Author Topic: AdDestinastion installed itself, need to get rid of it! (Read 2434 times)

LilSparrow · « **Reply #20 on:** March 05, 2009, 10:51:51 PM »

Okay! Yoog is gone! here is the log for the dirlook

DirLook.exe v2.0 by jpshortstuff
Log created at 21:50 on 05/03/2009
==================================
Contents of "c:\windows\system32\Drivers"

[color=\"blue\"]---FOLDERS---[/color]

disdn (Created on 10/08/2004 at 17:52) d-----
etc (Created on 10/08/2004 at 17:52) d-----
UMDF (Created on 29/03/2008 at 03:09) d-----

[color=\"blue\"]---FILES---[/color]

1028_Dell_DIM_DV051.mrk (6713 bytes - created on 24/08/2006 at 07:50, modified on 24/08/2006 at 07:50) --a--c
ABP480N5.SYS (23552 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
acpi.sys (187776 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
acpiec.sys (11648 bytes - created on 17/08/2001 at 18:57, modified on 04/08/2004 at 10:00) --a---
adpu160m.sys (101888 bytes - created on 10/08/2004 at 18:25, modified on 17/08/2001 at 19:07) --a---
adv01nt5.dll (4255 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv02nt5.dll (3967 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv05nt5.dll (3615 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv07nt5.dll (3647 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv08nt5.dll (3135 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv09nt5.dll (3711 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv11nt5.dll (3775 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
aec.sys (142592 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 16:39) --a---
afd.sys (138496 bytes - created on 10/08/2004 at 17:50, modified on 14/08/2008 at 10:04) --a---
agp440.sys (42368 bytes - created on 10/08/2004 at 17:58, modified on 13/04/2008 at 18:36) --a---
agpcpq.sys (44928 bytes - created on 10/08/2004 at 18:22, modified on 13/04/2008 at 18:36) --a---
aha154x.sys (12800 bytes - created on 10/08/2004 at 18:24, modified on 17/08/2001 at 18:52) --a---
aic78u2.sys (55168 bytes - created on 10/08/2004 at 18:25, modified on 17/08/2001 at 19:07) --a---
aic78xx.sys (56960 bytes - created on 10/08/2004 at 18:25, modified on 17/08/2001 at 19:07) --a---
aliide.sys (5248 bytes - created on 10/08/2004 at 18:34, modified on 17/08/2001 at 18:51) --a---
alim1541.sys (42752 bytes - created on 10/08/2004 at 18:16, modified on 13/04/2008 at 18:36) --a---
amdagp.sys (43008 bytes - created on 10/08/2004 at 18:16, modified on 13/04/2008 at 18:36) --a---
amdk6.sys (37376 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
amdk7.sys (37760 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
amsint.sys (12032 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
arp1394.sys (60800 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:51) --a---
asc.sys (26496 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
asc3350p.sys (22400 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
asc3550.sys (14848 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:51) --a---
asctrm.sys (8552 bytes - created on 24/08/2006 at 08:17, modified on 24/08/2006 at 08:17) --a---
asyncmac.sys (14336 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:57) --a---
atapi.sys (96512 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
ati1btxx.sys (56623 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1mdxx.sys (11615 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1pdxx.sys (12047 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1raxx.sys (30671 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1rvxx.sys (63663 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1snxx.sys (26367 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1ttxx.sys (21343 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1tuxx.sys (36463 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1xbxx.sys (29455 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1xsxx.sys (34735 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati2mtaa.sys (327040 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati2mtag.sys (701440 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinbtxx.sys (57856 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinmdxx.sys (13824 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinpdxx.sys (14336 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinraxx.sys (52224 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinrvxx.sys (104960 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinsnxx.sys (28672 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinttxx.sys (13824 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atintuxx.sys (73216 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinxbxx.sys (31744 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinxsxx.sys (63488 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ativmc20.cod (64352 bytes - created on 26/08/2008 at 04:57, modified on 17/07/2004 at 16:36) ------
atmarpc.sys (59904 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:51) --a---
atmepvc.sys (31360 bytes - created on 10/08/2004 at 17:50, modified on 04/08/2004 at 10:00) --a--c
atmlane.sys (55808 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:51) --a---
atmuni.sys (352256 bytes - created on 10/08/2004 at 17:50, modified on 04/08/2004 at 10:00) --a--c
atv01nt5.dll (21183 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
atv02nt5.dll (11359 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
atv04nt5.dll (25471 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
atv06nt5.dll (14143 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
atv10nt5.dll (17279 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
audstub.sys (3072 bytes - created on 10/08/2004 at 17:59, modified on 17/08/2001 at 18:59) --a---
beep.sys (4224 bytes - created on 10/08/2004 at 17:50, modified on 04/08/2004 at 10:00) --a---
bridge.sys (71552 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:53) --a---
bthenum.sys (17024 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
bthmodem.sys (37888 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
bthpan.sys (101120 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:51) ------
bthport.sys (272128 bytes - created on 10/06/2008 at 18:51, modified on 13/06/2008 at 11:05) ------
bthprint.sys (36480 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
bthusb.sys (18944 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
cbidf2k.sys (13952 bytes - created on 17/08/2001 at 18:52, modified on 17/08/2001 at 18:52) --a---
ccdecode.sys (17024 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
cd20xrnt.sys (7680 bytes - created on 10/08/2004 at 18:31, modified on 17/08/2001 at 18:52) --a---
cdaudio.sys (18688 bytes - created on 17/08/2001 at 18:52, modified on 04/08/2004 at 10:00) --a---
cdfs.sys (63744 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 19:14) --a---
cdr4_xp.sys (9336 bytes - created on 02/02/2007 at 08:00, modified on 02/02/2007 at 08:00) --a---
cdralw2k.sys (9464 bytes - created on 02/02/2007 at 08:00, modified on 02/02/2007 at 08:00) --a---
cdrom.sys (62976 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
ch7xxnt5.dll (15423 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
cinemst2.sys (262528 bytes - created on 17/08/2001 at 19:02, modified on 04/08/2004 at 10:00) --a--c
classpnp.sys (49536 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 19:16) --a---
cmdide.sys (6656 bytes - created on 10/08/2004 at 18:34, modified on 17/08/2001 at 18:51) --a---
cpqarray.sys (14976 bytes - created on 10/08/2004 at 18:27, modified on 17/08/2001 at 18:52) --a---
cpqdap01.sys (11776 bytes - created on 17/08/2001 at 18:24, modified on 04/08/2004 at 10:00) --a--c
crusoe.sys (36736 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
cxthsfs2.cty (129045 bytes - created on 26/08/2008 at 04:57, modified on 18/07/2004 at 03:55) ------
dac2w2k.sys (179584 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
dac960nt.sys (14720 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
del200f.cty (128398 bytes - created on 24/08/2006 at 07:51, modified on 19/11/2003 at 06:15) --a--c
disk.sys (36352 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
diskdump.sys (14208 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:40) --a---
DLACDBHM.SYS (5628 bytes - created on 24/08/2006 at 08:26, modified on 25/08/2005 at 17:16) --a---
DLARTL_N.SYS (22684 bytes - created on 24/08/2006 at 08:26, modified on 25/08/2005 at 17:16) --a---
dmboot.sys (799744 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:44) --a---
dmio.sys (153344 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:44) --a---
dmload.sys (5888 bytes - created on 10/08/2004 at 17:50, modified on 04/08/2004 at 10:00) --a---
dmusic.sys (52864 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
dpti2o.sys (20192 bytes - created on 10/08/2004 at 18:26, modified on 17/08/2001 at 19:07) --a---
drmk.sys (60160 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
drmkaud.sys (2944 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
DRVMCDB.SYS (89264 bytes - created on 24/08/2006 at 08:26, modified on 12/09/2005 at 08:30) --a---
DRVNDDM.SYS (40544 bytes - created on 24/08/2006 at 08:26, modified on 12/08/2005 at 10:20) --a---
dxapi.sys (10496 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
dxg.sys (71168 bytes - created on 04/08/2004 at 04:00, modified on 13/04/2008 at 18:38) --a---
dxgthk.sys (3328 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
e100b325.sys (155648 bytes - created on 10/08/2004 at 17:59, modified on 14/10/2004 at 06:30) --a---
fastfat.sys (143744 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:14) --a---
fdc.sys (27392 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
fips.sys (44544 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:33) --a---
flpydisk.sys (20480 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
fltmgr.sys (129792 bytes - created on 10/08/2004 at 18:02, modified on 13/04/2008 at 18:32) --a---
fssfltr_tdi.sys (55152 bytes - created on 23/02/2009 at 22:22, modified on 07/02/2009 at 00:08) --a---
fsvga.sys (12160 bytes - created on 17/08/2001 at 18:57, modified on 04/08/2004 at 10:00) --a--c
fs_rec.sys (7936 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
ftdisk.sys (125056 bytes - created on 17/08/2001 at 18:52, modified on 17/08/2001 at 18:52) --a---
gagp30kx.sys (46464 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:36) ------
gm.dls (3440660 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
gmreadme.txt (646 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
hdaudbus.sys (144384 bytes - created on 12/08/2004 at 22:45, modified on 13/04/2008 at 16:36) ------
Hdaudio.sys (113664 bytes - created on 12/08/2004 at 22:45, modified on 12/08/2004 at 22:45) -----c
hidbth.sys (25600 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
hidclass.sys (36864 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
hidir.sys (19200 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:45) ------
hidparse.sys (24960 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
hidusb.sys (10368 bytes - created on 28/08/2006 at 18:06, modified on 13/04/2008 at 18:45) --a---
hpn.sys (25952 bytes - created on 10/08/2004 at 18:28, modified on 17/08/2001 at 19:07) --a---
hsfbs2s2.sys (220032 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
hsfcxts2.sys (685056 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
hsfdpsp2.sys (1041536 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
HSFHWBS2.sys (212224 bytes - created on 24/08/2006 at 07:51, modified on 17/11/2003 at 19:59) --a---
HSF_CNXT.sys (680704 bytes - created on 24/08/2006 at 07:51, modified on 17/11/2003 at 19:58) --a---
HSF_DP.sys (1042432 bytes - created on 24/08/2006 at 07:51, modified on 17/11/2003 at 19:56) --a---
http.sys (264832 bytes - created on 04/08/2004 at 04:00, modified on 13/04/2008 at 18:53) --a---
i2omgmt.sys (8576 bytes - created on 10/08/2004 at 18:30, modified on 13/04/2008 at 18:41) --a---
i2omp.sys (18560 bytes - created on 10/08/2004 at 18:30, modified on 13/04/2008 at 18:41) --a---
i8042prt.sys (52480 bytes - created on 04/08/2004 at 04:14, modified on 13/04/2008 at 19:18) --a---
ialmnt5.sys (1302812 bytes - created on 24/08/2006 at 07:51, modified on 14/10/2005 at 19:15) --a---
imapi.sys (42112 bytes - created on 04/08/2004 at 04:00, modified on 13/04/2008 at 18:40) --a---
ini910u.sys (16000 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
intelide.sys (5504 bytes - created on 10/08/2004 at 17:58, modified on 13/04/2008 at 18:40) --a---
intelppm.sys (36352 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
ip6fw.sys (36608 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:53) --a---
ipfltdrv.sys (32896 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
ipinip.sys (20864 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
ipnat.sys (152832 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
ipsec.sys (75264 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:19) --a---
iqvw32.sys (19456 bytes - created on 02/11/2004 at 20:12, modified on 02/11/2004 at 20:12) --a--c
irenum.sys (11264 bytes - created on 10/08/2004 at 17:57, modified on 13/04/2008 at 18:54) --a---
isapnp.sys (37248 bytes - created on 17/08/2001 at 18:58, modified on 13/04/2008 at 18:36) --a---
kbdclass.sys (24576 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:39) --a---
kbdhid.sys (14592 bytes - created on 28/08/2006 at 18:06, modified on 13/04/2008 at 18:39) --a---
kmixer.sys (172416 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
ks.sys (141056 bytes - created on 04/08/2004 at 04:15, modified on 13/04/2008 at 19:16) --a---
ksecdd.sys (92288 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:31) --a---
mbam.sys (15504 bytes - created on 25/02/2009 at 04:56, modified on 11/02/2009 at 16:19) --a---
mbamswissarmy.sys (38496 bytes - created on 25/02/2009 at 04:56, modified on 11/02/2009 at 16:19) --a---
mcd.sys (7680 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
mdmxsdk.sys (11043 bytes - created on 24/08/2006 at 07:51, modified on 09/04/2003 at 16:48) --a---
mf.sys (63744 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
mfeavfk.sys (79240 bytes - created on 10/09/2008 at 17:11, modified on 27/06/2008 at 12:08) --a---
mfebopk.sys (35240 bytes - created on 10/09/2008 at 17:11, modified on 27/06/2008 at 12:08) --a---
mfehidk.sys (207656 bytes - created on 10/09/2008 at 17:11, modified on 27/06/2008 at 12:08) --a---
mferkdk.sys (34152 bytes - created on 10/09/2008 at 17:11, modified on 20/06/2008 at 11:41) --a---
mfesmfk.sys (40488 bytes - created on 10/09/2008 at 17:11, modified on 27/06/2008 at 12:08) --a---
mnmdd.sys (4224 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
modem.sys (30080 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 19:00) --a---
MODEMCSA.sys (16128 bytes - created on 24/08/2006 at 07:59, modified on 17/08/2001 at 18:57) --a---
mouclass.sys (23040 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:39) --a---
mouhid.sys (12160 bytes - created on 28/08/2006 at 18:06, modified on 17/08/2001 at 18:48) --a---
mountmgr.sys (42368 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:39) --a---
Mpfp.sys (120136 bytes - created on 10/09/2008 at 17:11, modified on 02/06/2008 at 20:55) --a---
mraid35x.sys (17280 bytes - created on 10/08/2004 at 18:27, modified on 17/08/2001 at 18:52) --a---
mrxdav.sys (180608 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:32) --a---
mrxsmb.sys (455296 bytes - created on 10/08/2004 at 17:51, modified on 24/10/2008 at 11:21) --a---
msfs.sys (19072 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:32) --a---
msgpc.sys (35072 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
mskssrv.sys (7552 bytes - created on 24/08/2006 at 07:59, modified on 13/04/2008 at 18:39) --a---
mspclock.sys (5376 bytes - created on 24/08/2006 at 07:59, modified on 13/04/2008 at 18:39) --a---
mspqm.sys (4992 bytes - created on 24/08/2006 at 07:59, modified on 13/04/2008 at 18:39) --a---
mssmbios.sys (15488 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
mstee.sys (5504 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:39) --a---
mtlmnt5.sys (126686 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
mtlstrm.sys (1309184 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
mtxparhm.sys (452736 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
mup.sys (105344 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:17) --a---
mutohpen.sys (12672 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:43) ------
nabtsfec.sys (85248 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
ndis.sys (182656 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:20) --a---
ndisip.sys (10880 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
ndistapi.sys (10112 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
ndisuio.sys (14592 bytes - created on 04/08/2004 at 04:03, modified on 13/04/2008 at 18:55) --a---
ndiswan.sys (91520 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:20) --a---
ndproxy.sys (40576 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
netbios.sys (34688 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
netbt.sys (162816 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:21) --a---
netwlan5.img (67866 bytes - created on 26/08/2008 at 04:58, modified on 17/07/2004 at 16:35) ------
nic1394.sys (61824 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:51) --a---
nikedrv.sys (12032 bytes - created on 17/08/2001 at 18:24, modified on 04/08/2004 at 10:00) --a--c
nmnt.sys (40320 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:53) --a---
npfs.sys (30848 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:32) --a---
ntfs.sys (574976 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:15) --a---
ntmtlfax.sys (180360 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
null.sys (2944 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
nv4_mini.sys (1897408 bytes - created on 10/08/2004 at 17:59, modified on 04/08/2004 at 03:29) --a---
nwlnkflt.sys (12416 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
nwlnkfwd.sys (32512 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
nwlnkipx.sys (88320 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
nwlnknb.sys (63232 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
nwlnkspx.sys (55936 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
oprghdlr.sys (3456 bytes - created on 17/08/2001 at 18:57, modified on 04/08/2004 at 10:00) --a--c
p3.sys (42752 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
parport.sys (80128 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
partmgr.sys (19712 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:40) --a---
parvdm.sys (6784 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
pci.sys (68224 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
pciide.sys (3328 bytes - created on 17/08/2001 at 18:51, modified on 17/08/2001 at 18:51) --a---
pciidex.sys (24960 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
pcmcia.sys (120192 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
PenClass.sys (8138 bytes - created on 22/03/2007 at 17:11, modified on 29/11/2005 at 21:50) ------
perc2.sys (27296 bytes - created on 10/08/2004 at 18:28, modified on 17/08/2001 at 19:07) --a---
perc2hib.sys (5504 bytes - created on 10/08/2004 at 18:28, modified on 17/08/2001 at 19:07) --a---
portcls.sys (146048 bytes - created on 16/03/2004 at 16:58, modified on 13/04/2008 at 19:19) ------
processr.sys (35840 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
psched.sys (69120 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
ptilink.sys (17792 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
pxhelp20.sys (43840 bytes - created on 14/11/2007 at 08:00, modified on 14/11/2007 at 08:00) --a---
ql1080.sys (40320 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
ql10wnt.sys (33152 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
ql12160.sys (45312 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
ql1240.sys (40448 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
ql1280.sys (49024 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
rasacd.sys (8832 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
rasl2tp.sys (51328 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:19) --a---
raspppoe.sys (41472 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
raspptp.sys (48384 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:19) --a---
raspti.sys (16512 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
rawwan.sys (34432 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
rdbss.sys (175744 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:28) --a---
rdpcdd.sys (4224 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
rdpdr.sys (196224 bytes - created on 10/08/2004 at 18:01, modified on 13/04/2008 at 18:32) --a---
rdpwd.sys (139656 bytes - created on 10/08/2004 at 18:01, modified on 14/04/2008 at 00:13) --a---
recagent.sys (13776 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
redbook.sys (57600 bytes - created on 10/08/2004 at 17:59, modified on 13/04/2008 at 18:40) --a---
rfcomm.sys (59136 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:46) ------
rio8drv.sys (12032 bytes - created on 17/08/2001 at 18:24, modified on 04/08/2004 at 10:00) --a--c
riodrv.sys (12032 bytes - created on 17/08/2001 at 18:24, modified on 04/08/2004 at 10:00) --a--c
rmcast.sys (203136 bytes - created on 10/08/2004 at 17:51, modified on 08/05/2008 at 14:02) --a---
rndismp.sys (30592 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
rndismpx.sys (30592 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:56) ------
rootmdm.sys (5888 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
s3gnbm.sys (166912 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
scsiport.sys (96384 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
sdbus.sys (79232 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
secdrv.sys (20480 bytes - created on 10/08/2004 at 17:51, modified on 13/11/2007 at 10:25) --a---
serenum.sys (15744 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
serial.sys (64512 bytes - created on 04/08/2004 at 04:15, modified on 13/04/2008 at 19:15) --a---
sffdisk.sys (11904 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
sffp_mmc.sys (10240 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:40) ------
sffp_sd.sys (11008 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
sfloppy.sys (11392 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
siint5.dll (3901 bytes - created on 26/08/2008 at 04:58, modified on 14/04/2008 at 00:12) ------
sisagp.sys (40960 bytes - created on 10/08/2004 at 18:22, modified on 13/04/2008 at 18:36) --a---
slip.sys (11136 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
slnt7554.sys (129535 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
slntamr.sys (404990 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
slnthal.sys (95424 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
slwdmsup.sys (13240 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
smbali.sys (5888 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:36) ------
smclib.sys (14592 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
sonydcam.sys (25344 bytes - created on 04/08/2004 at 04:09, modified on 13/04/2008 at 18:46) --a---
sparrow.sys (19072 bytes - created on 10/08/2004 at 18:24, modified on 17/08/2001 at 19:07) --a---
splitter.sys (6272 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
sr.sys (73472 bytes - created on 10/08/2004 at 18:02, modified on 13/04/2008 at 18:36) --a---
srv.sys (333952 bytes - created on 10/08/2004 at 17:51, modified on 11/12/2008 at 10:57) --a---
sthda.sys (1107224 bytes - created on 24/08/2006 at 07:51, modified on 10/02/2006 at 16:19) --a---
stream.sys (49408 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
streamip.sys (15232 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
swenum.sys (4352 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:39) --a---
swmidi.sys (56576 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
symc810.sys (16256 bytes - created on 10/08/2004 at 18:29, modified on 17/08/2001 at 19:07) --a---
symc8xx.sys (32640 bytes - created on 10/08/2004 at 18:28, modified on 17/08/2001 at 19:07) --a---
sym_hi.sys (28384 bytes - created on 10/08/2004 at 18:27, modified on 17/08/2001 at 19:07) --a---
sym_u3.sys (30688 bytes - created on 10/08/2004 at 18:29, modified on 17/08/2001 at 19:07) --a---
sysaudio.sys (60800 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 19:15) --a---
tape.sys (14976 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:40) --a---
tcpip.sys (361600 bytes - created on 10/08/2004 at 17:51, modified on 20/06/2008 at 11:51) --a---
tcpip6.sys (225856 bytes - created on 10/08/2004 at 17:51, modified on 20/06/2008 at 11:08) --a---
tdi.sys (19072 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:00) --a---
tdpipe.sys (12040 bytes - created on 10/08/2004 at 18:01, modified on 14/04/2008 at 00:13) --a---
tdtcp.sys (21896 bytes - created on 10/08/2004 at 18:01, modified on 14/04/2008 at 00:13) --a---
termdd.sys (40840 bytes - created on 10/08/2004 at 18:01, modified on 14/04/2008 at 00:13) --a---
tosdvd.sys (51712 bytes - created on 17/08/2001 at 19:01, modified on 04/08/2004 at 10:00) --a--c
toside.sys (4992 bytes - created on 10/08/2004 at 18:36, modified on 17/08/2001 at 18:51) --a---
tsbvcap.sys (21376 bytes - created on 17/08/2001 at 19:06, modified on 04/08/2004 at 10:00) --a--c
tunmp.sys (12288 bytes - created on 04/08/2004 at 04:03, modified on 13/04/2008 at 18:56) --a---
uagp35.sys (44672 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:36) ------
udfs.sys (66048 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:32) --a---
ultra.sys (36736 bytes - created on 10/08/2004 at 18:33, modified on 17/08/2001 at 18:52) --a---
update.sys (384768 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:39) --a---
usb8023.sys (12800 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
usb8023x.sys (12800 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:56) ------
usbcamd.sys (25600 bytes - created on 17/08/2001 at 19:03, modified on 13/04/2008 at 18:45) --a---
usbcamd2.sys (25728 bytes - created on 17/08/2001 at 19:03, modified on 13/04/2008 at 18:45) --a---
usbccgp.sys (32128 bytes - created on 31/08/2006 at 17:06, modified on 13/04/2008 at 18:45) --a---
usbd.sys (4736 bytes - created on 17/08/2001 at 19:03, modified on 04/08/2004 at 10:00) --a---
usbehci.sys (30208 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbhub.sys (59520 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbintel.sys (15872 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbport.sys (143872 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbprint.sys (25856 bytes - created on 31/08/2006 at 17:07, modified on 13/04/2008 at 18:47) --a---
usbscan.sys (15104 bytes - created on 31/08/2006 at 17:06, modified on 13/04/2008 at 18:45) --a---
usbstor.sys (26368 bytes - created on 31/03/2007 at 19:33, modified on 13/04/2008 at 18:45) --a---
usbuhci.sys (20608 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbvideo.sys (121984 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:46) ------
vchnt5.dll (11325 bytes - created on 26/08/2008 at 04:58, modified on 14/04/2008 at 00:12) ------
vdmindvd.sys (58112 bytes - created on 17/08/2001 at 19:02, modified on 04/08/2004 at 10:00) --a--c
vga.sys (20992 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:44) --a---
viaagp.sys (42240 bytes - created on 10/08/2004 at 18:24, modified on 13/04/2008 at 18:36) --a---
viaide.sys (5376 bytes - created on 10/08/2004 at 18:36, modified on 13/04/2008 at 18:40) --a---
videoprt.sys (81664 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:44) --a---
volsnap.sys (52352 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:41) --a---
wacompen.sys (14208 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:43) ------
wadv07nt.sys (11807 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wadv08nt.sys (11295 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wadv09nt.sys (11871 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wadv11nt.sys (11935 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wanarp.sys (34560 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
watv06nt.sys (22271 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
watv10nt.sys (25471 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wdmaud.sys (83072 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 19:17) --a---
wmilib.sys (4352 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
wpdusb.sys (38528 bytes - created on 24/08/2006 at 07:52, modified on 19/10/2006 at 01:00) --a--c
ws2ifsl.sys (12032 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
wstcodec.sys (19200 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
WudfPf.sys (77568 bytes - created on 28/09/2006 at 23:55, modified on 28/09/2006 at 23:55) ------
WudfRd.sys (82944 bytes - created on 29/09/2006 at 00:00, modified on 29/09/2006 at 00:00) ------

==================================
[color=\"blue\"]=EOF=[/color]

guestolo · « **Reply #21 on:** March 05, 2009, 11:02:17 PM »

Looks like they might be leftover entries, but let's make sure
Can you do the following

Make sure that Windows is still set to Show hidden files/folders as I described ealier

Do a search for each of these files:
Wincg20.sys
Winhg54.sys
Winjh67.sys
Winuw64.sys
bcf7b895.sys

To search for hidden or system files in Windows XP:

1. Click Start, click Search, click All files and folders, and then click More advanced options.
2. Click to select the Search system folders and Search hidden files and folders check boxes.

Do you find those files anywhere on your computer?

LilSparrow · « **Reply #22 on:** March 05, 2009, 11:56:11 PM »

i searched again and still nothing shows up.

guestolo · « **Reply #23 on:** March 06, 2009, 12:19:36 AM »

Can you make a backup of the registry for me please
Go to START>>RUN>>Type in regedit

Hit OK
In the Registry editor
Ensure that My Computer is highlighted
Then click on FILE>>Export
Give this file a name, such as backreg
Save it to a convenient location

Close the registry editor
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
KillAll::
Driver::
Wincg20
Winhg54
Winjh67
Winuw64
bcf7b895
File::
c:\windows\system32\Drivers\Wincg20.sys
c:\windows\system32\Drivers\Winhg54.sys
c:\windows\system32\Drivers\Winjh67.sys
c:\windows\system32\Drivers\Winuw64.sys
c:\windows\system32\drivers\bcf7b895.sys
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincg20.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhg54.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjh67.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuw64.sys]
[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
Can you post that log please

Let me then know how things are still running

LilSparrow · « **Reply #24 on:** March 06, 2009, 01:23:55 AM »

browser is running just fine, no more pop ups and no more yoog.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> here is the log

ComboFix 09-03-04.01 - Paige Lindsey 2009-03-06 0:13:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.439 [GMT -6:00]
Running from: c:\documents and settings\Paige Lindsey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paige Lindsey\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\bcf7b895.sys
c:\windows\system32\Drivers\Wincg20.sys
c:\windows\system32\Drivers\Winhg54.sys
c:\windows\system32\Drivers\Winjh67.sys
c:\windows\system32\Drivers\Winuw64.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINHG54
-------\Legacy_WINJH67
-------\Legacy_WINUW64
-------\Service_bcf7b895
-------\Service_Wincg20
-------\Service_Winhg54
-------\Service_Winjh67
-------\Service_Winuw64

((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-05 21:07 . 2009-03-05 21:07 14,336 --ahs---- c:\windows\system32\Thumbs.db
2009-03-05 17:51 . 2009-03-05 17:51 <DIR> d-------- C:\_OTScanIt
2009-03-05 12:41 . 2009-03-05 12:41 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 04:17 . 2009-03-04 04:17 85,590 --a------ c:\windows\system32\963759e6-b34b-f648-28c3-2929735ebc68.exe
2009-02-25 23:56 . 2009-02-25 23:56 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-25 23:56 . 2009-02-25 23:56 1,409 --a------ c:\windows\QTFont.for
2009-02-24 22:56 . 2009-02-24 22:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 22:56 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 22:56 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 16:22 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-23 16:20 . 2009-02-23 16:20 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-23 16:17 . 2009-02-23 16:17 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 21:23 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 05:47 --------- d-----w c:\program files\Google
2009-02-24 08:55 --------- d-----w c:\program files\Dl_cats
2009-02-23 22:22 --------- d-----w c:\program files\Windows Live
2009-02-23 22:22 --------- d-----w c:\program files\Microsoft
2009-02-14 02:28 34 ----a-w c:\documents and settings\Paige Lindsey\jagex_runescape_preferences.dat
2009-01-31 06:12 --------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-01-31 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-31 06:11 --------- d-----w c:\program files\Yahoo!
2009-01-29 23:59 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-29 23:57 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-29 21:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 21:54 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\InstallShield
2009-01-29 21:26 --------- d-----w c:\program files\Windows Defender
2009-01-29 21:18 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\U3
2009-01-29 06:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 02:25 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Malwarebytes
2009-01-29 02:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 22:49 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 22:28 --------- d-----w c:\program files\LimeWire
2009-01-27 16:51 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\LimeWire
2009-01-27 16:32 --------- d-----w c:\program files\McAfee
2009-01-27 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-25 05:43 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Move Networks
2009-01-21 18:31 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2009-01-21 08:31 --------- d-----w c:\program files\Common Files\INCA Shared
2009-01-21 03:14 --------- d-----w c:\program files\Steinberg
2009-01-21 01:28 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-01-20 21:33 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Corel
2009-01-20 21:28 --------- d-----w c:\program files\Corel
2009-01-20 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-11 03:27 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-03-28 19:40 4,630 ----a-w c:\documents and settings\Paige Lindsey\Application Data\wklnhst.dat
2006-11-10 01:14 90,760 -c--a-w c:\documents and settings\Paige Lindsey\Application Data\GDIPFONTCACHEV1.DAT
2008-08-26 06:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080827\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_20.07.32.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-03-06 00:09:32 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-06 04:42:28 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-06 00:09:32 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-06 04:42:28 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-06 00:09:32 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 04:42:28 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-06 00:05:10 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
+ 2009-03-06 03:52:18 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-08-24 26112]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-24 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-03-03 217088]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-03-22 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Paige Lindsey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Paige Lindsey\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 01:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a------ 2005-10-20 18:40 430080 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-11-01 02:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-10-14 12:46 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-10-14 12:50 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-10-14 12:49 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2008-07-11 16:48 641208 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2008-11-04 14:01 558808 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-24 02:17 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-08-24 02:17 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Ghost"=2 (0x2)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-23 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-10 206096]
R2 seaport;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-03-06 c:\windows\Tasks\User_Feed_Synchronization-{3E0AA50E-9D46-4313-97F3-88AE4F65989A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
LSP: c:\windows\system32\mclsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Paige Lindsey\Application Data\Mozilla\Firefox\Profiles\4fcxgyjw.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: keyword.enabled - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 00:17:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\Tablet.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2009-03-06 0:21:23 - machine was rebooted [Paige Lindsey]
ComboFix-quarantined-files.txt 2009-03-06 06:21:20
ComboFix2.txt 2009-03-06 02:08:35

Pre-Run: 5,813,567,488 bytes free
Post-Run: 5,718,220,800 bytes free

271 --- E O F --- 2009-03-05 16:37:08

guestolo · « **Reply #25 on:** March 06, 2009, 01:48:30 AM »

Can we update some of your software to help plug some security holes

Close down all browser windows
Access your Add and Remove Programs and remove all the following

Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 6
Javaâ„¢ 6 Update 2
Javaâ„¢ 6 Update 7

Reboot the computer after all the above are removed

Back in Windows

[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java SE Runtime Environment (JRE).
Scroll down to where it says "JRE 6 Update 12".
Click the "Download" button to the right.
In the Window that opens, select Windows, under Platform:>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe that you downloaded to install the newest version.

Ensure for now, that you have your Virus scanner and Firewall activated and running properly

Open Adobe Reader
Click on HELP>>Check for Updates to update to the latest version
Allow connection thru your Firewall
If you can't update that way let me know please

Post back one last final hijackthis log please
We still have to remove some tools we used for disinfection, but we'll do it in the proper steps

LilSparrow · « **Reply #26 on:** March 06, 2009, 02:24:09 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:23 AM, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9304 bytes

guestolo · « **Reply #27 on:** March 06, 2009, 02:42:57 AM »

Looks good

To remove ComboFix
Go to START>>RUN>>
copy and paste the following

[color=\"#FF0000\"]combofix /u[/color]
and press enter
This will uninstall ComboFix and it's components

Delete DirLook.exe on desktop and it's file
C:\DirLook.txt
Also delete CFScript.txt from desktop

EDIT>>Forgot about Gooredfix
Click Start >> Run and then copy/paste the following into the box and hit Enter:
[color=\"#FF0000\"]"%userprofile%\Desktop\GooredFix.exe" /uninstall[/color]

OTScanIt2.exe

Double click on OTScanIt2.exe on desktop to run it

Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTScanit2.exe from desktop. If not delete it manually after the system reboots

Hold onto Malwarebyte's Anti-Malware and occassionally Update and run a Quick Scan
Or uninstall it from Add and Remove Programs
You can manually delete ATF-Cleaner.exe, or hold onto it to help clean temp files, cookies, etc..
It's your option

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

You can go back and enable Windows Defender protections if still disabled

NOTE: Mozilla Firefox just had a recent update
In Firefox, click on HELP>>Check for updates
That should bring you to Firefox version 3.0.7

Post back in about a day and let me know how things are still running
At which time I can lock this topic and then you can delete that registry backup you made earlier thru regedit

LilSparrow · « **Reply #28 on:** March 07, 2009, 03:02:07 AM »

Computer is running just fine, no pop ups or yoog at all.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> Thanks very much for your help!

guestolo · « **Reply #29 on:** March 07, 2009, 03:33:36 AM »

Good work, Go ahead and manually delete that Registry backup you did earlier
I'll lock this topic as your problems are resolved
Take care LilSparrow

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: AdDestinastion installed itself, need to get rid of it! (Read 2434 times)

LilSparrow

AdDestinastion installed itself, need to get rid of it!

guestolo

AdDestinastion installed itself, need to get rid of it!

LilSparrow

AdDestinastion installed itself, need to get rid of it!

guestolo

AdDestinastion installed itself, need to get rid of it!

LilSparrow

AdDestinastion installed itself, need to get rid of it!

guestolo

AdDestinastion installed itself, need to get rid of it!

LilSparrow

AdDestinastion installed itself, need to get rid of it!

guestolo

AdDestinastion installed itself, need to get rid of it!

LilSparrow

AdDestinastion installed itself, need to get rid of it!

guestolo

AdDestinastion installed itself, need to get rid of it!