0

I have gotten what it looks like many other have as well. Some sort of search engine redirect virus. I ran Hijack This, and here is the log sheet. If anyone knows what I should be doing, I'd appreciate any advice you could give.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:43 PM, on 6/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SafeConnect\scManager.sys
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\mySI\mySI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Documents and Settings\MattyRey\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.com/owa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.syr.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [AEXAgentEXE] C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXAgent.exe -Logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [17989844] C:\Documents and Settings\All Users\Application Data\17989844\17989844.exe
O4 - HKLM\..\Run: [97999836] C:\Documents and Settings\All Users\Application Data\97999836\97999836.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mySISvc] "C:\Program Files\mySI\mySI.exe" /svc
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\MattyRey\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SafeConnect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197535008734
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Filter hijack: text/html - {01c8fbac-e83c-4ce8-ba8c-5650cfd67bee} - C:\WINDOWS\system32\msiebbar.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Altiris Client Recovery Agent - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXAgent.exe
O23 - Service: Altiris Client Recovery FAL Stopper - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXFALS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13082 bytes

2
Contributors
3
Replies
4
Views
8 Years
Discussion Span
Last Post by gerbil
0

Yes, you do have an infection there. Some is hidden. Your thread will probably be moved over to Viuses etc forum, but meanwhile..
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

0

Thanks

Here is the ComboFix log sheet

ComboFix 09-06-23.01 - MattyRey 06/24/2009 20:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.498 [GMT -4:00]
Running from: c:\documents and settings\MattyRey\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\driver
c:\recycler\S-1-5-21-85073095-2397309607-685013954-500
c:\documents and settings\MattyRey\Local Settings\Temporary Internet Files\ecelokig.sys
c:\documents and settings\MattyRey\Local Settings\Temporary Internet Files\gelujuq._sy
c:\documents and settings\MattyRey\Local Settings\Temporary Internet Files\hotirefe._sy
c:\documents and settings\MattyRey\Local Settings\Temporary Internet Files\iriro.pif
c:\documents and settings\MattyRey\Local Settings\Temporary Internet Files\orubeji.pif
c:\documents and settings\MattyRey\Local Settings\Temporary Internet Files\sewydaco.dll
c:\documents and settings\MattyRey\Local Settings\Temporary Internet Files\upobys.dl
c:\documents and settings\MattyRey\Local Settings\Temporary Internet Files\wetom.dat
c:\program files\driver\driver.dll
c:\program files\driver\driver.sys
c:\recycler\S-1-5-21-85073095-2397309607-685013954-500\desktop.ini
c:\recycler\S-1-5-21-85073095-2397309607-685013954-500\INFO2
c:\windows\system32\wbem\proquota.exe

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Service_driver
-------\Service_driverdrv


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 00:08 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-25 00:08 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-23 01:02 . 2009-06-23 01:04 -------- d-----w- c:\program files\HJT
2009-06-23 01:01 . 2009-06-23 01:01 318369 ----a-w- c:\program files\hijackthis.zip
2009-06-22 01:51 . 2009-06-22 01:54 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-22 01:50 . 2009-06-22 01:50 -------- d-----w- c:\documents and settings\MattyRey\Local Settings\Application Data\Downloaded Installations
2009-06-21 19:59 . 2009-06-21 19:59 -------- d-----w- c:\documents and settings\MattyRey\Application Data\Malwarebytes
2009-06-21 19:59 . 2009-06-21 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-21 19:44 . 2009-06-21 19:48 -------- d-----w- c:\program files\Enigma Software Group
2009-06-21 17:56 . 2009-06-21 17:56 -------- d-sh--w- c:\documents and settings\MattyRey\IECompatCache
2009-06-21 15:45 . 2009-06-21 15:45 -------- d-----w- c:\documents and settings\MattyRey\Application Data\Motive
2009-06-21 15:15 . 2009-06-21 15:15 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-21 14:59 . 2009-06-21 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\97999836
2009-06-21 14:59 . 2009-06-21 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\17989844
2009-06-19 23:46 . 2009-06-19 23:46 -------- d-sh--w- c:\documents and settings\MattyRey\PrivacIE
2009-06-19 23:34 . 2009-06-19 23:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-19 23:34 . 2009-06-19 23:34 -------- d-sh--w- c:\documents and settings\MattyRey\IETldCache
2009-06-19 23:07 . 2009-06-21 18:52 -------- d-----w- c:\windows\ie8updates
2009-06-19 23:01 . 2009-04-29 04:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-19 23:01 . 2009-04-29 04:52 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-06-19 22:55 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 22:55 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 22:55 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-19 22:55 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-19 22:53 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 02:36 . 2009-06-19 02:36 127872 ----a-w- c:\documents and settings\MattyRey\Application Data\Move Networks\uninstall.exe
2009-06-19 02:34 . 2009-06-19 02:35 1686272 ----a-w- c:\documents and settings\MattyRey\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-06-18 00:56 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\MattyRey\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-06-19 02:36 4183416 ----a-w- c:\documents and settings\MattyRey\Application Data\Move Networks\plugins\npqmp071503000010.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 00:21 . 2009-05-01 04:32 117760 ----a-w- c:\documents and settings\MattyRey\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-25 00:20 . 2008-01-01 19:25 -------- d-----w- c:\documents and settings\MattyRey\Application Data\mySI
2009-06-25 00:14 . 2007-12-14 02:13 66560 --sha-w- c:\documents and settings\All Users\Application Data\ExtendMedia\Media Agent\ac.dll
2009-06-21 04:41 . 2008-01-07 02:20 -------- d-----w- c:\documents and settings\MattyRey\Application Data\LimeWire
2009-06-19 02:36 . 2007-12-13 20:13 -------- d-----w- c:\documents and settings\MattyRey\Application Data\Move Networks
2009-06-16 00:29 . 2007-12-14 01:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-22 23:59 . 2009-05-22 23:57 -------- d-----w- c:\program files\SBC Self Support Tool
2009-05-22 23:59 . 2009-05-22 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-05-22 23:59 . 2009-05-22 23:58 -------- d-----w- c:\program files\Common Files\Motive
2009-05-21 23:19 . 2009-05-21 23:19 -------- d-----w- c:\program files\Yahoo!
2009-05-15 22:14 . 2009-05-15 22:14 -------- d-----w- c:\program files\BroadJump
2009-05-15 22:09 . 2009-05-15 22:09 2232 ----a-w- c:\windows\java\Packages\Data\F1VPRZ7T.DAT
2009-05-15 22:09 . 2009-05-15 22:09 155995 ----a-w- c:\windows\java\Packages\K279R131.ZIP
2009-05-15 22:09 . 2009-05-15 22:09 2678 ----a-w- c:\windows\java\Packages\Data\57VFBZ9B.DAT
2009-05-15 22:09 . 2009-05-15 22:09 2678 ----a-w- c:\windows\java\Packages\Data\ZPNTJDBF.DAT
2009-05-15 22:09 . 2009-05-15 22:09 2678 ----a-w- c:\windows\java\Packages\Data\E2JP7VZ3.DAT
2009-05-15 22:09 . 2009-05-15 22:09 2678 ----a-w- c:\windows\java\Packages\Data\23HVBN7N.DAT
2009-05-15 22:09 . 2009-05-15 22:09 2678 ----a-w- c:\windows\java\Packages\Data\UGHZF379.DAT
2009-05-12 01:54 . 2009-05-12 01:54 1047072 ----a-w- c:\documents and settings\MattyRey\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-05-07 15:44 . 2004-08-11 22:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2004-08-11 22:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-17 09:58 . 2004-08-11 22:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-11 22:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-11-05 23:38 . 2008-11-05 23:38 19887 ----a-w- c:\program files\Common Files\yhawisedi.com
2008-11-05 23:38 . 2008-11-05 23:38 12395 ----a-w- c:\program files\Common Files\tawym.scr
2008-11-05 21:26 . 2008-11-05 21:26 17448 ----a-w- c:\program files\Common Files\woziwas.bin
2008-11-05 21:26 . 2008-11-05 21:26 13570 ----a-w- c:\program files\Common Files\mipaxigaky.ban
2008-11-05 21:26 . 2008-11-05 21:26 13498 ----a-w- c:\program files\Common Files\ykulu.bat
2008-11-05 21:26 . 2008-11-05 21:26 10233 ----a-w- c:\program files\Common Files\vaqin.lib
2008-11-05 21:26 . 2008-11-05 21:26 18589 ----a-w- c:\program files\Common Files\himalavid.lib
2008-11-05 21:21 . 2008-11-05 21:21 19538 ----a-w- c:\program files\Common Files\comer.exe
2008-11-05 21:21 . 2008-11-05 21:21 19382 ----a-w- c:\program files\Common Files\uhejata.vbs
2008-11-05 21:21 . 2008-11-05 21:21 14211 ----a-w- c:\program files\Common Files\ibutixare.vbs
2008-11-05 21:21 . 2008-11-05 21:21 17800 ----a-w- c:\program files\Common Files\wyjo.scr
2008-11-05 21:21 . 2008-11-05 21:21 16660 ----a-w- c:\program files\Common Files\sijuv.db
2008-11-05 21:21 . 2008-11-05 21:21 15692 ----a-w- c:\program files\Common Files\cijaw.dll
2008-11-05 21:21 . 2008-11-05 21:21 12936 ----a-w- c:\program files\Common Files\coqeqisu._sy
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[7] 2004-08-04 10:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-04 10:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[7] 2004-08-04 10:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-12-07 00:44 666112 085A7C37F9C6EDE1BA870B7DBEC06399 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[7] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[7] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[7] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB942615$\wininet.dll
[7] 2007-10-11 06:13 659456 2005AD86A22AEE68E21EE59F9CCB77F2 c:\windows\$NtUninstallKB944533$\wininet.dll
[7] 2007-12-07 01:07 659456 57D1B5150CF6331FAC6B3E04C1FCB966 c:\windows\$NtUninstallKB947864$\wininet.dll
[7] 2008-02-16 08:59 659456 0C690E77C0E924C45B4D7045B182FFF1 c:\windows\$NtUninstallKB950759$\wininet.dll
[7] 2008-04-21 07:04 659456 1EFB8A3EA8454AEC1BB8A240A2845598 c:\windows\$NtUninstallKB953838$\wininet.dll
[7] 2008-06-23 15:38 659456 9EEA04BC4C3FA521D256D89940FAB4DB c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2008-08-20 05:38 659456 87E694D09893978F22024FEEEDF35342 c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:30 659456 F1DBF177AA0DB2150E626595D0EFF604 c:\windows\$NtUninstallKB969897$\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[7] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\system32\wininet.dll
[7] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\system32\dllcache\wininet.dll

[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 10:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[7] 2004-08-04 10:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[7] 2004-08-04 10:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2005-06-23 00:05 2015744 65F4B29A0793ADB5D924FB3F47F1BCA4 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:18 2020864 501FDE895F35DF1DAE49FD54BBF9D396 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 09:15 2017280 2DFB215E291E3D9B1CF9A6739B3BF16C c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[7] 2009-02-06 09:49 2020864 243223E3FB74B68DFFBB41989F33DFB3 c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2005-06-23 00:30 2136064 5611F453C6D20AB0552956F39BCDDB88 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 09:55 2142720 60794EA12961B7341AD54C731B50AE15 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 09:53 2137600 E6679C3023B17D8B78946BC5DF53FA20 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[7] 2009-02-06 10:29 2142720 19A791C5DFE59AA9BB1461C4957004F6 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 10:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 10:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[7] 2004-08-04 10:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[7] 2004-08-04 10:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[7] 2004-08-04 10:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[7] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-04 10:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[7] 2004-08-04 10:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[7] 2004-08-04 10:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[7] 2004-08-04 10:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[7] 2004-08-04 10:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[7] 2004-08-04 03:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"mySISvc"="c:\program files\mySI\mySI.exe" [2008-03-21 5385119]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-07 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-08 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-02-20 839680]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"AEXAgentEXE"="c:\program files\Altiris\eXpress\Client Recovery Agent\AeXAgent.exe" [2003-10-21 1765376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-17 397312]

c:\documents and settings\MattyRey\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\MattyRey\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2009-4-1 801032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-16 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 271640]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2009-5-22 217088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-07 15:34 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:driver

R0 OfmLvDrv;OfmLvDrv;c:\windows\system32\drivers\ofmlvdrv.sys [9/11/2003 7:10 PM 80691]
R0 WNT_FAL;Altiris Client Recovery FAL Driver;c:\windows\system32\drivers\WNT_FAL.sys [10/21/2003 1:33 PM 26112]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [5/22/2006 11:37 AM 58464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 3:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 55024]
R2 Altiris Client Recovery Agent;Altiris Client Recovery Agent;c:\program files\Altiris\eXpress\Client Recovery Agent\AeXAgent.exe [10/21/2003 1:20 PM 1765376]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [12/6/2007 7:34 PM 810632]
R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2009 8:38 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]
S2 Altiris Client Recovery FAL Stopper;Altiris Client Recovery FAL Stopper;c:\program files\Altiris\eXpress\Client Recovery Agent\AeXFALS.exe [10/21/2003 1:32 PM 40960]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [9/6/2008 8:47 PM 169984]
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AeX Local Job 2492.job
- c:\program files\Altiris\eXpress\Client Recovery Agent\AeXCmd.exe [2003-10-21 17:22]

2009-06-24 c:\windows\Tasks\AeX Local Job 2494.job
- c:\program files\Altiris\eXpress\Client Recovery Agent\AeXCmd.exe [2003-10-21 17:22]

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-06-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
HKLM-Run-17989844 - c:\documents and settings\All Users\Application Data\17989844\17989844.exe
HKLM-Run-97999836 - c:\documents and settings\All Users\Application Data\97999836\97999836.exe


.
------- Supplementary Scan -------
.
uStart Page = https://outlook.com/owa/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.syr.edu/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: %SYSTEMROOT%\system32\biolsp.dll
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 20:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55F992BA-1D26-E5AF-0907C8AEF5A56624}\{F1333513-8015-AAF3-FD42BD84CFB0024A}\{F02E7673-B596-886F-5D7515D1DE7A7F98}*]
"JWOYTVPITEDJCHYUGDR5XL6BSC1"=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,
80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(844)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SafeConnect\scManager.sys
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
.
**************************************************************************
.
Completion time: 2009-06-25 20:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 00:30

Pre-Run: 9,152,385,024 bytes free
Post-Run: 12,647,632,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

460 --- E O F --- 2009-06-23 03:16

1

That sorted things out, and revealed more.
==Again please disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan:
Copy the text in the box to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to your desktop.

Killall::

File::
c:\windows\010112010146118114.dat
c:\program files\Common Files\yhawisedi.com
c:\program files\Common Files\tawym.scr
c:\program files\Common Files\woziwas.bin
c:\program files\Common Files\mipaxigaky.ban
c:\program files\Common Files\ykulu.bat
c:\program files\Common Files\vaqin.lib
c:\program files\Common Files\himalavid.lib
c:\program files\Common Files\comer.exe
c:\program files\Common Files\uhejata.vbs
c:\program files\Common Files\ibutixare.vbs
c:\program files\Common Files\wyjo.scr
c:\program files\Common Files\sijuv.db
c:\program files\Common Files\cijaw.dll
c:\program files\Common Files\coqeqisu._sy

Folder::
c:\documents and settings\All Users\Application Data\97999836
c:\documents and settings\All Users\Application Data\17989844

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55F992BA-1D26-E5AF-0907C8AEF5A56624}]

Good. Now drag the CFScript.txt icon onto the Combofix icon on your desktop. Combofix will start, let it run, if your firewall prompts then allow all; post the log.
Run hijackthis after, and post that log ALSO with your comments, please Matty.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.