17 ----D---- C:\WINDOWS\system32\config
2008-12-11 12:05:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 11:44:40 ----D---- C:\World of Warcraft
2008-12-10 14:49:18 ----HD---- C:\WINDOWS\inf
2008-12-10 14:49:16 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-10 14:49:09 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 14:48:11 ----A---- C:\WINDOWS\win.ini
2008-12-10 14:45:21 ----D---- C:\Program Files\Internet Explorer
2008-12-10 14:44:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 01:46:49 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2008-12-09 23:11:25 ----D---- C:\WINDOWS\Minidump
2008-12-08 18:06:36 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Gizmo5
2008-11-25 17:45:09 ----D---- C:\Program Files\StepMania
2008-11-25 16:48:27 ----D---- C:\WINDOWS\Help
2008-11-16 21:54:24 ----D---- C:\Program Files\HyCam2
2008-11-12 17:24:34 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-04 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-06 21035]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 X4HSX32;X4HSX32; \??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys []
R3 BELKIN;Belkin Wireless G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2007-06-01 238848]
R3 Cap713x;Philips Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-09-22 672128]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-04 108368]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 iMSPQMn;iMSPQMn; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\iMSPQMn.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
S3 ovt519;EyeToy; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SS1024;Siemens SpeedStream Wireless PCI Driver; C:\WINDOWS\system32\DRIVERS\SSPCIN51.sys [2002-01-14 50560]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2006-08-20 263696]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-11 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-04 1247600]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-04 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-16 214280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PSEXESVC;PsExec; C:\WINDOWS\PSEXESVC.EXE []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Here's the Malware program log (I downloaded it and ran it before I actually started this thread, but re-ran it in the instructions as you said)

Malwarebytes' Anti-Malware 1.31
Database version: 1490
Windows 5.1.2600 Service Pack 2

12/11/2008 1:55:58 PM
mbam-log-2008-12-11 (13-55-58).txt

Scan type: Quick Scan
Objects scanned: 51551
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

guestolo · « **Reply #18 on:** December 12, 2008, 02:25:42 AM »

Can you do the following

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O24 - Desktop Component 1: (no name) - http://www.desktopcountdown.com/countdown/...amily+Sleepover

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download > [color=\"red\"]OTMoveIt3[/color] <[/url] by OldTimer.

Save it to your desktop.
Double-click OTMoveIt3.exe to run it.
Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]
:Processes
explorer.exe
:Services
:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
:Files
C:\WINDOWS\system32\dat32vn.exe
C:\WINDOWS\system32\dat32tb10.exe
C:\WINDOWS\system32\dat32tb9.exe
C:\WINDOWS\system32\dat32tb8.exe
C:\WINDOWS\system32\dat32tb7.exe
C:\Program Files\p2pmax
C:\WINDOWS\system32\dat32tb6.exe
C:\WINDOWS\system32\dat32tb5.exe
C:\WINDOWS\system32\dat32tb4.exe
C:\WINDOWS\system32\dat32tb3.exe
C:\WINDOWS\system32\dat32tb1.exe
C:\WINDOWS\system32\dat32bn.exe
C:\WINDOWS\jmm.exe
C:\Program Files\WildTangent
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
[/color]

======================================================
Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

If prompted on startup to Run OTMoveit again, allow it please

A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

I'll need to see that log
With that log, can you also post the following
download [color=\"blue\"]DirLook[/color] by jpshortstuff from one of the following mirrors:
[color=\"red\"]Link 1[/color]
[color=\"red\"]Link 2[/color]
[color=\"red\"]Link 3[/color]

Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
Copy the content of the following codebox into the main textfield:

Code: [Select]

C:\Program Files\Mozilla Firefox\components
C:\Program Files\Mozilla Firefox
c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default

Click the DirLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)

In addition, can you ensure that Windows is set to show hidden files/folders
In MyComputer select TOOLS>>FOLDER OPTIONS>>VIEW
Select the Radio button to Show hidden files/folders
Apply and OK it

Navigate to the following folder
c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default
In that folder right click on prefs.js and select EDIT
Copy/paste back here the contents of that file please

There's a bit of info to post back, if you need to use more than one reply, do so

AmazonXD · « **Reply #19 on:** December 12, 2008, 02:46:33 AM »

Here's your OT Move log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\dat32vn.exe moved successfully.
C:\WINDOWS\system32\dat32tb10.exe moved successfully.
C:\WINDOWS\system32\dat32tb9.exe moved successfully.
C:\WINDOWS\system32\dat32tb8.exe moved successfully.
C:\WINDOWS\system32\dat32tb7.exe moved successfully.
C:\Program Files\p2pmax moved successfully.
C:\WINDOWS\system32\dat32tb6.exe moved successfully.
C:\WINDOWS\system32\dat32tb5.exe moved successfully.
C:\WINDOWS\system32\dat32tb4.exe moved successfully.
C:\WINDOWS\system32\dat32tb3.exe moved successfully.
C:\WINDOWS\system32\dat32tb1.exe moved successfully.
C:\WINDOWS\system32\dat32bn.exe moved successfully.
C:\WINDOWS\jmm.exe moved successfully.
C:\Program Files\WildTangent\LicenseStores\WT moved successfully.
C:\Program Files\WildTangent\LicenseStores moved successfully.
C:\Program Files\WildTangent\compaq moved successfully.
C:\Program Files\WildTangent moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_RU4h2w79Aj8jjSzlUuyk scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF282B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2901.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF365E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF60D6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFBB30.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE24D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1a8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12112008_143715

Files moved on Reboot...
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_RU4h2w79Aj8jjSzlUuyk not found!
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF282B.tmp moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2901.tmp moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF365E.tmp moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF60D6.tmp moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFBB30.tmp moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE24D.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1a8.dat not found!
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default\urlclassifier3.sqlite moved successfully.

And here's your DirLook log

DirLook.exe v2.0 by jpshortstuff
Log created at 14:43 on 11/12/2008
==================================
Contents of "C:\Program Files\Mozilla Firefox\components"

[color=\"blue\"]---FOLDERS---[/color]

(none found)

[color=\"blue\"]---FILES---[/color]

aboutRobots.js (2927 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
AskSearch.js (11150 bytes - created on 09/12/2008 at 22:05, modified on 16/07/2008 at 20:39) --a---
browser.xpt (348274 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
browserdirprovider.dll (23040 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
brwsrcmp.dll (134656 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
FeedConverter.js (25339 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
FeedProcessor.js (66215 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
FeedWriter.js (49694 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
fuelApplication.js (38238 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
jsconsole-clhandler.js (1494 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsAddonRepository.js (11659 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsBadCertHandler.js (3104 bytes - created on 24/09/2008 at 09:02, modified on 24/09/2008 at 09:02) --a---
nsBlocklistService.js (27331 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsBrowserContentHandler.js (32696 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsBrowserGlue.js (28799 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsContentDispatchChooser.js (5005 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsContentPrefService.js (29973 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsDefaultCLH.js (6247 bytes - created on 21/01/2008 at 08:18, modified on 24/09/2008 at 09:02) --a---
nsDownloadManagerUI.js (5737 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsExtensionManager.js (333468 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsHandlerService.js (51214 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsHelperAppDlg.js (41716 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsIQTScriptablePlugin.xpt (2394 bytes - created on 26/04/2008 at 06:56, modified on 26/04/2008 at 06:56) --a---
nsLivemarkService.js (36039 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsLoginInfo.js (4302 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsLoginManager.js (44047 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsLoginManagerPrompter.js (40367 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsMicrosummaryService.js (77051 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsPlacesTransactionsService.js (33805 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsPostUpdateWin.js (21420 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsProxyAutoConfig.js (13682 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsSafebrowsingApplication.js (25176 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsSearchService.js (110646 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
nsSearchSuggestions.js (24273 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsSessionStartup.js (11428 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsSessionStore.js (75892 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
nsSetDefaultBrowser.js (2854 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsSidebar.js (12513 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsTaggingService.js (9790 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsTryToClose.js (3268 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
nsUpdateService.js (112848 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsUrlClassifierLib.js (50600 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsUrlClassifierListManager.js (19984 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsURLFormatter.js (3097 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
nsWebHandlerApp.js (6920 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
pluginGlue.js (3142 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
storage-Legacy.js (49926 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
txEXSLTRegExFunctions.js (6667 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
WebContentConverter.js (34011 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---

==================================
Contents of "C:\Program Files\Mozilla Firefox"

[color=\"blue\"]---FOLDERS---[/color]

chrome (Created on 22/12/2007 at 16:43) d-----
components (Created on 22/12/2007 at 16:43) d-----
defaults (Created on 22/12/2007 at 16:43) d-----
dictionaries (Created on 22/12/2007 at 16:43) d-----
extensions (Created on 22/12/2007 at 16:43) d-----
greprefs (Created on 22/12/2007 at 16:43) d-----
modules (Created on 02/07/2008 at 18:27) d-----
plugins (Created on 22/12/2007 at 16:43) d-----
res (Created on 22/12/2007 at 16:43) d-----
searchplugins (Created on 02/07/2008 at 18:27) d-----
uninstall (Created on 22/12/2007 at 16:43) d-----

[color=\"blue\"]---FILES---[/color]

.autoreg (0 bytes - created on 22/12/2007 at 16:45, modified on 11/12/2008 at 10:48) --a---
a.exe (31744 bytes - created on 11/12/2008 at 10:47, modified on 11/12/2008 at 10:47) --ah--
AccessibleMarshal.dll (17408 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
application.ini (2035 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
blocklist.xml (1561 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
browserconfig.properties (232 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
crashreporter-override.ini (583 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
crashreporter.exe (185856 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
crashreporter.ini (3558 bytes - created on 02/07/2008 at 18:27, modified on 24/09/2008 at 09:02) --a---
firefox.exe (307712 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
freebl3.chk (476 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
freebl3.dll (233472 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
install.log (29867 bytes - created on 22/12/2007 at 16:43, modified on 02/07/2008 at 18:27) --a---
js3250.dll (697344 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
LICENSE (31393 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
mozcrt19.dll (710144 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
nspr4.dll (198144 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
nss3.dll (697856 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
nssckbi.dll (304640 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
nssdbm3.dll (103936 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
nssutil3.dll (87552 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
old-homepage-default.properties (112 bytes - created on 21/01/2008 at 08:18, modified on 24/09/2008 at 09:02) --a---
platform.ini (48 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
plc4.dll (20480 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
plds4.dll (17408 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
README.txt (181 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
removed-files (15884 bytes - created on 21/01/2008 at 08:18, modified on 24/09/2008 at 09:02) --a---
smime3.dll (103936 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
softokn3.chk (476 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
softokn3.dll (151552 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
sqlite3.dll (395776 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---
ssl3.dll (136704 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
updater.exe (242176 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
updater.ini (862 bytes - created on 22/12/2007 at 16:43, modified on 24/09/2008 at 09:02) --a---
xpcom.dll (17920 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
xul.dll (9729536 bytes - created on 02/07/2008 at 18:27, modified on 14/11/2008 at 23:09) --a---

==================================
Contents of "c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\a5xu41qe.default"

[color=\"blue\"]---FOLDERS---[/color]

bookmarkbackups (Created on 22/12/2007 at 16:43) d-----
chatzilla (Created on 21/05/2008 at 06:29) d-----
chrome (Created on 22/12/2007 at 16:43) d-----
extensions (Created on 22/12/2007 at 16:43) d-----
gm_scripts (Created on 29/02/2008 at 08:17) d-----
gm_scripts_08bak (Created on 27/09/2008 at 04:11) d-----
GoogleToolbarData (Created on 22/12/2007 at 16:43) d-----
minidumps (Created on 02/07/2008 at 18:27) d-----
searchplugins (Created on 09/12/2008 at 23:25) d-----

[color=\"blue\"]---FILES---[/color]

blocklist.xml (1561 bytes - created on 24/12/2007 at 04:45, modified on 11/12/2008 at 22:48) --a---
bookmarks.bak (32217 bytes - created on 22/12/2007 at 21:33, modified on 02/07/2008 at 18:27) --a---
bookmarks.html (32217 bytes - created on 22/12/2007 at 16:43, modified on 02/07/2008 at 18:27) --a---
cert8.db (131072 bytes - created on 22/12/2007 at 16:43, modified on 11/12/2008 at 19:35) --a---
compatibility.ini (179 bytes - created on 22/12/2007 at 16:43, modified on 14/11/2008 at 23:09) --a---
compreg.dat (160673 bytes - created on 11/12/2008 at 18:43, modified on 11/12/2008 at 19:36) --a---
content-prefs.sqlite (7168 bytes - created on 02/07/2008 at 18:28, modified on 05/12/2008 at 21:07) --a---
cookies.sqlite (232448 bytes - created on 02/07/2008 at 18:27, modified on 11/12/2008 at 19:37) --a---
downloads.sqlite (7168 bytes - created on 02/07/2008 at 18:28, modified on 11/12/2008 at 19:42) --a---
extensions.cache (1107 bytes - created on 11/12/2008 at 19:36, modified on 11/12/2008 at 19:36) --a---
extensions.ini (1028 bytes - created on 11/12/2008 at 19:36, modified on 11/12/2008 at 19:36) --a---
extensions.rdf (12359 bytes - created on 11/12/2008 at 19:36, modified on 11/12/2008 at 19:36) --a---
formhistory.sqlite (34816 bytes - created on 02/07/2008 at 18:27, modified on 12/12/2008 at 04:08) --a---
hostperm.1 (565 bytes - created on 22/12/2007 at 16:44, modified on 29/06/2008 at 10:54) --a---
key3.db (16384 bytes - created on 22/12/2007 at 16:43, modified on 11/12/2008 at 19:35) --a---
kf.txt (77 bytes - created on 22/12/2007 at 16:43, modified on 02/07/2008 at 18:24) --a---
localstore-1.rdf (7313 bytes - created on 16/06/2008 at 04:41, modified on 16/06/2008 at 04:41) --a---
localstore.rdf (7246 bytes - created on 11/12/2008 at 19:42, modified on 11/12/2008 at 19:42) --a---
mimeTypes.rdf (9601 bytes - created on 24/11/2008 at 04:04, modified on 24/11/2008 at 04:04) --a---
parent.lock (0 bytes - created on 11/12/2008 at 19:40, modified on 11/12/2008 at 19:40) --a---
permissions.sqlite (4096 bytes - created on 02/07/2008 at 18:27, modified on 20/11/2008 at 03:56) --a---
places.sqlite (4222976 bytes - created on 02/07/2008 at 18:27, modified on 11/12/2008 at 19:42) --a---
places.sqlite-journal (62072 bytes - created on 11/12/2008 at 19:41, modified on 11/12/2008 at 19:42) --a---
pluginreg.dat (15887 bytes - created on 02/07/2008 at 18:27, modified on 11/12/2008 at 18:56) --a---
prefs.js (10735 bytes - created on 11/12/2008 at 19:41, modified on 11/12/2008 at 19:41) --a---
search.rdf (3287 bytes - created on 22/12/2007 at 16:43, modified on 11/10/2006 at 08:05) --a---
search.sqlite (2048 bytes - created on 22/12/2007 at 16:43, modified on 11/12/2008 at 12:09) --a---
secmod.db (16384 bytes - created on 22/12/2007 at 16:43, modified on 02/07/2008 at 18:27) --a---
session.rdf (17379 bytes - created on 21/01/2008 at 08:21, modified on 02/07/2008 at 18:27) --a---
sessionstore.bak (132642 bytes - created on 11/12/2008 at 17:48, modified on 11/12/2008 at 17:48) --a---
sessionstore.js (131457 bytes - created on 11/12/2008 at 19:42, modified on 11/12/2008 at 19:42) --a---
signons3.txt (7435 bytes - created on 12/12/2008 at 03:18, modified on 12/12/2008 at 03:18) --a---
urlclassifier2.sqlite (5181440 bytes - created on 22/12/2007 at 16:43, modified on 02/07/2008 at 18:25) --a---
urlclassifierkey3.txt (154 bytes - created on 02/07/2008 at 18:28, modified on 11/12/2008 at 19:41) --a---
user.js (192 bytes - created on 11/12/2008 at 11:02, modified on 11/12/2008 at 18:38) --a---
webappsstore.sqlite (2048 bytes - created on 21/05/2008 at 08:46, modified on 11/12/2008 at 11:01) --a---
xpti.dat (98977 bytes - created on 09/12/2008 at 22:10, modified on 11/12/2008 at 19:36) --a---

==================================
[color=\"blue\"]=EOF=[/color]

and here's your prefs.js log

# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1229035729);
user_pref("app.update.lastUpdateTime.background-update-timer", 1229036330);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1229035729);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1228938228);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1229053608);
user_pref("browser.download.lastDir", "C:\\Documents and Settings\\Compaq_Owner\\Desktop");
user_pref("browser.download.manager.alertOnEXEOpen", true);
user_pref("browser.download.useDownloadDir", false);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.search.defaultenginename", "Ask");
user_pref("browser.search.defaulturl", "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
user_pref("browser.search.order.1", "Ask");
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.startup.homepage", "google.com");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.4");
user_pref("extensions.enabledItems", "{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.82.1,{3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W,{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0,[email protected]:1.0.0.07076007,{9C898FC
9-4B5F-4BBA-8AE0-2BB8B5FFB1A6}:1.0,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,[email protected]:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4");
user_pref("extensions.irc.ceip.userid", "OiHFVfLgbD3fei5CTjyPCjoL03wBeAIm");
user_pref("extensions.irc.instrumentation.key", 3560);
user_pref("extensions.irc.networks.irc-whatnet-org.channels.%233x.conference.enabled", true);
user_pref("extensions.irc.networks.irc-whatnet-org.nickname", "War_Never_Changes");
user_pref("extensions.irc.urls.list", "irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; http%3A//login.givemepink.com/login.cgi; http%3A//members.[censored]myself.com/; http%3A//members.nikkiprice.com/; http%3A//members.melissamidwest.com; http%3A//members.muffia.com/; http%3A//www.sellyoursextape.com/members/download.html; http%3A//members.naughtyamerica.com/; http%3A//forum.team3x.com/showthread.php%3Ft%3D55; http%3A//www.clubseventeen.com/mms/login.php%3Fusername%3D%26password%3D%26link%3Dhttp%3A//www.clubseventeen.com/t/members/index.html; http%3A//www.ilovelacey.com/members/index.html; http%3A//members.brandibelle.com/; http%3A//members.alyssadoll.com; http%3A//oldspunkers.com/members/; http%3A//forum.team3x.com/showthread.php%3Ft%3D55; http%3A//forum.team3x.com/showthread.php%3Ft%3D1039; http%3A//forum.team3x.com/showthread.php%3Ft%3D55; http%3A//forum.team3x.com/showthread.php%3Ft%3D55; http%3A//forum.team3x.com/showthread.php%3Ft%3D55; http%3A//members.brandibelle.com/; http%3A//members.facedownassupuniversity.com/; http%3A//www.linseydawnofficial.net/members/; http%3A//www.linseydawnofficial.net/members/%28CCBill; http%3A//members.muffia.com/; http%3A//members.qmov.com/sblogin/login.shtml/; http%3A//www.xxxstreamsunlimited.com/mem_hardcore/login.cfm; http%3A//login.hdpornpass.com/login.shtml; http%3A//teensexmovs.teenmegaworld.com/members/; http%3A//liebich%[email protected]/members/; http%3A//member.dpfanatics.com/login; http%3A//members.ishootmygirl.com/; http%3A//lisasparxxx.com/sblogin/login.shtml/members/; http%3A//lisasparxxx.com/sblogin/login.shtml/members/; http%3A//members.qmov.com/sblogin/login.shtml/; http%3A//members.torbenetwork.com/; http%3A//hentaikeygt.com/; http%3A//members.karinahart.com/sblogin/login.php/members/%3Fnats%3DOTU4MTo5OjYx%2C0%2C0%2C0%2C0; http%3A//member.pixandvideo.com/login; https%3A//www.inthecrack.com/login.php; http%3A//forum.team3x.com/showthread.php%3Ft%3D1039; http%3A//www.hentaikeygt.com/; http%3A//members2.pornpros.com/%031; http%3A//latest1.ftvmembers.com/; http%3A//www.google.com; http%3A//www.colorclimax.com/members.plx; http%3A//www.members.tawnyroberts.com/; https%3A//www.videobox.com/beta/login.seam; http%3A//members.stripclubexposed.com/login.html; http%3A//teenburg.com/sblogin/login.shtml/members/index.html; http%3A//www.peternorth.com/login/index.php; http%3A//teensexmovs.teenmegaworld.com/members/; http%3A//Stooly18%[email protected]/members/; http%3A//www.skokoff.com/members/; http%3A//members.ztod.com; http%3A//www.peternorth.com/login/index.php; http%3A//members.karupspc.com; http%3A//members2.pornpros.com/; http%3A//members.melissamidwest.com; http%3A//www.abbywinters.com/main.php%3Fpage%3Dalt+login; http%3A//teensexmovs.teenmegaworld.com/members/; http%3A//forum.team3x.com; http%3A//team3x.com/howto/; http%3A//team3x.com/xdcc.php; http%3A//forum.team3x.com; http%3A//pornsite.com/membersurl/; http%3A//www.whatnet.org/aup.php; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//moznet/chatzilla; http%3A//chatzilla.hacksrus.com/faq; http%3A//www.irchelp.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; http%3A//www.comics-toons.com/members/; http%3A//www.latinteenpass.com/members/; http%3A//www.sexycanadiangirls.com/zips/C_Ash_Red_Devil/C_Ash_Red_Devil.zip; http%3A//www.allyoucanfeet.com/ourmembers/news_e.php; http%3A//members.reelpass.com/; http%3A//members.killergram.com/; http%3A//teensexmovs.teenmegaworld.com/members/; http%3A//members.muffia.com/; http%3A//forum.team3x.com/showthread.php%3Ft%3D55; http%3A//forum.team3x.com; http%3A//team3x.com/howto/; http%3A//team3x.com/xdcc.php; http%3A//forum.team3x.com; http%3A//pornsite.com/membersurl/; irc%3A//irc.whatnet.org/; irc%3A//irc.whatnet.org/; irc%3A//moznet/chatzilla; http%3A//chatzilla.hacksrus.com/faq");
user_pref("extensions.lastAppVersion", "3.0.4");
user_pref("extensions.snipit.GUID", "{E9A1DEE0-C623-4439-8932-001E7D17607D}");
user_pref("extensions.snipit.LTVdate", 12);
user_pref("extensions.snipit.LTVmonth", 11);
user_pref("extensions.snipit.LTVyear", 2008);
user_pref("extensions.snipit.askTbInstalled", true);
user_pref("extensions.snipit.chromeURL", "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q={searchTerms}&crm=1");
user_pref("extensions.snipit.originId", 101757);
user_pref("extensions.snipit.said", "60827d26-54be-4814-ae0e-a4b21e46ceba");
user_pref("extensions.snipit.searchAssistEnabled", true);
user_pref("extensions.snipit.tlbrName", "BT");
user_pref("extensions.snipit.upserip", "");
user_pref("extensions.snipit.wz_tid", "409fd852-44f5-46f7-9f58-8ad889da5ad3");
user_pref("extensions.update.notifyUser", false);
user_pref("google.toolbar.AUTOFILL_Preferences", "highlight\ntrue\nfullName\n\nemail\n\ndefaultPhone\n\nalternativePhone\n\naddressLine1\n\naddressLine2\n\naddressLine3\n\ncity\n\nstate\n\nzipcode\n\ncountry\n\ncardName\n\ncardType\n\ncardExpMonth\n\ncardExpYear\n\ncardAddressType\n\naltAddressLine1\n\naltAddressLine2\n\naltAddressLine3\n\naltCity\n\naltState\n\naltZipcode\n\naltCountry\n\ndefaultPhoneAll\n\nalternativePhoneAll\n\nworkPhoneAll\n\nhomePhoneAll\n\ncellPhoneAll\n\nfirstName\n\nmiddleName\n\nmiddleInit\n\nlastName\n\nfirstLastName\n\naddress\n\naddressFull\n\nzipshort\n\ndefaultPhoneWork\nfalse\nalternativePhoneWork\nfalse\ndefaultPhoneHome\nfalse\nalternativePhoneHome\nfalse\ndefaultPhoneCell\nfalse\nalternativePhoneCell\nfalse");
user_pref("google.toolbar.autotranslate_to_lang", "es");
user_pref("google.toolbar.button_option.gtbAutoFill", true);
user_pref("google.toolbar.button_option.gtbAutoLink", true);
user_pref("google.toolbar.button_option.gtbBookmarks", true);
user_pref("google.toolbar.button_option.gtbCountrySearch", false);
user_pref("google.toolbar.button_option.gtbFeedSubscribe", false);
user_pref("google.toolbar.button_option.gtbPageRank", false);
user_pref("google.toolbar.button_option.gtbSpellCheck", false);
user_pref("google.toolbar.button_option.gtbTranslateMenu", false);
user_pref("google.toolbar.button_option.gtbsTOOLBAR-GOOGLE-COM_O8Y91YHB24Z6SR0SGYSK-XML", true);
user_pref("google.toolbar.button_option.gtbsTOOLBAR-GOOGLE-COM_O8Y91YHB24Z6SR0SGYSK-XML.feedUpdate", 1229083255);
user_pref("google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", true);
user_pref("google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml.feedUpdate", 1227222740);
user_pref("google.toolbar.custombuttons.installed", true);
user_pref("google.toolbar.custombuttons.list", "gtbsTOOLBAR-GOOGLE-COM_O8Y91YHB24Z6SR0SGYSK-XML,gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml");
user_pref("google.toolbar.custombuttons.migrated", "true");
user_pref("google.toolbar.done_page_shown", "AU_3.1.20080730");
user_pref("google.toolbar.google_home", "www.google.com");
user_pref("google.toolbar.google_home.default", "www.google.com");
user_pref("google.toolbar.install_id", "C5k92gX12XvegHFpWARJiUvEgMKxJ8vBR6J1oDw5Krr1");
user_pref("google.toolbar.install_ping_acked", true);
user_pref("google.toolbar.last_ping_attempt", "1229037431814");
user_pref("google.toolbar.mailto.gmail.configured", true);
user_pref("google.toolbar.opted_into_advanced_features_1", false);
user_pref("google.toolbar.rlz", "1B2GGFB_enUS254");
user_pref("google.toolbar.spell_check.dictionary.words2", "");
user_pref("google.toolbar.spell_check.lang", "en");
user_pref("google.toolbar.spell_check.last_lang", "en");
user_pref("google.toolbar.usage_stats.default", false);
user_pref("greasemonkey.lastUpdate", "1228958443837");
user_pref("greasemonkey.version", "0.8.20080609.0");
user_pref("intl.charsetmenu.browser.cache", "Shift_JIS, UTF-8, ISO-8859-1, windows-1252");
user_pref("keyword.URL", "http://www9.yoog.com/search.php?q=");
user_pref("network.cookie.prefsMigrated", true);
user_pref("security.warn_viewing_mixed", false);
user_pref("spellchecker.dictionary", "en-US");
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1231230243);

News:

Author Topic: I got Yoog Search on IE and Firefox (Read 6329 times)