[SOLVED] Trojan.Dropper.BCMiner help

L

lisamorton

Member
Joined
Oct 20, 2012
Posts
14
Location
Burbank, IL
When trying to do windows update I found out I was missing BITS I did some research and checked my avg and it stated Object- windows\system32\services.exe Detection- Trojan horse patched_c.lxt. I ran Malwarebytes and it stated Trojan. Dropper. BCMiner , Rootkit.0Access, and Rootkit.0Access.64. I also ran kaspersky and house calls. It is Quarantined but I did not delete it. Any help would be appreciated. Thanks

CHECK UP RESULTS

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````


DDS RESULTS

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Lisa at 11:38:48 on 2012-10-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4901 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [cdloader] "C:\Users\Lisa\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"
uRun: [MusicManager] "C:\Users\Lisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Google Update] "C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
StartupFolder: C:\Users\Lisa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{33CCAE12-D7D5-4D68-BC2A-4F77ECC41153} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FC6DCBDA-E0A5-4F51-823F-3B51FEAC204E} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\ealdifoj.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\ealdifoj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-19 203776]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-8-19 8013312]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-8-19 287232]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2011-8-24 47672]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-8-19 116752]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-8-19 321064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-8 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250808]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-8-19 226616]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-8-16 99384]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-8 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 115168]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-8-16 203320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-18 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-18 1255736]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-1-8 4136960]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-10-20 21:53:05 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-10-20 21:53:05 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-10-20 20:33:38 -------- d-----w- C:\Users\Lisa\AppData\Roaming\Malwarebytes
2012-10-20 20:33:23 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-20 20:33:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-20 20:33:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-20 20:26:45 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-10-14 22:11:18 -------- d-----w- C:\Windows\SysWow64\CSP
.
==================== Find3M ====================
.
2012-10-09 15:44:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 15:44:27 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 20:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-07-26 08:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 11:39:25.10 ===============

ATTACH RESULTS

DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/24/2011 3:38:23 PM
System Uptime: 10/21/2012 4:51:39 AM (7 hours ago)
.
Motherboard: Dell Inc. | | 0FF3FN
Processor: AMD Phenom(tm) II X6 1035T Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 921 GiB total, 791.46 GiB free.
D: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP83: 9/16/2012 4:31:52 PM - Scheduled Checkpoint
RP84: 9/23/2012 7:45:33 PM - Scheduled Checkpoint
RP85: 10/1/2012 12:19:12 PM - Scheduled Checkpoint
RP86: 10/9/2012 6:21:59 AM - Scheduled Checkpoint
RP87: 10/14/2012 5:09:27 PM - Installed SAMSUNG PC Share Manager
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon Kindle
AMD Fusion Media Explorer
AMD Fusion Utility for Desktops
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Catalyst Control Center
AVG 2012
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Coupon Printer for Windows
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
DVD Flick 1.3.0.7
EPSON CX6000 Series User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX6000 Scanner Driver Update
Eye-Fi Center 3.4
Google Chrome
Google Earth Plug-in
Google Update Helper
Greeting Card Factory
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iCloud
iTunes
Java Auto Updater
Java(TM) 6 Update 24 (64-bit)
Java(TM) 6 Update 31
Kaspersky Security Scan
LeapFrog Connect
LeapFrog My Pals Plugin
magicJack
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Music Manager
QualxServ Service Agreement
QuickTime
RAIDXpert
Realtek High Definition Audio Driver
Samsung Kies
SAMSUNG PC Share Manager
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skins
Skype Click to Call
Skype™ 5.9
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Visual Studio 2008 x64 Redistributables
Vuze
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 11:24:15 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
10/21/2012 11:24:15 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
10/20/2012 6:08:20 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/20/2012 6:07:56 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
10/20/2012 12:01:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{33CCAE12-D7D5-4D68-BC2A-4F77ECC41153} because another computer on the network has the same name. The server could not start.
10/16/2012 10:24:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000001c, 0x0000000000000002, 0x0000000000000001, 0xfffff880045468e8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101612-46379-01.
.
==== End Of File ===========================
 
Hi, lisamorton. Welcome to Sysantive.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Let's start by getting rid of the outdated/vulnerable programs on your computer. That way, as we proceed, we can deal with any leftovers.

Adobe

Adobe Reader, for some reason, as shown in Security Check with both version 9 and version X installed. Regardless, Version XI of Adobe was recently released and includes security updates. Please uninstall all previous versions of Adobe Reader and get the latest version XI from here: Download Adobe Reader.

Java

Oracle Java is currently at JRE 7 Update 7. Please uninstall both Java(TM) 6 Update 24 (64-bit) and Java(TM) 6 Update 31. The current version can be obtained from Java SE.

Personally, I haven't had a need for Java on my computer and, with it being a major target by malware writers, have uninstalled it (See Do You Need Java?). Should you elect to keep and update Java, please pay attention to the installation process and uncheck any offered extras as they are not needed to install Java.



After taking care of the vulnerable software, please do the following:


Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    CF_RC1.png
  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    CF_RC2.png
  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.
 
Thank You Corrine for your help.

ComboFix 12-10-21.02 - Lisa 10/22/2012 8:58.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4857 [GMT -5:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lisa\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
---- Previous Run -------
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\@
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\L\00000004.@
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\L\201d3dde
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\00000004.@
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\00000008.@
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\000000cb.@
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\80000000.@
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\80000032.@
c:\windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-22 14:01 . 2012-10-22 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 21:53 . 2012-10-20 21:53 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-20 21:53 . 2012-10-20 21:53 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-20 20:33 . 2012-10-20 20:33 -------- d-----w- c:\users\Lisa\AppData\Roaming\Malwarebytes
2012-10-20 20:33 . 2012-10-20 20:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-20 20:33 . 2012-10-20 20:33 -------- d-----w- c:\programdata\Malwarebytes
2012-10-20 20:33 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-20 20:26 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-10-14 22:11 . 2012-10-14 22:11 -------- d-----w- c:\windows\SysWow64\CSP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 15:44 . 2012-04-05 11:54 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 15:44 . 2011-08-24 20:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 20:43 . 2012-08-24 20:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-07-30 19:16 . 2012-08-16 17:54 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-30 19:16 . 2012-07-30 19:16 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-07-30 19:16 . 2012-07-30 19:16 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-07-30 19:16 . 2012-07-30 19:16 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-07-30 19:16 . 2012-07-30 19:16 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-07-30 19:16 . 2012-07-30 19:16 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-07-30 19:16 . 2012-07-30 19:16 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-07-30 19:16 . 2012-07-30 19:16 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-07-30 19:16 . 2012-07-30 19:16 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-07-30 19:16 . 2012-07-30 19:16 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-07-30 19:16 . 2012-07-30 19:16 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-07-30 19:16 . 2012-07-30 19:16 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-07-30 19:16 . 2012-07-30 19:16 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-07-30 19:16 . 2012-07-30 19:16 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-07-30 19:16 . 2012-07-30 19:16 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-07-30 19:16 . 2012-07-30 19:16 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-07-30 19:16 . 2012-07-30 19:16 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-07-30 19:16 . 2012-07-30 19:16 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-07-30 19:16 . 2012-07-30 19:16 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-07-30 19:16 . 2012-07-30 19:16 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-07-30 19:16 . 2012-07-30 19:16 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-07-30 19:16 . 2012-07-30 19:16 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-07-30 19:16 . 2012-07-30 19:16 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-07-30 19:16 . 2012-07-30 19:16 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-07-30 19:16 . 2012-07-30 19:16 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-07-30 19:16 . 2012-07-30 19:16 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-07-30 19:16 . 2012-07-30 19:16 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-07-30 19:16 . 2012-07-30 19:16 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-07-30 19:16 . 2012-07-30 19:16 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-07-30 19:16 . 2012-08-16 19:31 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-07-26 08:21 . 2012-07-26 08:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"cdloader"="c:\users\Lisa\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Eye-Fi"="c:\program files (x86)\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
"MusicManager"="c:\users\Lisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-31 7321600]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-14 226616]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1255736]
R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-26 202296]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-10 8013312]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-10 287232]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:44]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 17:51]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 17:51]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797094125-1767685679-2552595875-1001Core.job
- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 01:47]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797094125-1767685679-2552595875-1001UA.job
- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\ealdifoj.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\02\18\11\10\1a¸"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
.
**************************************************************************
.
Completion time: 2012-10-22 09:08:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-22 14:08
.
Pre-Run: 852,399,394,816 bytes free
Post-Run: 852,210,655,232 bytes free
.
- - End Of File - - 4C2837AEF2D76987D03D232A1250BA25
 
Hi, Lisa.

I'd like to see what an online scan shows. Please go here to run an on-line scan from ESET.

  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
 
Wow, looks like I'm in trouble. lol But I am going to knock out my teenagers, that Vuze my son downloaded and those songs were my daughters from a long time ago that I saved on my computer when I redid her hard drive.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application
C:\Qoobox\Quarantine\C\Windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\00000004.@.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\000000cb.@.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\80000000.@.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{58f0acca-aa96-3533-89c8-ce15493e0fcc}\U\80000064.@.vir Win64/Sirefef.AN trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\38054e8f-1979c47b a variant of Java/Exploit.CVE-2011-3544.BR trojan
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\32ec0683-3192c1b0 multiple threats
C:\Users\Lisa\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe Win32/OpenCandy application
C:\Users\Lisa\Desktop\Magic IO\kyley songs\boyfriend number 2.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\Darefordistance.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne Ft Young Money- Everygirl.wma WMA/TrojanDownloader.Wimad.NAA trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne ft. Chrishan - ***** Look At Me Now (New Very Hot Music April 2009).wma WMA/TrojanDownloader.Wimad.NAG trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\lovegame clean.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\milkshake scremo clean.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\milkshake scremo clean.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\one time justin beiber.wma WMA/TrojanDownloader.Wimad.NAD trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\raheem devaughn new single.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\sexy for this chick unreleased studio edition.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\sexy for this chick.wma probably a variant of Win32/Agent.HVZATLX trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\someday by flipsyde clean.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\swag surf clean.wma probably a variant of Win32/Agent.CGHRTTD trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\tik tok clean keisha.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Lisa\Desktop\Magic IO\kyley songs\tik tok clean.wma probably a variant of Win32/Agent.GLICIDR trojan
C:\Windows\System32\sysprep\CRYPTSP.dll_ Win32/Sirefef.EY trojan
C:\Windows\SysWOW64\sysprep\CRYPTSP.dll_ Win32/Sirefef.EY trojan
 
Hi, Lisa.

The problem with Vuze is that it changes default settings and, as part of the "Conduit" family, is reputed to have a certain adware/trackware functionality. We'll take care of that and the other ESET findings in the next step.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
Code: 
KillAll::
ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\ealdifoj.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

Folder::
C:\Program Files (x86)\Vuze
C:\Users\Lisa\Desktop\Magic IO
C:\Users\Lisa\AppData\Roaming\FrostWire

File::
C:\Windows\System32\sysprep\CRYPTSP.dll_ 
C:\Windows\SysWOW64\sysprep\CRYPTSP.dll_

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\02\18\11\10\1a¸"
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.


    CF_CFScript.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
 
The one file C:\Users\Lisa\Desktop\Magic IO is a back up from an external hard drive that I use to have is there any way to just get rid of the folder Kyleys songs.
 
Hi, Lisa.

Absolutely. There is also a way to dequarantine files. The script below is changed.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
Code: 
KillAll::
ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\ealdifoj.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

Folder::
C:\Program Files (x86)\Vuze
C:\Users\Lisa\Desktop\Magic IO\kyley songs
C:\Users\Lisa\AppData\Roaming\FrostWire

File::
C:\Windows\System32\sysprep\CRYPTSP.dll_ 
C:\Windows\SysWOW64\sysprep\CRYPTSP.dll_

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\02\18\11\10\1a¸"
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.


    CF_CFScript.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/QUOTE]
 
Last edited:
Oh boy I think I'm in trouble. I did what you said and walked away it said preparing for log report. I had a 20 minute phone call went back and it still says it. I tried clicking firefox and ie to get back to you and it says marked for deletion. I am on my tablet right now and I left it on the screen. The only weird thing that happened was when I put the file into combofix it said there was a newer version and I Clicked no because I didn' t know what to do.
 
Hi, Lisa.

Please restart your computer and let me know what happens. (If I don't respond immediately it is because I'm preparing dinner but will return later.)

Edit Note: If your daughter's files are still there, then ComboFix didn't run. In that case, allow ComboFix to update and run it again with the script. If the files are gone, then if the log doesn't appear after you restart, it will be in C:\Qoobox\ComboFix.txt
 
Last edited:
Hi, Lisa.

Let's see what shows in the log when you re-run ComboFix. Please disable AVG and then double-click ComboFix to run. Allow it to update and then post the log.

Also, please indicate how your computer is running now. Any other issues that need to be addressed?
 
ComboFix 12-10-22.02 - Lisa 10/22/2012 17:47:56.4.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4025 [GMT -5:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lisa\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
.
---- Previous Run -------
.
c:\program files (x86)\Vuze\.install4j\_shfoldr.dll
c:\program files (x86)\Vuze\.install4j\autoUninstall.0
c:\program files (x86)\Vuze\.install4j\files.log
c:\program files (x86)\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
c:\program files (x86)\Vuze\.install4j\i4j_extf_1_5p83tu.properties
c:\program files (x86)\Vuze\.install4j\i4j_extf_10_5p83tu.utf8
c:\program files (x86)\Vuze\.install4j\i4j_extf_11_5p83tu.properties
c:\program files (x86)\Vuze\.install4j\i4j_extf_12_5p83tu.utf8
c:\program files (x86)\Vuze\.install4j\i4j_extf_13_5p83tu.properties
c:\program files (x86)\Vuze\.install4j\i4j_extf_14_5p83tu.properties
c:\program files (x86)\Vuze\.install4j\i4j_extf_15_5p83tu_1q2vg51.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_16_5p83tu_1rjd818.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_17_5p83tu_qin5kk.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_18_5p83tu_xza4ha.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_19_5p83tu_19c5po3.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_2_5p83tu.utf8
c:\program files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu_1dcx5tw.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_21_5p83tu.html
c:\program files (x86)\Vuze\.install4j\i4j_extf_22_5p83tu_rz1c2y.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_23_5p83tu_bm8amj.ico
c:\program files (x86)\Vuze\.install4j\i4j_extf_24_5p83tu.exe
c:\program files (x86)\Vuze\.install4j\i4j_extf_25_5p83tu.dll
c:\program files (x86)\Vuze\.install4j\i4j_extf_26_5p83tu.dll
c:\program files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll
c:\program files (x86)\Vuze\.install4j\i4j_extf_28_5p83tu.dll
c:\program files (x86)\Vuze\.install4j\i4j_extf_29_5p83tu_1glvfkw.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_3_5p83tu.properties
c:\program files (x86)\Vuze\.install4j\i4j_extf_30_5p83tu_10qu06u.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.exe
c:\program files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu_1pn3dfg.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_33_5p83tu_z1x7tn.png
c:\program files (x86)\Vuze\.install4j\i4j_extf_34_5p83tu.jpg
c:\program files (x86)\Vuze\.install4j\i4j_extf_4_5p83tu.utf8
c:\program files (x86)\Vuze\.install4j\i4j_extf_5_5p83tu.properties
c:\program files (x86)\Vuze\.install4j\i4j_extf_6_5p83tu.utf8
c:\program files (x86)\Vuze\.install4j\i4j_extf_7_5p83tu.properties
c:\program files (x86)\Vuze\.install4j\i4j_extf_8_5p83tu.utf8
c:\program files (x86)\Vuze\.install4j\i4j_extf_9_5p83tu.properties
c:\program files (x86)\Vuze\.install4j\i4jdel.exe
c:\program files (x86)\Vuze\.install4j\i4jinst.dll
c:\program files (x86)\Vuze\.install4j\i4jparams.conf
c:\program files (x86)\Vuze\.install4j\i4jruntime.jar
c:\program files (x86)\Vuze\.install4j\inst_jre.cfg
c:\program files (x86)\Vuze\.install4j\install.prop
c:\program files (x86)\Vuze\.install4j\installation.log
c:\program files (x86)\Vuze\.install4j\MessagesDefault
c:\program files (x86)\Vuze\.install4j\response.varfile
c:\program files (x86)\Vuze\.install4j\unicows.dll
c:\program files (x86)\Vuze\.install4j\user.jar
c:\program files (x86)\Vuze\aereg.dll
c:\program files (x86)\Vuze\aereg64.dll
c:\program files (x86)\Vuze\Azureus.exe
c:\program files (x86)\Vuze\Azureus.exe.manifest
c:\program files (x86)\Vuze\Azureus.exe.vmoptions
c:\program files (x86)\Vuze\Azureus.properties
c:\program files (x86)\Vuze\Azureus2.jar
c:\program files (x86)\Vuze\AzureusUpdater.exe
c:\program files (x86)\Vuze\installer.log
c:\program files (x86)\Vuze\plugins\azitunes\azitunes_0.2.3.jar
c:\program files (x86)\Vuze\plugins\azitunes\azitunes_0.2.6.jar
c:\program files (x86)\Vuze\plugins\azitunes\azitunes_0.2.6.zip
c:\program files (x86)\Vuze\plugins\azitunes\azureus.sig
c:\program files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
c:\program files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll.bak
c:\program files (x86)\Vuze\plugins\azitunes\jacob_1.14.3.jar
c:\program files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll
c:\program files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll.bak
c:\program files (x86)\Vuze\plugins\azitunes\libProcessAccess_0.1.2.jar
c:\program files (x86)\Vuze\plugins\azitunes\plugin.properties
c:\program files (x86)\Vuze\plugins\azitunes\plugin.properties.bak
c:\program files (x86)\Vuze\plugins\azitunes\plugin.properties_0.2.6
c:\program files (x86)\Vuze\plugins\azplugins\azplugins_2.1.6.jar
c:\program files (x86)\Vuze\plugins\azrating\azrating_1.3.1.jar
c:\program files (x86)\Vuze\plugins\azupdater\azupdaterpatcher_1.8.17.jar
c:\program files (x86)\Vuze\plugins\azupdater\azureus.sig
c:\program files (x86)\Vuze\plugins\azupdater\plugin.properties
c:\program files (x86)\Vuze\plugins\azupdater\Updater.jar
c:\program files (x86)\Vuze\plugins\azupnpav\azupnpav_0.3.8.jar
c:\program files (x86)\Vuze\plugins\azupnpav\azureus.sig
c:\program files (x86)\Vuze\plugins\azupnpav\plugin.properties
c:\program files (x86)\Vuze\swt.jar
c:\program files (x86)\Vuze\uninstall.exe
c:\program files (x86)\Vuze\Vuze.ico
c:\users\Lisa\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\users\Lisa\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.2.11.windows.exe
c:\users\Lisa\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe
c:\users\Lisa\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe.torrent
c:\users\Lisa\AppData\Roaming\FrostWire\.AppSpecialShare\hostiles.txt.39.zip
c:\users\Lisa\AppData\Roaming\FrostWire\.AppSpecialShare\hostiles.txt.39.zip.torrent
c:\users\Lisa\AppData\Roaming\FrostWire\.AppSpecialShare\Minecraft 1.9 + Server.rar.torrent
c:\users\Lisa\AppData\Roaming\FrostWire\.AppSpecialShare\Minecraft 1.9 + Server.rar.torrent.bak
c:\users\Lisa\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\.certs
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\.keystore
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\.lock
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\079CEB46192230840B579C88765AA9622DF9086C.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\079CEB46192230840B579C88765AA9622DF9086C.dat.bak
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\2BB552218038A414E2B43D70F3340705E82E536A.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\2BB552218038A414E2B43D70F3340705E82E536A.dat.bak
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\B2BBADCFDD87B7DED4B23C1AE11E5B24129F8589.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\B2BBADCFDD87B7DED4B23C1AE11E5B24129F8589.dat.bak
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\cache.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\F8DDBB4D2AAFE5883DEC5B116E458AF4AC95853C.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\active\F8DDBB4D2AAFE5883DEC5B116E458AF4AC95853C.dat.bak
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\azureus.config
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\azureus.config.bak
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\azureus.statistics
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\azureus.statistics.bak
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\dht\addresses.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\dht\contacts.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\dht\diverse.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\dht\general.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\dht\version.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\downloads.config
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\downloads.config.bak
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\ipfilter.cache
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\logs\debug_1.log
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\net\pm_7132.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\net\pm_default.dat
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\tmp\AZU1508822510394176320.tmp
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\tmp\AZU4508525914021161918.tmp
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\tmp\AZU5618821219657369512.tmp
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\tmp\AZU9112572617667731413.tmp
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\torrents\_Minecraft 1.9 + Server.rar.torrent
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\torrents\frostwire-5.2.11.windows.exe.torrent
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\torrents\frostwire-5.3.2.windows.exe.torrent
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\torrents\hostiles.txt.39.zip.torrent
c:\users\Lisa\AppData\Roaming\FrostWire\azureus\torrents\Minecraft 1.9 + Server.rar.torrent
c:\users\Lisa\AppData\Roaming\FrostWire\downloads.dat
c:\users\Lisa\AppData\Roaming\FrostWire\filters.props
c:\users\Lisa\AppData\Roaming\FrostWire\frostwire.props
c:\users\Lisa\AppData\Roaming\FrostWire\hostiles.dat
c:\users\Lisa\AppData\Roaming\FrostWire\hostiles.txt
c:\users\Lisa\AppData\Roaming\FrostWire\installation.props
c:\users\Lisa\AppData\Roaming\FrostWire\installer.dat
c:\users\Lisa\AppData\Roaming\FrostWire\intent.props
c:\users\Lisa\AppData\Roaming\FrostWire\library.dat
c:\users\Lisa\AppData\Roaming\FrostWire\mojito.props
c:\users\Lisa\AppData\Roaming\FrostWire\questions.props
c:\users\Lisa\AppData\Roaming\FrostWire\seenMessages.dat
c:\users\Lisa\AppData\Roaming\FrostWire\tables.props
c:\users\Lisa\AppData\Roaming\FrostWire\themes\frostwirePro_theme.fwtp
c:\users\Lisa\AppData\Roaming\FrostWire\themes\frostwirePro_theme\theme.txt
c:\users\Lisa\AppData\Roaming\FrostWire\themes\frostwirePro_theme\version.txt
c:\users\Lisa\AppData\Roaming\FrostWire\version.xml
c:\users\Lisa\AppData\Roaming\FrostWire\xml\data\audio.sxml2
c:\users\Lisa\Desktop\Magic IO\kyley songs\01 YES- Everyday I See My Dream.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\02-Plies - Becky (Dirty)-DJLeak.com(2).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\02 - Gucci Mane-Spotlight Feat Usher Prod By Polow.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\02 i Think my Girl is bi Omaron.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\03-young_money-roger_that_(feat._lil'_wayne,_nicki_minaj,_and_tyga).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\05 Bunz.m4a
c:\users\Lisa\Desktop\Magic IO\kyley songs\06 Drake - Forever (Feat. Kanye West, Lil Wayne, Eminem) (CD Version).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\07 do it to it.m4a
c:\users\Lisa\Desktop\Magic IO\kyley songs\08-rihanna-rude_boy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\09-rihanna-photographs_(featuring_will.i.am).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\09 You can be my shone.m4a
c:\users\Lisa\Desktop\Magic IO\kyley songs\10-young_money-girl_i_got_you.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\10_New_boyz_-_So_dope-DjLeak.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\11 - We Are Young Money - Girl I Got You.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\13 - Gucci Mane - I Think I Love Her (feat. Susie).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\17 i Think my Girl is bi Omaron.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\17.In Love with Your Booty - John Blu.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\18 Say Ahhhh.m4a
c:\users\Lisa\Desktop\Magic IO\kyley songs\Akon ft. Lil' Wayne-Im so paid.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Ashlee Simpson - Boyfriend.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Baby Bash Ft Pitbull - Outta Control.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Beyonce- Sweet Dreams(Beautiful Nightmare).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Beyonce - Diva.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Beyonce - Halo.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Beyonce Ft. Lady Gaga - Video Phone.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Birdman Ft. Jay Sean- Written On Her www.hiphopearly.com(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Black Eyed Peas - Boom Boom Pow.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Black Eyed Peas - Imma Bee (DJ Smoob).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Blink 182 - What's My Age Again.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Bloodhound Gang - Discovery Channel.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\boyfriend number 2.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Boys Like Girls - Love Drunk(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Boys Like Girls ft Taylor Swift-Two Is Better Than One.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Bring Me The Horizon- Chelsea Smile.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Bring me the horizon - Bring The Noise.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Bring Me The Horizon - Diamonds Aren't Forever.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Bring me the horizon - Suicide Season.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Bring Me The Horizon - Tell Slater Not To Wash His Dick.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Britney Spears- Break The Ice.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Britney Spears - 3 (One, Two, Three) new single sept 2009.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Britney Spears - if You Seek Amy..mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Brittney Spears - I'm Not A Girl, Not Yet A Woman.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Brittney Spears - Outrageous.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Brokencyde- Sex Toyz..mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Brokencyde - Freaxxx.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Brokencyde - Get Crunk.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Brokencyde - low.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cash Camp - Back It Up.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cash Money Millionairs - Bling Bling.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cherish Ft. Yung Joc - Shawty's a Killa .mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cheryl Crowe- The first cut is the deepest.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Chris Brown-Heart Ain't A Brain(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Chris Brown - Crawl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Chris Brown - Exclusive - 16 - Down.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Chris Brown ft Scooter Smiff - Head Of My Class.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Chris Brown Ft. Young Joc - Get Like Me.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Chrishan - Echo (Gorilla Zoe Cover).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Chrishan - Gucci Swag - HNHH.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Chrishan Ft. Lil Wayne- ***** Look At Me Now www.hiphopearly.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Christina Aguilera - Genie In A Bottle.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cobra Starship- Good Girls Gone Bad.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cobra Starship - Hollaback Boy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cobra Starship - Hot Mess.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cobra Starship - I Kissed A Boy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cold Flamez - Miss Me Kiss Me Lick .mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\creed - I'm Falling even more in love with you.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cute Is What We Aim For - Risque.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Cute Is What We Aim For - The Curse of Curves .mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Danity Kane - Ride 4 U.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Danity Kane - Strip Tease.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Darefordistance.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\David Archuleta - Crush.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\David Guetta feat Kid CuDi - Memories.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\David Guetta ft. Akon - Sexy *****.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\David Rush - Shooting Star (Remix) feat. Pitbull & Kevin Rudolf - HotNewHipHop.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Deep-Side ft. R.Kelly - Lets make Love (2006) unrlsd.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Demi Lovato - Don't Forget(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Destiny's Child's - Survivor.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Destiny's Child - Bug A Boo.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Destiny's Child - Say My Name.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Destinys Child - Cater To You.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Disturbed - Down With The Sickness (clean).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Dj Chip - Aw ****.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\DJ Chip - Bang, Bang, Bang, Skeet, Skeet, Skeet,.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\DJ Khaled Ft. Ludacris, Rick Ross, Snoop Dogg %26 T-Pain- All I Do Is Win - Hiphopearly.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\DJ_Class_-_I'm_the_Ish_(Dirty).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Dorrough Music- Ice Cream Paint Job (Clean).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Drake- Say Something (Ft Timbaland).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Drake - November 18th.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Drake - Best I Ever Had.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Drake - I'm Still Fly.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Drake ft Lil Wayne - Ransom.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Drake Ft. Lil Wayne & Trey Songz - Successful.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Drake_-_Forever_(ft_Kanye_West,_Lil_Wayne_&_Eminem)_(Clean).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Emeinem & ACDC- My name Is.MP3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Eminem - We Made You.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Ester Dean -Drop It Down Low ft Chris Brown.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\F.L.Y.-Swag Surfing (clean).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Fabolous Ft Drake - Throw It In The Bag (Remix).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Fat Joe ft. Pleasure P - Aloha.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Federation - 18 Dummy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Fergie - Fergalicious.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Flipsyde- Someday.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Flipsyde - Someday.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Flo-Rida Ft NeYo - Be On You.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Flo Rida - Right Round.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Flo Rida ft. Wynter- Sugar.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Forget You l a x (COMPLETE).wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Forget You l a x Gurlz (greatest hit 2009).wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Gavin Rossdale - Love remains the same.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Go_Periscope_-_Rollin'_With_The_Dead.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Gorilla Zoe - I Got It.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Gorilla Zoe (Ft. Lil' Wayne) - Lost.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\grits -my life be like.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\GS Boyz - Stanky Leg Remix ft. Yung Joc, T-Pain, Soulja Boy, DJ Unk, and Lil Wayne.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Gucci Mane- Wasted _Ft. Plies_ NO DJ _Clean_.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Gucci Mane - Hard To Kill - 15 - Freaky Girl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Gucci Mane ft Trey Songz - Drink It Straight.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Gucci Mane Ft. Plies - Wasted(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Gym Class Heros Ft. The Dream- Cookie Jar.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Hannah Montana - He Could Be The One.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\hellogoodbye - here (in your arms).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Hinder - Better Than Me.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Hinder - Go Home, Get Stoned.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\I Can Transform Ya (Clean).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jamie Foxx - Blame It (On The Alcohol) ft. T-Pain.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jamie Kennedy - Circle Circle Dot Dot.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Janet Jackson - Feedback.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jason Derulo- Love Hangover.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jason Derulo - In My Head (Prod. By J.R. Rotem).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jason DeRulo - Riding Solo.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jason Derulo - Watcha Say(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jason Derulo - What If(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jason Derulo - What If.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jason Mraz - I'm Yours.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jason Mraz - Wordplay.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jay-Z ft. Alicia Keys - Empire state of mind (New York).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jay-Z ft. Rhianna & Kanye West - I Run This Town.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jay Sean feat. Lil Jon & Sean Paul - Do You Remember.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jeremih-Birthday Sex.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jeremih - Imma Star.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jeremih - My Ride.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jerkin Music - iRock Skinnies.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jesse McCartney- How do you sleep.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jesse Mccartney feat T-Pain - Body Language - HotNewHipHop.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jessie_James-_I_Look_So_Good(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jibbs Feat.Chamillionare - King Kong.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jimmy James - Fashionista (Original Extended).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Joe Brooks- Superman.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jojo-Homeboy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jojo - Baby It`s You.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jojo - Leave (Get Out).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\JoJo - Not That Kinda Girl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\JoJo - Weak.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jordan Pruitt - Boyfriend.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jordan Taylor - Strong.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jordin Sparks- Battlefield.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Journey - Don't Stop Believing.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Juke Mix - Bounce and Break Ya' Back.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Jump Smokers - My Flow So Tight.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Justin Beiber-Favorite girl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Justin Beiber - Common Denominator.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Justin bieber - Love me(1)(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Justin bieber - Love me(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Justin Bieber - One Less Lonely Girl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Justin Bieber - One Time(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Justin Bieber feat Ludacris - Baby.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West - 808's & Heartbreak - 06 - Paranoid.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West - Flashing Lights.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West - Graduation - 12 - Homecoming (feat. Chris Martin).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West - Graduation - My Baby.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West - Love Locked Down.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West - Robocop.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West - Street Lights.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West - Stronger.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West feat. Young Jeezy - Amazing.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West ft Jamie Foxx - Gold Digger.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye West ft. T-Pain - Heartless.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kanye_West_-_Stronger_(Clean).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kat_Deluna_Feat._Lil_Wayne_-_Unstoppable.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\KC and Jojo - All My Life.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Keha_-_Blah_Blah_Blah_.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Keha_-_Kiss_n_Tell.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Keha_-_Your_Love_Is_My_Drug.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Keri Hilson- Energy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Keri Hilson - Knock You Down ft. Kanye West & Ne-Yo.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kesha-TiK-ToK.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kesha - Get In Line.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kesha - Take It Off.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kevin Rudolf feat. Lil' Wayne - Let It Rock.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Keyshia Cole ft Trey Songz - Superstar.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kid Cudi - Day N Night.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\KId Cudi ft Kanye West & Common - I Poke Her Face.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kings of Leon - Use Somebody.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kool & The Gang - Celebration .mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Kristinia DeBarge-Goodbye.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lady GaGa- Bad Romance.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lady GaGa - Love Games.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lady GaGa - Lovegame.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lady GaGa - Paparazzi.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lady GaGa - Paper Gangster.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lady Gaga feat. Beyoncé - Telephone(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lady Gaga Feat. Flo-Rida - Starstruck.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lady Soverign - Love Me or Hate Me.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lax - forget you.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Leona Lewis - Better In Time.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lifehouse - You And Me.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Like A G6.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil'_Wayne_ft._Gucci_Mane_-_We_Be_Steady_Mobbin'_-_buckmarleyxxx.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil John - Crunk Juice - What U Gonna Do.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil John ft. Pastor Troy- Throw it up.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil John Usher. Ludacris -Yeah.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayen Alphabet Bitches.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne- *****, Money, Weed.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne - Da Drought 3 - Top Back.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne - I Feel Like Dying.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne - Lisa Marie.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne - Me & My Drank.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil wayne - Pill Popping Animal.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne - Prom Queen.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne - Tha Carter 3 - 05 - Alphabet Bitches(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne & Drake - Everygirl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne Ft Young Money- Everygirl.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne ft. Chrishan - ***** Look At Me Now (New Very Hot Music April 2009).wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lil Wayne Ft. Drake & Truth - Im Going In.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Livvi Franc - Now I'm That *****.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lloyd_Banks-Beamer_Benz_Or_Bently_(Feat_Juelz_Santana)-2dope(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\LMFAO - Get Crazy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\LMFAO - I'm In Miami *****.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\LMFAO - I A'm Not A *****.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\LMFAO ft. Lil' Jon - Shots .mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Lonely Island- we like sports.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\lovegame clean.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Ludacris feat. Chris Brown & Sean Garrett - What Them Girls Like(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Ludacris_-_Sexting_-_CurrentHipHop.com[1].mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Ludacris_ft_Shawnna-How_Low_Can_You_Go_Dirty_1.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Maino Ft T-Pain - All of the Above.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Mariah Carey - Obsessed.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Mario - How Do I Breathe.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Mario Feat. Rich Boy - Kryptonite.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Mayday Parade - When I Grow Up.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Mayday Parade - Your Song.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Metro Station - Shake It.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Michael Jackson - Beat It.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Michael Jackson - Man in Mirror.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Michael Jackson - Micheal Jackson - Billy Jean.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Michael Jackson - Thriller.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Michael Jacksons - Don't Stop 'Till You Get Enough.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Miley Cyrus - Party In The USA.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Miley Cyrus - The Climb - Hannah Montana The Movie.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Milkshake scremo clean (WORKING).wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\milkshake scremo clean.au
c:\users\Lisa\Desktop\Magic IO\kyley songs\milkshake scremo clean.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Millionaires - Martinis and Mixed Feelings.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\millionaires - take a shot.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Millionairs - I Like Money.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Millionares - Hey Rich Boy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Mims--Move If You Wanna(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Mims - Like This.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Molly Makeout (Good Copy.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\more bounce in california.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Mr. Capone-E - You Should Be A Model.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\My Chick Is Bad(Ft. Nicki Minaj).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Natasha Bedingfield - Love Like This (Feat. Sean Kingston).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nelly- Here Comes the BOOM (The Longest Yard).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nelly ft. Paul Wall - Grillz.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nelly Furtado ft Timberland -Promiscious Girl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\New Boys - You're A Jerk.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\New Boyz-Colors.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\New Boyz - New Girl (ft. D&D).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\New_Boyz_-_Tie_Me_Down_(feat._Ray_J)_-_HNHH.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\NewBoyz--DotCom.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Newboyz so Dope (FULL Version).wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Newboyz so dope (Good Copy).wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Neyo - Mad.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Neyo - Miss Independent(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\NeYo Ft. Jamie Foxx & Fabolous - She Got Her Own (Miss Independent Remix).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nickelback - Figured You Out.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nickelback - Gotta Be Somebody.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nickelback - If Today Was Your Last Day.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nickelback - Photogragh.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nickelback -Something In Your Mouth.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Nothing On You f. Bruno Mars.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Omarion- Ice Box.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Omarion - I Think My Girl Is (Bi Ay Ay) NEW _2009_.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\one time justin beiber.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Outcast - Sorry Mrs. Jackson.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Owl City - Fireflies.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Owl City - Hello Seattle.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Panic! At The Disco - Build God, Then We'll Talk.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Panic! At The Disco - I Write Sins, Not Trageties.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Parachute - She is Love.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Paramore - Crushcrushcrush.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Paramore - Misery Business.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Paramore - That's What You Get.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Peanut Butter Jelly Time.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Petey Pablo feat Lil John - Freak a Leek.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\petey pablo ft ciara - my goodies.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Pitbull - 02 - I Know You Want Me.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Pitbull - Room Service (Hotel Room).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Pitbull Ft Lil John - The Anthem.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Pleasure P - Boyfriend Number 2.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Plies - Put It On Ya Ft. Chris J (Dirty).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Plies ft Pleasure & Trey Songz - Shawty Remix 2007.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Pretty Ricky - Grind On Me.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Prima J-Corazon.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Prima J -Chilosa.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Promise Ring.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Pussycat Dolls - I Hate This Part.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\put yah cs on it.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\QuickCam\ehthumbs.db
c:\users\Lisa\Desktop\Magic IO\kyley songs\QuickCam\Thumbs.db
c:\users\Lisa\Desktop\Magic IO\kyley songs\QuickCam\Video 3.wmv
c:\users\Lisa\Desktop\Magic IO\kyley songs\QuickCam\Video 4.wmv
c:\users\Lisa\Desktop\Magic IO\kyley songs\QuickCam\Video 5.wmv
c:\users\Lisa\Desktop\Magic IO\kyley songs\QuickCam\Video 6.wmv
c:\users\Lisa\Desktop\Magic IO\kyley songs\R Kelly ft Usher - Same Girl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\R.Kelly ft.T-Pain & T.I.- I'm A Flirt (The Official Remix)-2007.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\raheem devaughn new single.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\rhianna ft Neyo - hate that i love you.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Rihanna - Rehab.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Rihanna - Cry.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Rihanna - Hard _Feat. Young Jeezy_.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Rihanna - Pon De Replay .mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Rihanna - Sell Me Candy.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Rihanna - That La, La, La.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Rihanna Ft. Akon - Emergency Room.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Roscoe Dash Ft. Soulja Boy- All The Way Turnt Up.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Run DMC - It's Tricky.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Savage-Swing (clean).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Saving Abel - Addicted(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Sean Kingston - Fire Burning.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Sean Kingston ft. Justin Bieber - Eenie Meenie.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Sean Kingston ft. Lil Wayne - I'm at War.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Sean_Kingston_-_Face_Drop.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Sean_Kingston_-_Replay_-_FreeHotNewHipHop.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Secondhand Serenade - Fall For You.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\sexy for this chick unreleased studio edition.au
c:\users\Lisa\Desktop\Magic IO\kyley songs\sexy for this chick.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Shinedown - Second Chance(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Shontelle - T-Shirt.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Simple Plan - I'm Just A Kid.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Snoop Dogg (ft. The Dream) - Gangsta Luv - CurrentHipHop.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Snoop Dogg Feat Soulja Boy - Pronto ( New Rap Music _ Hip Hop Music Video 2010 ).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\someday by flipsyde clean.au
c:\users\Lisa\Desktop\Magic IO\kyley songs\Soul Kid - We Got More Bounce in California.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Soulja Boy - Hey You There.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Soulja Boy - Kiss Me Through The Phone.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Soulja Boy - She Got A Donk.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Souljah Boy - Turn My Swagg On.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Spice Girls - Hey mickey!.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Stevie Brock - All For Love.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Stevie Brock - I Found You.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Stevie Hoang - Addicted(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Stevie Hoang - Ex Player.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Strong.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Survivor - Eye of the Tiger .mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\swag surf clean.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\T-Pain - Take Your Shirt Off - HNHH.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\T-Pain Feat. Young Joc - Buy U A Drank.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\T Pain-Take Your Shirt Off Dirty.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\T.I feat. Kanye West, Jay-Z & Lil Wayne - Swagger Like Us.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\T.I ft Justin Timberlake - Dead and Gone.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Taylor Swift - Hey Stephen.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Taylor Swift - You Belong With Me.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The Dream- Put it down.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The Dream feat. Lil' Jon - Let Me See That Booty.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The Dream Ft Kanye West-Walking On The Moon.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The Fray- Never Say Never.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The Friday Night Boys - Molly Makeout.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The Lonely Island - I'm On A Boat (Feat T-Pain).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The Push - JERK remixx.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The Ready Set - Love Like Woe.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\The White Tie Affair - Candle 'Sick And Tired'.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Theory of a Deadman- Hate My Life.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\TI Bring Em Out CLEAN.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Tik Tok Clean Keisha (Working).wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\tik tok clean keisha.au
c:\users\Lisa\Desktop\Magic IO\kyley songs\tik tok clean.wma
c:\users\Lisa\Desktop\Magic IO\kyley songs\Timbaland ft. Justin Timberlake - Carry Out.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\TLC - No Scrubs.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Toy Box - Best Friend.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\TPain - I'm Sprung.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\train - drops of jupiter.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Train - Hey, Soul Sister.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey Songs-I need a girl.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey Songz - Role Play.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey Songz - First Date Sex (Birthday Sex Remix)_5STARHIPHOP.COM.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey Songz - LOL (Smiley Face) [feat. Gucci Mane & Soulja Boy].mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey Songz - Sex for Yo Stereo.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey Songz -03- Let's Make Love Tonight.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey Songz Ft. Drake - Invented Sex.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey Songz ft. Fabolous - Say Ahh.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey_Songz_-_Sticky_Face_-_HotNewHipHop.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Trey_Songz_Ft._Johnta_Austin_-_First_Love_-_HotNewHipHop.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Twista feat. Kanye West - Overnight Celebrity.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\UCLA Jerk Kingz - Addicted To Jerkin_Digitaldripped.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher - Let it Burn.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher - Omg (Prod. By Will.I.Am) ( 2o1o) [ www.MzHipHop.com ].mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher - You Got It Bad.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher - Yeah.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher & Alicia Keys - My Boo(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher & Alicia Keys - My Boo.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher Feat. Shyne, Kanye West, Twista & Jermaine Dupri - Confessions (Remix)(2).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher Ft. Plies- Hey Daddy(Daddy's Home) - Hiphopearly.com.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher ft. Timbaland - Moving Mountains.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Usher ft. Young Jeezy - Make Love In This Club.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Vanessa Carlton - I Would Walk A Thousand Miles.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Vanessa Hudgens - Amazed(1).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Vanessa Hudgens - Amazed.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Vanessa Hudgens - Party On The Moon.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Vanessa Hudgens - Sneaker Night.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Young Dro ft. T.I. - Shoulda Lean.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Young Jeezy - My Hood.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Young Jibbs - Does Your Chain Hang Low.mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Young Money Fam - We Are Young Money - 12 - Roger That (Ft. Nicki Minaj, Tyga & Lil Wayne).mp3
c:\users\Lisa\Desktop\Magic IO\kyley songs\Yung Joc -New Joc City- A Couple Grand.mp3
c:\windows\SysWOW64\sysprep\CRYPTSP.dll_
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-22 22:52 . 2012-10-22 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-22 15:15 . 2012-10-22 15:15 -------- d-----w- c:\program files (x86)\ESET
2012-10-20 21:53 . 2012-10-20 21:53 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-20 21:53 . 2012-10-20 21:53 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-20 20:33 . 2012-10-20 20:33 -------- d-----w- c:\users\Lisa\AppData\Roaming\Malwarebytes
2012-10-20 20:33 . 2012-10-20 20:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-20 20:33 . 2012-10-20 20:33 -------- d-----w- c:\programdata\Malwarebytes
2012-10-20 20:33 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-20 20:26 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-10-14 22:11 . 2012-10-14 22:11 -------- d-----w- c:\windows\SysWow64\CSP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 15:44 . 2012-04-05 11:54 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 15:44 . 2011-08-24 20:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 20:43 . 2012-08-24 20:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-07-30 19:16 . 2012-08-16 17:54 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-30 19:16 . 2012-07-30 19:16 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-07-30 19:16 . 2012-07-30 19:16 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-07-30 19:16 . 2012-07-30 19:16 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-07-30 19:16 . 2012-07-30 19:16 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-07-30 19:16 . 2012-07-30 19:16 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-07-30 19:16 . 2012-07-30 19:16 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-07-30 19:16 . 2012-07-30 19:16 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-07-30 19:16 . 2012-07-30 19:16 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-07-30 19:16 . 2012-07-30 19:16 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-07-30 19:16 . 2012-07-30 19:16 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-07-30 19:16 . 2012-07-30 19:16 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-07-30 19:16 . 2012-07-30 19:16 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-07-30 19:16 . 2012-07-30 19:16 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-07-30 19:16 . 2012-07-30 19:16 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-07-30 19:16 . 2012-07-30 19:16 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-07-30 19:16 . 2012-07-30 19:16 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-07-30 19:16 . 2012-07-30 19:16 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-07-30 19:16 . 2012-07-30 19:16 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-07-30 19:16 . 2012-07-30 19:16 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-07-30 19:16 . 2012-07-30 19:16 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-07-30 19:16 . 2012-07-30 19:16 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-07-30 19:16 . 2012-07-30 19:16 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-07-30 19:16 . 2012-07-30 19:16 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-07-30 19:16 . 2012-07-30 19:16 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-07-30 19:16 . 2012-07-30 19:16 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-07-30 19:16 . 2012-07-30 19:16 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-07-30 19:16 . 2012-07-30 19:16 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-07-30 19:16 . 2012-07-30 19:16 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-07-30 19:16 . 2012-08-16 19:31 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-07-26 08:21 . 2012-07-26 08:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"cdloader"="c:\users\Lisa\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Eye-Fi"="c:\program files (x86)\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
"MusicManager"="c:\users\Lisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-31 7321600]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-14 226616]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1255736]
R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-26 202296]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-10 8013312]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-10 287232]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:44]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 17:51]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 17:51]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797094125-1767685679-2552595875-1001Core.job
- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 01:47]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797094125-1767685679-2552595875-1001UA.job
- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\ealdifoj.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-8461-7759-5462-8226 - c:\program files (x86)\Vuze\uninstall.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
.
**************************************************************************
.
Completion time: 2012-10-22 17:58:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-22 22:58
ComboFix2.txt 2012-10-22 14:08
.
Pre-Run: 851,475,021,824 bytes free
Post-Run: 851,411,365,888 bytes free
.
- - End Of File - - 3F860BB36B2A46816ACF53402378EDA6

Everything seems to be fine but then again I never knew anything was wrong. The only thing was my computer was slower and my avg would pop up saying I was using too much memory. I found out there was a problem when I couldn't run my windows update I got error code [FONT=Arial, Helvetica, sans-serif][FONT=Arial, Helvetica, sans-serif] 80246008 I checked into it and my file BITS is missing but my event system is fine. I did some research and figured I better check for a virus. I also went into my avg and noticed awhile ago I had in windows\system32\services.exe a trojan horse[/FONT][/FONT]. Do you think everything we did got rid of all the trojans?
 
Hi, Lisa.

It certainly looks as though things are cleaned up. The only thing that I'm seeing that didn't get removed was Conduit from Firefox search options. See if you are able to remove it with Firefox. Click the down arrow to the left of the search box. At the bottom of the list of available options, select "Manage Search Engines...". If you see Conduit on the list, select it and click "Remove".

Can you run Windows Update now? If you still get Error Code 80246008, please follow the instructions at Windows Update error 80246008 and let me know if it solved the problem. If not, we have an expert here at Sysnative who deals with Windows Update errors.

Please let me know the results of removing Conduit and running Windows Update and then I'll provide final instructions.
 
I don't use the search bar but I did put it up and the only thing that showed was google and twitter. But if I go top left corner in the firefox menu under options is a list like menu bar, navigation toolbar, bookmarks toolbar then vuze remote community toolbar that isn't checked but it is there. Also when I was looking at my icons in the task bar I noticed something I never seen before objlist.exe.
As far as the windows update it is running I'm ashamed to say there are 54 of them I wasn't around much in the summer so I didn't know. I did read that article and my Background Intelligent Transfer Service is still no where to be found. The Windows Event Log service is fine. I figured I would have to ask on another board. I knew I had to get this computer clean before the BITS issue. I just wanted to tell you as I was getting off the computer I typed vuze in the search programs and 21 documents that say nero vuze and 1 program file came up with the word vuze. I noticed that it is related to a game that my son plays online called minecraft. He played it on my computer all summer and all his friends in college play it. Now I'm upset because just last week I paid for the subscription version of this game so does that mean his $2500 laptop at school is infected with this? Just wondering when you have time to address this. Thanks
I have some things to do tonight so I will check back in the morning. Thanks so far.
 
Hi, Lisa.

The game Minecraft is safe. I suspect that he was using Vuze to play Minecraft. Now that he has the subscription, that is no longer necessary.

A bit about Vuze and other P2P programs:

Vuze software was previously called Azureus and is a P2P program. It is almost impossible to keep teens away from P2P programs. The problem with P2P programs is they form a direct conduit on to the computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if the P2P program is not configured correctly, more sharing may occur than realized. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

With P2P file sharing, there is no means of identifying or authenticating the source of the download. In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

The Vuze toolbar has adware and tracking features but isn't malware.



objlist.exe is part of SecurityCheck. We've taken care of checking third-party programs so you can delete SecurityCheck from your desktop. In fact, you can also delete DDS and the logs as well.

Please do the following to implement cleanup procedures an also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.



If you are unable to install the Windows Updates, please perform a SFC (System File Checker) scan which will check and fix any corrupted files on your system.
  • Click Start, and then type cmd in the Start Search box.
  • Right-click cmd in the Programs list, and then right-click Run as administrator.
  • If you are prompted for an administrator password or confirmation, type your password or click Continue
  • At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the backslash)
  • When the scan is complete, if no errors are found, restart your computer and post back
  • If the message does not say "Windows resource protection did not find any integrity violations", restart your computer and run System File Checker again.

Note: You may need to run System File Checker up to three times to resolve all corrupted files. Please advise if you still have corrupted files after a fourth run.
 
Hi Corrine. Thank You for explaining the vuze thing to me I am going to show my son that. I deleted all the logs. security check and did the uninstall. objlist.exe is still showing. I did some research on firefox clicked around and somehow got rid of the vuze toolbar. I ran the file checker and it came up fine. My windows update worked. I still have to get my BITS back but in another topic. Should I run any additional scans to double check things? Should I delete all those folders and anything that says vuze? Now I know scans and programs are based on preference. I am using avg free and I use cc cleaner, I use windows firewall because my 2 wire modem has a built in firewall that I can't change. Awhile ago I used adaware and spybot. Do you recommend any programs to run once a week to double check your system? Thanks
 
lisamorton said:
Hi Corrine. Thank You for explaining the vuze thing to me I am going to show my son that. I deleted all the logs. security check and did the uninstall. objlist.exe is still showing. I did some research on firefox clicked around and somehow got rid of the vuze toolbar. I ran the file checker and it came up fine. My windows update worked. I still have to get my BITS back but in another topic. Should I run any additional scans to double check things? Should I delete all those folders and anything that says vuze? Now I know scans and programs are based on preference. I am using avg free and I use cc cleaner, I use windows firewall because my 2 wire modem has a built in firewall that I can't change. Awhile ago I used adaware and spybot. Do you recommend any programs to run once a week to double check your system? Thanks
Click to expand...

Hello Lisa :)

Corrine and the security team have lots of ways of getting missing services back.

However, if the simple stuff does not work, I will be very happy to work with you on these service and/or any Windows Update issues you may have, once Corrine has signed your computer off as clean.

I will leave you to her expertise until she has completely finished, but after that I would be more than happy to work with you on any outstanding issues.

Richard
 
Hi, Lisa.

Yes, you can delete objlist.exe from your desktop. Regarding Vuze, since it was used by your son (probably for Minecraft and downloading other files) and he now has his own computer, you can remove the files he downloaded using Vuze.

Microsoft made a lot of improvements since the days of Windows XP when you'd regularly find advice to install a third-party firewall. The Windows 7 Firewall is fine. If you are happy with the results of AVG, then there is no need to change antivirus programs.

You already have Malwarebytes Anti-malware installed. In my opinion, it is an excellent program and should be sufficient to run on a weekly basis. Should you find yourself in a position down the road to purchase the Pro version of MBAM, you may find the additional protection (i.e., filesystem protection, malicious website blocking) beneficial if you spend much time on the Internet. (Since Ad-Aware now includes a third-party antivirus engine, you don't want to install it as it could cause conflicts. Besides, Lavasoft sold out to another company.)

My personal favorite monitoring software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html.


Regarding BITS, I tend to start with Microsoft KB Articles, in this case, You receive an error message when you try to download updates from the Windows Update Web site or from the Microsoft Update Web site, or when you try to start the Background Intelligent Transfer Service.

Lisa, if you would rather not go that route, you may prefer, instead, to do the following:

  • Download and run the System Update Readiness Tool from http://support.microsoft.com/kb/947821
  • Save the installer somewhere safe so it can be used again later if needed.
  • Zip and upload the entire C:\Windows\Logs\CBS folder (being sure to include the all contents, particularly the CheckSUR.log)
  • Create a new topic in the Windows Update forum and attach the zipped file.
 
The objlist is not on my desktop it is in my notification are in the taskbar and now I have wisecustomcalla.exe also in there. When reading alittle about the wisecustomcalla some people mentioned mcafee. I don't have mcafee on this computer.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top