Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-downloader.win32.wren


  • This topic is locked This topic is locked
14 replies to this topic

#1 Dkut

Dkut

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 12 June 2008 - 05:13 PM

Hello,
My computer has been experiencing some serious lag time. I defragged, ran ccleaner, cleaned up hard drive space & cleaned the interior of the computer to no avail. I ran a Spybot S&D & Symantec anti-virus (nothing showed) and thought that i was rid of any issues, Kaspersky scan was a little bit scary. I'd appreciate any help that an expert can provide:

Deckard's System Scanner v20071014.68
Run by dkutrick on 2008-06-12 17:57:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
74: 2008-06-12 21:57:43 UTC - RP435 - Deckard's System Scanner Restore Point
73: 2008-06-12 17:28:27 UTC - RP434 - Installed Ad-Aware
72: 2008-06-12 17:27:03 UTC - RP433 - Removed Ad-Aware 2007
71: 2008-06-12 08:19:54 UTC - RP432 - System Checkpoint
70: 2008-06-11 08:00:38 UTC - RP431 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-14 20:07:35 UTC - RP362 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-12 18:00:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ico.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
C:\Documents and Settings\dkutrick.XRN\Desktop\dss.exe
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFLB.EXE
C:\WINDOWS\system32\searchprotocolhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070305
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dial-global.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOffice...p;p2=5&p3=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Triton Radio Networks
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070305
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MediaShooterPro.lnk = C:\Program Files\MediaShooterPro\MediaShooterPro.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: ftp://ftp.dialshows.com (HKCU)
O15 - Trusted Zone: *.ftp (HKCU)
O15 - Trusted Zone: https://www.mrmasteronline.com (HKCU)
O15 - Trusted Zone: http://www.mrmasteronline.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {377CAD35-D628-40A6-AB39-71B3CCC899DB} (RCSWebProcessHandler Class) - http://mediamonitors.com/analysis/WebProcessHandler.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199459051937
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab
O16 - DPF: {C6D25826-96AE-462F-A852-BB33B882B723} (SFImageUpload1_4.ImageUpload) - http://duanereade.storefront.com/images/gl...geUpload1_4.CAB
O16 - DPF: {E990F195-3598-4C13-BD01-F8752E9BD8F5} (CFHandler Class) - http://www.mediamonitors.com/Analysis/ClientFileHandler.cab
O17 - HKLM\Software\..\Telephony: DomainName = xrn.ny
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = xrn.ny
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = xrn.ny
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 13020 bytes

-- HijackThis Fixed Entries (C:\Documents and Settings\dkutrick\Personal\HiJack THis\backups\) --------------------------------------------------------------------------------

backup-20050401-111447-820 R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
backup-20050401-111543-492 R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
backup-20050401-111543-741 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
backup-20050518-111632-102 O1 - Hosts: 216.130.185.143 www.advnt01.com
backup-20050518-111632-160 O1 - Hosts: 216.130.185.143 xzoomy.com
backup-20050518-111632-211 O1 - Hosts: 216.130.185.143 adwave.com
backup-20050518-111632-236 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
backup-20050518-111632-327 O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
backup-20050518-111632-356 O1 - Hosts: 216.130.185.143 www.xzoomy.com
backup-20050518-111632-365 O1 - Hosts: 216.130.185.143 xzoomy.com
backup-20050518-111632-372 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
backup-20050518-111632-524 O1 - Hosts: 216.130.185.143 advnt01.com
backup-20050518-111632-542 O1 - Hosts: 216.130.185.143 www.adwave.com
backup-20050518-111632-592 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
backup-20050518-111632-662 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50245
backup-20050518-111632-669 O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
backup-20050518-111632-703 O1 - Hosts: 216.130.185.143 advnt01.com
backup-20050518-111632-713 O1 - Hosts: 216.130.185.143 adwave.com
backup-20050518-111632-766 O1 - Hosts: 216.130.185.143 www.adwave.com
backup-20050518-111632-873 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
backup-20050518-111632-874 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20050518-111632-876 O1 - Hosts: 216.130.185.143 www.xzoomy.com
backup-20050518-111632-889 O1 - Hosts: 216.130.185.143 www.advnt01.com
backup-20050518-111633-132 O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
backup-20050518-111633-208 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20050518-111633-219 O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c5.cab
backup-20050518-111633-333 O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
backup-20050518-111633-365 O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
backup-20050518-111633-393 O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
backup-20050518-111633-406 O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
backup-20050518-111633-426 O4 - HKLM\..\Run: [kxuhopwv] C:\WINDOWS\kxuhopwv.exe
backup-20050518-111633-481 O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
backup-20050518-111633-484 O4 - HKLM\..\Run: [t7mU3tQ] eveatcha.exe
backup-20050518-111633-592 O4 - Global Startup: Free WebSite Tools.lnk = ?
backup-20050518-111633-711 O4 - HKCU\..\Run: [cw58Rjctl] dsk_qic.exe
backup-20050518-111633-895 O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
backup-20050518-111633-899 O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
backup-20050518-111634-648 O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
backup-20050518-111635-317 O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
backup-20050518-111635-763 O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
backup-20050518-111635-822 O23 - Service: Domain Migration Administrator Agent - NetIQ Corporation - C:\Program Files\OnePointDomainAgent\DCTAgentService.exe
backup-20050518-112948-485 O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
backup-20050518-134947-101 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20050518-134947-268 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 FolderSize (Folder Size) - "c:\program files\foldersize\foldersizesvc.exe" <Not Verified; Brio; Folder Size for Windows>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 ioloFileInfoList (iolo FileInfoList Service) - c:\program files\iolo\common\lib\ioloservicemanager.exe (file missing)
S2 ioloSystemService (iolo System Service) - c:\program files\iolo\common\lib\ioloservicemanager.exe (file missing)
S2 pgsql-8.1 (PostgreSQL Database Server 8.1) - "c:\program files\postgresql\8.1\bin\pg_ctl.exe" runservice -n "pgsql-8.1" -d "c:\program files\postgresql\8.1\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-05 21:29:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 13:28:32 0 d-------- C:\Program Files\Lavasoft
2008-06-12 13:27:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 18:30:28 0 dr-h----- C:\Documents and Settings\dkutrick.XRN\Recent
2008-06-05 15:31:08 0 d-------- C:\Program Files\iDump
2008-06-05 15:27:47 0 d-------- C:\Program Files\Common Files\eSellerate
2008-06-05 15:27:26 0 d-------- C:\Program Files\iPod To Computer Transfer
2008-06-02 12:41:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-02 12:41:36 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 11:01:14 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-27 11:01:13 2550 --a------ C:\WINDOWS\unins000.dat
2008-05-15 16:21:48 0 d-------- C:\Program Files\iPod
2008-05-15 13:07:09 0 d-------- C:\Program Files\iTunes


-- Find3M Report ---------------------------------------------------------------

2008-06-12 18:01:16 116864 --a------ C:\Documents and Settings\dkutrick.XRN\Application Data\Barracuda-WhiteList.xml
2008-06-12 17:54:03 0 d-------- C:\Program Files\DL_cats
2008-06-12 13:27:35 0 d-------- C:\Program Files\Common Files
2008-06-12 11:42:06 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-27 10:32:21 0 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-27 10:32:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 18:27:54 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\uTorrent
2008-05-15 16:18:41 0 d-------- C:\Program Files\QuickTime
2008-05-15 11:24:07 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Adobe
2008-05-05 13:05:05 0 d-------- C:\Program Files\MediaShooterPro
2008-05-05 11:51:06 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Real
2008-05-05 11:42:47 0 d-------- C:\Program Files\PPM
2008-05-05 11:42:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-05 11:06:54 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\iolo
2008-05-05 11:04:09 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-30 18:01:48 1697572 --a------ C:\WINDOWS\system32\SNAGIT6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [11/08/06 04:01 PM C:\WINDOWS\system32\ico.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/06 09:07 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/09/04 08:31 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [10/06/04 05:56 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/08 08:54 PM]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [01/18/05 10:57 AM]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [12/07/04 04:43 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/11/07 12:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/08 10:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/08 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/04 12:24 PM]
"PowerBar"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/26/07 10:08 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/04 06:00 AM]

C:\Documents and Settings\dkutrick.XRN\Start Menu\Programs\Startup\
MediaShooterPro.lnk - C:\Program Files\MediaShooterPro\MediaShooterPro.exe [08/03/04 2:09:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [02/05/07 3:40:46 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/07 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

*Newly Created Service* - AAWSERVICE



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-12 18:02:46 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1021.54 MiB / 652.38 MiB
Pagefile Memory (total/avail): 2454.9 MiB / 1928.19 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.59 MiB

B: is Network (NTFS)
C: is Fixed (NTFS) - 74.44 GiB total, 18.61 GiB free.
D: is CDROM (No Media)
I: is Network (NTFS)
L: is Network (NTFS)
M: is Network (NTFS)
N: is Network (NTFS)
S: is Network (NTFS)
U: is Network (NTFS)
X: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - ST3808110AS - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 74.44 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v9.0.2.1000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MediaShooterPro\\bin\\mm_rsync.exe"="C:\\Program Files\\MediaShooterPro\\bin\\mm_rsync.exe:*:Enabled:mm_rsync"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE:*:Disabled:Microsoft Office Word"
"\\\\dakota\\xradio data\\XRTeamShare\\XRN Sales\\Danny\\My Documents\\Personal\\Programs\\utorrent.exe"="\\\\dakota\\xradio data\\XRTeamShare\\XRN Sales\\Danny\\My Documents\\Personal\\Programs\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\\Documents and Settings\\dkutrick\\Personal\\Programs\\utorrent.exe"="C:\\Documents and Settings\\dkutrick\\Personal\\Programs\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\dlbxcoms.exe"="C:\\WINDOWS\\system32\\dlbxcoms.exe:*:Enabled:Dell Communication System"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MediaShooterPro\\bin\\mm_rsync.exe"="C:\\Program Files\\MediaShooterPro\\bin\\mm_rsync.exe:*:Enabled:mm_rsync"
"C:\\Documents and Settings\\dkutrick\\Personal\\Programs\\utorrent.exe"="C:\\Documents and Settings\\dkutrick\\Personal\\Programs\\utorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\dkutrick.XRN\Application Data
CLASSPATH=.;C:\PVSW\bin\pvjdbc2x.jar;C:\PVSW\bin\pvjdbc2.jar;C:\PVSW\bin\jpscs.jar;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NY-DKUTRICK1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\dkutrick.XRN
LOGONSERVER=\\XRNBLD02
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PVSW\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\dkutrick.XRN\LOCALS~1\Temp
TMP=C:\DOCUME~1\dkutrick.XRN\LOCALS~1\Temp
USERDNSDOMAIN=XRN.NY
USERDOMAIN=XRN
USERNAME=dkutrick
USERPROFILE=C:\Documents and Settings\dkutrick.XRN
VSL=C:\PVSW\\bin
WecVersionForRosebud.598=3
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

dkutrick (admin)
MKDFostgresUser
Administrator (admin)
dkutrick.XRN (admin)
sroth (new local, net ready)
administrator.XRN (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Documents and Settings\dkutrick.XRN\Local Settings\Application Data\{613CE745-9650-4A3D-A219-90C722EC4652}\obk2_trial.exe
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8.1.2 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Catalyst Control Center --> MsiExec.exe /I{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barracuda Networks IM --> C:\Program Files\Barracuda\uninst.exe
Barracuda Networks Outlook Plug-in --> MsiExec.exe /I{C427735F-EAEF-48A1-9628-67F05C4DE831}
BIAfn MEDIA Access Pro 4.2 --> C:\Program Files\InstallShield Installation Information\{B92017DF-F9EB-4486-A0B1-14C526D66981}\setup.exe -runfromtemp -l0x0409
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom ASF Management Applications --> MsiExec.exe /I{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}
Broadcom Management Programs --> MsiExec.exe /X{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Default --> MsiExec.exe /I{22BED295-8AE7-4BDE-9E4E-FA038D83B194}
Dell ETS Factory Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}\setup.exe" -l0x9
Dell Photo AIO Printer 962 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUNST.EXE -NOLICENSE
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
eFax Messenger 4.3 --> C:\Program Files\eFax Messenger 4.3\Uninstall.exe
File Writer output plugin for WinAMP 2 v1.17© (remove only) --> "C:\Program Files\Winamp\Plugins\uninstfilewrite.exe"
FLAC 1.1.4b (remove only) --> C:\Program Files\FLAC\uninstall.exe
Folder Size for Windows --> MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Free CD Ripper 3.1 --> "C:\Program Files\FreeCDRipper\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Documents and Settings\dkutrick\Personal\Programs\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iDump (Backing up your iPod) --> C:\Program Files\iDump\uninstall.exe
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InFlac 1.1.1 --> "C:\Program Files\Winamp\InFlac-Uninstall.exe"
iPod To Computer Transfer 3.5 --> "C:\Program Files\iPod To Computer Transfer\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Maximi$er --> MsiExec.exe /I{79ED4C4F-C112-4CF4-98D2-2EA68AC11C96}
Media Monitors Client Audio --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A6E4FF75-CB0F-4238-97E2-FD9158F55B07}
MediaShooterPro --> "C:\Program Files\MediaShooterPro\Uninstall.exe" "C:\Program Files\MediaShooterPro\install.log"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007 --> MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft SQL Server 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\80\Tools\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\80\Tools\sqlsun.dll" -msql.mif
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mjuice Media Support for Winamp --> "C:\Program Files\Mjuice Media Player\mjuninst.exe"
Mouse Suite for Desktop Computers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448E2D77-E504-4221-B2C2-93646B344729}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3 Tag Tools v1.2 --> "C:\Program Files\Mp3TagToolsv12\uninstall.exe"
MP3 TagEdit 2.3 --> MsiExec.exe /I{A566BD82-0E98-11D6-A25B-0080C8DF6085}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero Mega Plugin Pack --> MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
PDF-XChange 3.5 --> "C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe"
Pervasive System Analyzer --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Pervasive Software Shared\PSA\psa.isu"
Pervasive.SQL 9 SP2 Client for Windows (9.5) --> MsiExec.exe /I{B6D1D744-BDC8-487C-97D9-1D83A1F06110}
PostgreSQL 8.1 --> MsiExec.exe /I{34D95765-2D5A-470F-A39F-BC9DEAAAF04F}
Power Audio Converter 1.03 --> "C:\Program Files\PowerAudioConverter\unins000.exe"
PowerDVD OD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PPM Analysis Tool [STANDALONE] --> C:\Program Files\PPM\MMPCONFIG.exe /unreg /uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
R-Wipe&Clean 7.1 --> "C:\Program Files\R-Wipe&Clean\unins000.exe"
Raptor Audio 1.6 --> MsiExec.exe /I{C8C45573-C729-46D9-AAF5-3A09E0277B3D}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SnagIt 6 --> C:\Program Files\TechSmith\SnagIt 6\SIUNINST.EXE
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> C:\PROGRA~1\WinZip\winzip32.exe /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type21781 / Warning
Event Submitted/Written: 06/12/2008 05:46:17 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{79ED4C4F-C112-4CF4-98D2-2EA68AC11C96}', feature 'ProgramFiles' failed during request for component '{FC3E0B6E-F62B-11D1-B144-00C04F990B2B}'

Event Record #/Type21779 / Warning
Event Submitted/Written: 06/12/2008 05:46:13 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{79ED4C4F-C112-4CF4-98D2-2EA68AC11C96}', feature 'ProgramFiles' failed during request for component '{FC3E0B6E-F62B-11D1-B144-00C04F990B2B}'

Event Record #/Type21777 / Warning
Event Submitted/Written: 06/12/2008 04:05:43 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\Temp\Perflib_Perfdata_91c.dat [00000003]

Event Record #/Type21776 / Warning
Event Submitted/Written: 06/12/2008 03:57:56 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\config\system.LOG [00000003]

Event Record #/Type21775 / Warning
Event Submitted/Written: 06/12/2008 03:57:56 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\config\SYSTEM [00000003]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14173 / Error
Event Submitted/Written: 06/12/2008 11:34:48 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0006F03A-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type14155 / Error
Event Submitted/Written: 06/12/2008 11:31:29 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The iolo System Service service failed to start due to the following error:
%%2

Event Record #/Type14154 / Error
Event Submitted/Written: 06/12/2008 11:31:29 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The iolo FileInfoList Service service failed to start due to the following error:
%%2

Event Record #/Type14145 / Warning
Event Submitted/Written: 06/12/2008 09:48:22 AM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server ldap/xrnbld01.xrn.ny/xrn.ny@xrn.ny. No authentication protocol was available.

Event Record #/Type14144 / Warning
Event Submitted/Written: 06/12/2008 08:09:36 AM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server ldap/xrnbld01.xrn.ny/xrn.ny@xrn.ny. No authentication protocol was available.



-- End of Deckard's System Scanner: finished at 2008-06-12 18:02:46 ------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 12, 2008 18:37:42
Records in database: 856812
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 98718
Threat name: 12
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 02:28:50


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A300000.VBN Infected: Trojan-Downloader.Win32.Winlagons.ji 1
C:\Documents and Settings\dkutrick\My Pictures\ireland2.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\Documents and Settings\dkutrick\My Pictures\ireland2.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\dkutrick\My Pictures\ireland2.exe Infected: not-a-virus:AdWare.Win32.EZula.u 1
C:\Documents and Settings\dkutrick\My Pictures\ireland2.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\Documents and Settings\dkutrick\My Pictures\ireland2.exe Infected: not-a-virus:AdWare.Win32.WebRebates.t 1
C:\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe Infected: Trojan-Dropper.Win32.Small.jh 1
C:\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe Infected: Trojan-Downloader.Win32.Wren.d 1
C:\Documents and Settings\dkutrick\My Pictures\spiderman5.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\Documents and Settings\dkutrick\My Pictures\spiderman5.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\dkutrick\My Pictures\spiderman5.exe Infected: Trojan-Dropper.Win32.Small.jh 1
C:\Documents and Settings\dkutrick\My Pictures\spiderman5.exe Infected: Trojan-Downloader.Win32.Wren.d 1
C:\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe Infected: not-a-virus:AdWare.Win32.EZula.cp 1
C:\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe Infected: Trojan-Dropper.Win32.Small.jh 1
C:\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe Infected: Trojan-Downloader.Win32.Small.akj 1
C:\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe Infected: Trojan-Downloader.Win32.Agent.er 1
C:\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe Infected: not-a-virus:AdWare.Win32.EZula.z 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 13 June 2008 - 02:59 PM

HI

You are running an out-of-date version of java

Go to add/remove programs and uninstall any earlier versions ... in your case all these :-

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 6' and press the 'Download' button.


Running an out-of-date version of java is an infection risk.

-
Your hijackthis log is clean, however I want to draw your attention to the entries in the Trusted Zone

O15 - Trusted Zone: ftp://ftp.dialshows.com (HKCU)
O15 - Trusted Zone: *.ftp (HKCU)
O15 - Trusted Zone: https://www.mrmasteronline.com (HKCU)
O15 - Trusted Zone: http://www.mrmasteronline.com (HKCU)

While these do not appear to be bad/malicious sites, any site in this zone can download and run anything on your computer without asking you first ... it's like going on holiday & giving your house keys to a stranger ... do you really need them in there ... I'll let you decide ...

-
Run hijackthis & delete the backups ... there's no need to keep any of those ...

-
Open your Symantec AntiVirus and empty the Quarantine folder ...

-
Then run the following 2 programs & post the logs :-

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 Dkut

Dkut
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 17 June 2008 - 12:07 PM

Hello Steam,
Thank you for your help. Here are the logs that you requested:

Malwarebytes' Anti-Malware 1.17
Database version: 864

12:50:06 PM 06/17/08
mbam-log-6-17-2008 (12-50-06).txt

Scan type: Quick Scan
Objects scanned: 48552
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 08-06-16.5 - dkutrick 2008-06-17 12:58:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.400 [GMT -4:00]
Running from: C:\Documents and Settings\dkutrick.XRN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dkutrick.XRN\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://xrnbld02
.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Malwarebytes
2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 12:27 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 12:27 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 12:26 . 2008-06-17 12:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 18:10 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 18:09 . 2008-06-13 18:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 17:56 . 2008-06-12 17:56 <DIR> d-------- C:\Deckard
2008-06-12 13:28 . 2008-06-12 13:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-12 13:27 . 2008-06-12 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 04:01 . 2008-06-11 04:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 02:44 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 02:44 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 15:31 . 2008-06-05 15:38 <DIR> d-------- C:\Program Files\iDump
2008-06-05 15:27 . 2008-06-05 15:27 <DIR> d-------- C:\Program Files\iPod To Computer Transfer
2008-06-05 15:27 . 2008-06-05 15:27 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-06-02 12:41 . 2008-06-02 12:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-02 12:41 . 2008-06-02 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 11:01 . 2008-05-27 10:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-27 11:01 . 2008-05-27 11:01 2,550 --a------ C:\WINDOWS\unins000.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 15:55 --------- d-----w C:\Program Files\MediaShooterPro
2008-06-17 15:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-16 14:28 --------- d-----w C:\Program Files\DL_cats
2008-06-13 22:10 --------- d-----w C:\Program Files\Java
2008-06-13 21:40 --------- d-----w C:\Documents and Settings\dkutrick.XRN\Application Data\uTorrent
2008-06-12 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-27 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 15:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 14:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 14:32 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-05-22 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:22 --------- d-----w C:\Program Files\iTunes
2008-05-15 20:21 --------- d-----w C:\Program Files\iPod
2008-05-15 20:18 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 15:42 --------- d-----w C:\Program Files\PPM
2008-05-05 15:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 15:06 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-05 15:06 --------- d-----w C:\Documents and Settings\dkutrick.XRN\Application Data\iolo
2008-05-05 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-05-05 15:04 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-12-31 16:41 190 ----a-w C:\Program Files\Common Files\psasetup.log
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 10:08 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 09:07 843776]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-10-06 17:56 161096]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 10:57 425984]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 16:43 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-11 12:28 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\administrator.XRN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\dkutrick.XRN\Start Menu\Programs\Startup\
MediaShooterPro.lnk - C:\Program Files\MediaShooterPro\MediaShooterPro.exe [2004-08-03 14:09:12 917504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-11 12:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MediaShooterPro\\bin\\mm_rsync.exe"=
"C:\\Documents and Settings\\dkutrick\\Personal\\Programs\\utorrent.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R2 ASFIPmon;Broadcom ASF IP Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 pgsql-8.1;PostgreSQL Database Server 8.1;"C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe" runservice -N "pgsql-8.1" -D "C:\Program Files\PostgreSQL\8.1\data\" []
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 01:29:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 13:02:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0???????????? st??A~??????????????????!?p???????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 13:04:30
ComboFix-quarantined-files.txt 2008-06-17 17:03:39

Pre-Run: 19,333,095,424 bytes free
Post-Run: 19,404,722,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

156 --- E O F --- 2008-06-17 08:01:11

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 17 June 2008 - 03:25 PM

Hi

Two nice clean logs there :thumbsup:

We'll use Combofix to delete the infected files that KASPERSKY found ...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\Documents and Settings\dkutrick\My Pictures\ireland2.exe
C:\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe
C:\Documents and Settings\dkutrick\My Pictures\spiderman5.exe
C:\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe
C:\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Then please run & and post a new KASPERSKY ONLINE SCANNER 7 REPORT

This time when you see select a target to scan:

Select My Computer

NOT C:\

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 Dkut

Dkut
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 19 June 2008 - 10:40 AM

Heres the combofix log, the kaspersky scan is going to take a while as my computer is connected to my work network. Its been running for 24 hours now and is only 4% complete.

ComboFix 08-06-16.5 - dkutrick 2008-06-17 16:59:47.2 - NTFSx86
Running from: C:\Documents and Settings\dkutrick.XRN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dkutrick.XRN\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\dkutrick\My Pictures\ireland2.exe
C:\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe
C:\Documents and Settings\dkutrick\My Pictures\spiderman5.exe
C:\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe
C:\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\dkutrick\My Pictures\ireland2.exe
C:\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe
C:\Documents and Settings\dkutrick\My Pictures\spiderman5.exe
C:\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe
C:\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Malwarebytes
2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 12:27 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 12:27 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 12:26 . 2008-06-17 12:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 18:10 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 18:09 . 2008-06-13 18:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 17:56 . 2008-06-12 17:56 <DIR> d-------- C:\Deckard
2008-06-12 13:28 . 2008-06-12 13:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-12 13:27 . 2008-06-12 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 04:01 . 2008-06-11 04:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 02:44 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 02:44 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 15:31 . 2008-06-05 15:38 <DIR> d-------- C:\Program Files\iDump
2008-06-05 15:27 . 2008-06-05 15:27 <DIR> d-------- C:\Program Files\iPod To Computer Transfer
2008-06-05 15:27 . 2008-06-05 15:27 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-06-02 12:41 . 2008-06-02 12:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-02 12:41 . 2008-06-02 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 11:01 . 2008-05-27 10:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-27 11:01 . 2008-05-27 11:01 2,550 --a------ C:\WINDOWS\unins000.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 20:55 --------- d-----w C:\Program Files\DL_cats
2008-06-17 15:55 --------- d-----w C:\Program Files\MediaShooterPro
2008-06-17 15:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-13 22:10 --------- d-----w C:\Program Files\Java
2008-06-13 21:40 --------- d-----w C:\Documents and Settings\dkutrick.XRN\Application Data\uTorrent
2008-06-12 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-27 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 15:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 14:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 14:32 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-05-22 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:22 --------- d-----w C:\Program Files\iTunes
2008-05-15 20:21 --------- d-----w C:\Program Files\iPod
2008-05-15 20:18 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 15:42 --------- d-----w C:\Program Files\PPM
2008-05-05 15:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 15:06 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-05 15:06 --------- d-----w C:\Documents and Settings\dkutrick.XRN\Application Data\iolo
2008-05-05 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-05-05 15:04 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-12-31 16:41 190 ----a-w C:\Program Files\Common Files\psasetup.log
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 10:08 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 20:04 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 09:07 843776]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-10-06 17:56 161096]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 10:57 425984]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 16:43 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-11 12:28 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\administrator.XRN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\dkutrick.XRN\Start Menu\Programs\Startup\
MediaShooterPro.lnk - C:\Program Files\MediaShooterPro\MediaShooterPro.exe [2004-08-03 14:09:12 917504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-11 12:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MediaShooterPro\\bin\\mm_rsync.exe"=
"C:\\Documents and Settings\\dkutrick\\Personal\\Programs\\utorrent.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R2 ASFIPmon;Broadcom ASF IP Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 pgsql-8.1;PostgreSQL Database Server 8.1;"C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe" runservice -N "pgsql-8.1" -D "C:\Program Files\PostgreSQL\8.1\data\" []
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 01:29:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 17:06:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0???????????? st??A~??????????????????!?p???????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 17:09:03
ComboFix-quarantined-files.txt 2008-06-17 21:08:26
ComboFix2.txt 2008-06-17 17:04:31

Pre-Run: 19,581,571,072 bytes free
Post-Run: 19,664,543,744 bytes free

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 19 June 2008 - 03:54 PM

HI

kaspersky scan is going to take a while as my computer is connected to my work network. Its been running for 24 hours now and is only 4% complete.


MY goodness!!!

I've known a scan take 10 hours ... but that's not right .... at that speed it will take a month :thumbsup:

Do you have any very large external hard drives connected ? maybe it's scanning your whole network ? :)

Cancel the scan (if you haven't already) & if you can vouch for any of the drives/partitions as being clean ... exclude them.... I'd be happy to just to see a report from C:\ drive again :thumbup2:

It's for your benefit I wanted to see it scan "my computer" in case you had malware on another drive ...

I'll leave it to you to decide what areas to scan ... but do this first, before you start the scan again, it will get rid of a lot of unnecessary files, thus leaving less to scan :-

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Posted Image

THEN...

Please Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's
(leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's
(leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm

...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 Dkut

Dkut
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 07 July 2008 - 09:22 AM

Hi Steam,
Ive run CCleaner, and here is the log of the most recent Kaspersky scan. My computers performance has not improved, in fact its gotten worse, serious lag time and continuing to get popups. Thanks for your help!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, July 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 03, 2008 17:13:27
Records in database: 910775
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 96359
Threat name: 14
Infected objects: 31
Suspicious objects: 0
Duration of the scan: 02:59:29


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540000.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540001.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540002.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540003.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540004.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.EZula.u 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.WebRebates.t 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe.vir Infected: Trojan-Dropper.Win32.Small.jh 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe.vir Infected: Trojan-Downloader.Win32.Wren.d 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman5.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman5.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman5.exe.vir Infected: Trojan-Dropper.Win32.Small.jh 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman5.exe.vir Infected: Trojan-Downloader.Win32.Wren.d 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: not-a-virus:AdWare.Win32.EZula.cp 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: Trojan-Dropper.Win32.Small.jh 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: Trojan-Downloader.Win32.Small.akj 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: Trojan-Downloader.Win32.Agent.er 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: not-a-virus:AdWare.Win32.EZula.z 1
C:\RECYCLER\S-1-5-21-939092664-2730936519-3434886985-1626\Dc114.exe Infected: Trojan-Downloader.Win32.Tiny.bqa 1
C:\WINDOWS\system32\jkkHBTJC.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\system32\vtUkkifg.dll Infected: Trojan.Win32.Monderc.gen 1

The selected area was scanned.

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 07 July 2008 - 06:18 PM

Hi

I'm afraid you can't post on Jun 19 then wait until July 7 to make your next post ... malware will not wait for you to remove it, it will increase as it has on your computer ... we are going to need to start again ...

Start with new DSS logs ... then run Malwarebytes again (remember to check for updates before running it)

My last post included instructions to uninstall Combofix, you haven't done this & can't because the Combofix version you have is now out of date and will not uninstall ... no matter ... delete the Combofix.exe file from your desktop (if you tried to uninstall Combofix, this will probably be missing ...it's the only part of combofix that will have been removed) ... download a new copy of combofix run it again & post the new log.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 Dkut

Dkut
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 09 July 2008 - 02:34 PM

HI Steam,
Sorry for the delay, I have been on vacation and have just returned recently. Here are the logs that you requested, I will do my best to respond in a timely manner, thanks much.

Deckard's System Scanner v20071014.68
Run by dkutrick on 2008-07-09 10:21:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as dkutrick.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:48 AM, on 7/9/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\SYMANT~1\DWHWIZRD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\dkutrick.XRN\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dkutrick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dial-global.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070305
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOffice...p;p2=5&p3=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {2C85BBB3-0392-421C-894A-7BDB153F153F} - C:\WINDOWS\system32\urqRHaYS.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7D3C7FA8-2270-4E6E-8758-87F33B8B3721} - C:\WINDOWS\system32\jkkHBTJC.dll
O2 - BHO: (no name) - {98B25E91-4608-4FE4-B3D2-B1955A544761} - C:\WINDOWS\system32\hgGwxYqr.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B04FD561-D03B-41BA-A853-92088EB94FC8} - C:\WINDOWS\system32\rqRIbyWn.dll
O2 - BHO: {0da54f4d-7bb0-1818-b604-d30107f1583e} - {e3851f70-103d-406b-8181-0bb7d4f45ad0} - C:\WINDOWS\system32\lcdzvp.dll
O2 - BHO: (no name) - {FFD6B245-974F-4B2A-8844-795094786537} - C:\WINDOWS\system32\dDsRhebc.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [a4688fea] rundll32.exe "C:\WINDOWS\system32\qlwvefjq.dll",b
O4 - HKLM\..\Run: [BMa75bbc76] Rundll32.exe "C:\WINDOWS\system32\cbjrbjmy.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: MediaShooterPro.lnk = C:\Program Files\MediaShooterPro\MediaShooterPro.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ftp
O15 - Trusted Zone: http://www.mrmasteronline.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199459051937
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xrn.ny
O17 - HKLM\Software\..\Telephony: DomainName = xrn.ny
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xrn.ny
O20 - Winlogon Notify: jkkHBTJC - C:\WINDOWS\SYSTEM32\jkkHBTJC.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10878 bytes

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-07 16:10:26 103424 --a------ C:\WINDOWS\system32\lcdzvp.dll
2008-07-07 16:10:24 103424 --a------ C:\WINDOWS\system32\lqolfwvl.dll
2008-07-07 16:08:29 78336 --a------ C:\WINDOWS\system32\qlwvefjq.dll
2008-07-07 16:08:18 91648 --a------ C:\WINDOWS\system32\cbjrbjmy.dll
2008-07-07 16:07:21 626781 --ahs---- C:\WINDOWS\system32\nWybIRqr.ini2
2008-07-07 16:07:17 320512 --a------ C:\WINDOWS\system32\rqRIbyWn.dll
2008-07-07 10:21:52 0 --a------ C:\WINDOWS\system32\nuzhqg.dll
2008-07-07 10:21:51 0 --a------ C:\WINDOWS\system32\ucifpyef.dll
2008-07-07 10:21:09 2911 --ahs---- C:\WINDOWS\system32\rqYxwGgh.ini2
2008-07-03 12:57:44 0 dr-h----- C:\Documents and Settings\dkutrick.XRN\Recent
2008-07-03 12:43:40 0 --a------ C:\WINDOWS\system32\fcvtcf.dll
2008-07-03 12:43:36 0 --a------ C:\WINDOWS\system32\flwnslep.dll
2008-07-03 12:01:26 676268 --ahs---- C:\WINDOWS\system32\cbehRsDd.ini2
2008-07-02 14:14:06 582 --ahs---- C:\WINDOWS\system32\SYaHRqru.ini2
2008-07-02 14:08:53 25600 --a------ C:\WINDOWS\system32\vtUkkifg.dll
2008-07-02 14:08:53 25600 --a------ C:\WINDOWS\system32\jkkHBTJC.dll
2008-06-26 19:05:52 0 d-------- C:\X Prep Adult - 5 Minutes 06.16.08
2008-06-26 19:05:52 0 d-------- C:\Short Bus Imaging Service 06.16.08
2008-06-26 19:05:52 0 d-------- C:\RD1 X Prep Gold 06.16.08
2008-06-26 19:05:52 0 d-------- C:\RD1 X 7 Ross Brittain 06.16.08
2008-06-26 19:05:52 0 d-------- C:\RD1 X 7 Radio Guest Quest 06.16.08
2008-06-26 19:05:52 0 d-------- C:\RD1 X 7 Prep Services 06.16.08
2008-06-24 14:01:49 479232 --a------ C:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-06-24 14:01:48 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2008-06-24 14:01:48 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-24 14:01:48 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2008-06-24 14:01:48 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-06-24 14:01:48 458752 --a------ C:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-06-24 14:01:48 454656 --a------ C:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-06-24 14:01:48 1212416 --a------ C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-06-24 14:01:48 1986560 --a------ C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-06-24 14:01:48 417792 --a------ C:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-06-24 14:01:48 2084864 --a------ C:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-06-24 14:01:47 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-24 14:01:47 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-06-24 14:01:46 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-24 14:01:46 0 d-------- C:\Program Files\Free Audio Pack
2008-06-19 15:06:17 0 d-------- C:\Documents and Settings\dkutrick.XRN\TOSHIBA
2008-06-19 15:05:06 286720 --a------ C:\WINDOWS\system32\eSTsnmp.dll
2008-06-17 12:58:01 0 d-------- C:\cmdcons
2008-06-17 12:56:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-17 12:56:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-17 12:56:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-17 12:56:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-17 12:56:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-17 12:56:38 98816 --a------ C:\WINDOWS\sed.exe
2008-06-17 12:56:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-17 12:56:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-17 12:27:49 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Malwarebytes
2008-06-17 12:27:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 12:27:45 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 12:26:11 0 d-------- C:\Program Files\Trend Micro
2008-06-13 18:09:10 0 d-------- C:\Program Files\Common Files\Java
2008-06-12 13:28:32 0 d-------- C:\Program Files\Lavasoft
2008-06-12 13:27:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-07-07 18:44:28 0 d-------- C:\Program Files\DL_cats
2008-07-07 16:43:36 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-07 16:39:47 137518 --a------ C:\Documents and Settings\dkutrick.XRN\Application Data\Barracuda-WhiteList.xml
2008-07-03 10:32:15 0 d-------- C:\Program Files\Google
2008-07-02 15:08:05 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\uTorrent
2008-06-30 12:16:43 0 d-------- C:\Program Files\Dell Photo AIO Printer 962
2008-06-17 11:55:04 0 d-------- C:\Program Files\MediaShooterPro
2008-06-13 18:10:45 0 d-------- C:\Program Files\Java
2008-06-13 18:09:10 0 d-------- C:\Program Files\Common Files
2008-06-05 15:38:53 0 d-------- C:\Program Files\iDump
2008-06-05 15:27:47 0 d-------- C:\Program Files\Common Files\eSellerate
2008-06-05 15:27:30 0 d-------- C:\Program Files\iPod To Computer Transfer
2008-05-27 11:01:18 2550 --a------ C:\WINDOWS\unins000.dat
2008-05-27 10:56:40 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-27 10:32:21 0 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-27 10:32:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 16:22:48 0 d-------- C:\Program Files\iTunes
2008-05-15 16:21:48 0 d-------- C:\Program Files\iPod
2008-05-15 16:18:41 0 d-------- C:\Program Files\QuickTime
2008-05-15 11:24:07 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Adobe
2008-05-05 11:04:09 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-30 18:01:48 1697572 --a------ C:\WINDOWS\system32\SNAGIT6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C85BBB3-0392-421C-894A-7BDB153F153F}]
C:\WINDOWS\system32\urqRHaYS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}]
07/02/08 02:08 PM 25600 --a------ C:\WINDOWS\system32\jkkHBTJC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B25E91-4608-4FE4-B3D2-B1955A544761}]
C:\WINDOWS\system32\hgGwxYqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B04FD561-D03B-41BA-A853-92088EB94FC8}]
07/07/08 04:07 PM 320512 --a------ C:\WINDOWS\system32\rqRIbyWn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3851f70-103d-406b-8181-0bb7d4f45ad0}]
07/07/08 04:10 PM 103424 --a------ C:\WINDOWS\system32\lcdzvp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFD6B245-974F-4B2A-8844-795094786537}]
C:\WINDOWS\system32\dDsRhebc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [11/08/06 04:01 PM C:\WINDOWS\system32\ico.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/06 09:07 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/09/04 08:31 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [10/06/04 05:56 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/08 08:54 PM]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [01/18/05 10:57 AM]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [12/07/04 04:43 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/11/07 12:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/08 10:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/08 11:37 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/08 04:28 AM]
"a4688fea"="C:\WINDOWS\system32\qlwvefjq.dll" [07/07/08 04:08 PM]
"BMa75bbc76"="C:\WINDOWS\system32\cbjrbjmy.dll" [07/07/08 04:08 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/04 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/02/08 01:47 PM]

C:\Documents and Settings\dkutrick.XRN\Start Menu\Programs\Startup\
MediaShooterPro.lnk - C:\Program Files\MediaShooterPro\MediaShooterPro.exe [8/3/04 2:09:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/07 3:40:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/07 03:39 PM 294400]
"{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}"= C:\WINDOWS\system32\jkkHBTJC.dll [07/02/08 02:08 PM 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHBTJC]
jkkHBTJC.dll 07/02/08 02:08 PM 25600 C:\WINDOWS\system32\jkkHBTJC.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRIbyWn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2008-07-09 10:25:08 ------------

ComboFix 08-07-08.9 - dkutrick 2008-07-09 14:57:43.3 - NTFSx86
Running from: C:\Documents and Settings\dkutrick.XRN\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbehRsDd.ini
C:\WINDOWS\system32\cbehRsDd.ini2
C:\WINDOWS\system32\crqyuomw.ini
C:\WINDOWS\system32\jkkHBTJC.dll
C:\WINDOWS\system32\lcdzvp.dll
C:\WINDOWS\system32\lqolfwvl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nWybIRqr.ini
C:\WINDOWS\system32\nWybIRqr.ini2
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\qjfevwlq.ini
C:\WINDOWS\system32\qjfevwlq.ini2
C:\WINDOWS\system32\qjfevwlq.tmp
C:\WINDOWS\system32\qlwvefjq.dll
C:\WINDOWS\system32\rqRIbyWn.dll
C:\WINDOWS\system32\rqYxwGgh.ini
C:\WINDOWS\system32\rqYxwGgh.ini2
C:\WINDOWS\system32\SYaHRqru.ini
C:\WINDOWS\system32\SYaHRqru.ini2
C:\WINDOWS\system32\vtUkkifg.dll
C:\WINDOWS\system32\wnmjsfta.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-07 16:08 . 2008-07-09 11:50 110,415 --a------ C:\WINDOWS\BMa75bbc76.xml
2008-07-07 10:21 . 2008-07-07 10:21 318,976 --a------ C:\WINDOWS\system32\hgGwxYqr.dll_old
2008-07-03 12:46 . 2008-07-03 12:46 233 --ahs---- C:\WINDOWS\system32\wnmjsfta.tmp
2008-07-03 10:34 . 2008-07-03 10:34 1,718,692 --ahs---- C:\WINDOWS\system32\uiiqgvqd.tmp
2008-07-02 16:20 . 2008-07-02 16:20 1,714,850 --ahs---- C:\WINDOWS\system32\xwhkdpwn.tmp
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\X Prep Adult - 5 Minutes 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\Short Bus Imaging Service 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\RD1 X Prep Gold 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\RD1 X 7 Ross Brittain 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\RD1 X 7 Radio Guest Quest 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\RD1 X 7 Prep Services 06.16.08
2008-06-24 14:01 . 2008-06-24 14:01 <DIR> d-------- C:\Program Files\Free Audio Pack
2008-06-19 15:06 . 2008-06-19 15:06 <DIR> d-------- C:\Documents and Settings\dkutrick.XRN\TOSHIBA
2008-06-19 15:05 . 2007-06-04 10:35 286,720 --a------ C:\WINDOWS\system32\eSTsnmp.dll
2008-06-17 12:54 . 2008-06-17 12:54 4,608,744 --a------ C:\Documents and Settings\dkutrick\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2008-06-17 12:27 . 2008-07-09 10:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Malwarebytes
2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 12:27 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 12:27 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 12:26 . 2008-06-17 12:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 18:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 18:09 . 2008-06-13 18:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 17:56 . 2008-06-12 17:56 <DIR> d-------- C:\Deckard
2008-06-12 13:28 . 2008-06-12 13:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-12 13:27 . 2008-06-12 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 02:44 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 02:44 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 19:17 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-09 18:45 --------- d-----w C:\Program Files\Java
2008-07-09 15:31 --------- d-----w C:\Program Files\DL_cats
2008-07-07 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 14:32 --------- d-----w C:\Program Files\Google
2008-07-02 19:08 --------- d-----w C:\Documents and Settings\dkutrick.XRN\Application Data\uTorrent
2008-06-30 16:16 --------- d-----w C:\Program Files\Dell Photo AIO Printer 962
2008-06-17 15:55 --------- d-----w C:\Program Files\MediaShooterPro
2008-06-12 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 19:38 --------- d-----w C:\Program Files\iDump
2008-06-05 19:27 --------- d-----w C:\Program Files\iPod To Computer Transfer
2008-06-05 19:27 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-06-02 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 15:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 14:56 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-05-27 14:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 14:32 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-05-22 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-15 20:22 --------- d-----w C:\Program Files\iTunes
2008-05-15 20:21 --------- d-----w C:\Program Files\iPod
2008-05-15 20:18 --------- d-----w C:\Program Files\QuickTime
2007-12-31 16:41 190 ----a-w C:\Program Files\Common Files\psasetup.log
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-17_13.03.14.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 15:09:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 19:17:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
- 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2005-02-24 18:10:10 2,084,864 ----a-w C:\WINDOWS\system32\AudDesign.dll
+ 2005-02-24 18:10:30 417,792 ----a-w C:\WINDOWS\system32\AudDisplay.dll
+ 2005-03-11 23:37:10 1,986,560 ----a-w C:\WINDOWS\system32\AudFile.dll
+ 2005-02-24 18:11:06 1,212,416 ----a-w C:\WINDOWS\system32\AudioInfos.dll
+ 2005-03-10 22:00:30 454,656 ----a-w C:\WINDOWS\system32\AudioRecord.dll
+ 2005-02-24 18:11:56 479,232 ----a-w C:\WINDOWS\system32\AudioVisu.dll
+ 2005-02-24 21:21:12 458,752 ----a-w C:\WINDOWS\system32\AudPlayer.dll
+ 1998-07-13 01:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
- 2004-12-16 14:33:32 368,640 ----a-w C:\WINDOWS\system32\dlbxcfg.exe
+ 2004-12-16 15:33:32 368,640 ----a-w C:\WINDOWS\system32\dlbxcfg.exe
- 2004-12-16 14:33:28 663,552 ----a-w C:\WINDOWS\system32\dlbxcomc.dll
+ 2004-12-16 15:33:28 663,552 ----a-w C:\WINDOWS\system32\dlbxcomc.dll
- 2004-12-16 14:33:38 401,408 ----a-w C:\WINDOWS\system32\dlbxcomm.dll
+ 2004-12-16 15:33:38 401,408 ----a-w C:\WINDOWS\system32\dlbxcomm.dll
- 2005-01-20 08:53:44 69,632 ----a-w C:\WINDOWS\system32\dlbxcu.dll
+ 2005-01-20 09:53:44 69,632 ----a-w C:\WINDOWS\system32\dlbxcu.dll
- 2005-01-20 08:54:28 77,824 ----a-w C:\WINDOWS\system32\dlbxcub.dll
+ 2005-01-20 09:54:28 77,824 ----a-w C:\WINDOWS\system32\dlbxcub.dll
- 2005-01-20 08:55:48 32,768 ----a-w C:\WINDOWS\system32\dlbxcur.dll
+ 2005-01-20 09:55:48 32,768 ----a-w C:\WINDOWS\system32\dlbxcur.dll
- 2004-12-16 14:27:26 507,904 ----a-w C:\WINDOWS\system32\dlbxhbn1.dll
+ 2004-12-16 15:27:26 507,904 ----a-w C:\WINDOWS\system32\dlbxhbn1.dll
- 2004-12-16 14:33:16 741,376 ----a-w C:\WINDOWS\system32\dlbxhbn3.dll
+ 2004-12-16 15:33:16 741,376 ----a-w C:\WINDOWS\system32\dlbxhbn3.dll
- 2004-12-16 14:29:48 356,352 ----a-w C:\WINDOWS\system32\dlbxih.exe
+ 2004-12-16 15:29:48 356,352 ----a-w C:\WINDOWS\system32\dlbxih.exe
- 2005-01-20 08:54:18 139,264 ----a-w C:\WINDOWS\system32\dlbxins.dll
+ 2005-01-20 09:54:18 139,264 ----a-w C:\WINDOWS\system32\dlbxins.dll
- 2005-01-20 08:54:40 176,128 ----a-w C:\WINDOWS\system32\dlbxinsb.dll
+ 2005-01-20 09:54:40 176,128 ----a-w C:\WINDOWS\system32\dlbxinsb.dll
- 2005-01-20 08:56:00 98,304 ----a-w C:\WINDOWS\system32\dlbxinsr.dll
+ 2005-01-20 09:56:00 98,304 ----a-w C:\WINDOWS\system32\dlbxinsr.dll
- 2005-01-20 08:55:24 135,168 ----a-w C:\WINDOWS\system32\dlbxjswr.dll
+ 2005-01-20 09:55:24 135,168 ----a-w C:\WINDOWS\system32\dlbxjswr.dll
- 2004-12-16 14:36:56 630,784 ----a-w C:\WINDOWS\system32\dlbxpmui.dll
+ 2004-12-16 15:36:56 630,784 ----a-w C:\WINDOWS\system32\dlbxpmui.dll
- 2004-12-16 14:27:02 114,688 ----a-w C:\WINDOWS\system32\dlbxpplc.dll
+ 2004-12-16 15:27:02 114,688 ----a-w C:\WINDOWS\system32\dlbxpplc.dll
- 2004-12-16 14:36:10 1,146,880 ----a-w C:\WINDOWS\system32\dlbxserv.dll
+ 2004-12-16 15:36:10 1,146,880 ----a-w C:\WINDOWS\system32\dlbxserv.dll
- 2004-12-16 14:32:16 1,085,440 ----a-w C:\WINDOWS\system32\dlbxusb1.dll
+ 2004-12-16 15:32:16 1,085,440 ----a-w C:\WINDOWS\system32\dlbxusb1.dll
- 2005-01-20 08:46:32 397,312 ----a-w C:\WINDOWS\system32\dlbxutil.dll
+ 2005-01-20 09:46:32 397,312 ----a-w C:\WINDOWS\system32\dlbxutil.dll
+ 1998-07-13 05:00:00 15,360 ----a-w C:\WINDOWS\system32\inetfr.DLL
- 2008-03-25 05:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-03-25 05:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-03-25 06:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2003-08-07 18:01:50 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
+ 2003-08-07 21:01:50 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2008-02-11 17:03:33 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-17 21:09:42 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 1998-07-13 05:00:00 59,904 ----a-w C:\WINDOWS\system32\Mscc2fr.dll
+ 1998-07-13 05:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
- 2003-06-19 16:05:04 1,385,744 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-24 01:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
- 2004-11-09 18:27:22 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcfg.dll
+ 2004-11-09 19:27:22 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcfg.dll
- 2004-12-16 14:33:32 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcfg.exe
+ 2004-12-16 15:33:32 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcfg.exe
- 2004-12-16 14:33:28 663,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcomc.dll
+ 2004-12-16 15:33:28 663,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcomc.dll
- 2004-12-16 14:33:38 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcomm.dll
+ 2004-12-16 15:33:38 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcomm.dll
- 2004-12-16 14:26:58 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcoms.exe
+ 2004-12-16 15:26:58 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxcoms.exe
- 2005-01-20 08:53:44 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxCU.DLL
+ 2005-01-20 09:53:44 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxCU.DLL
- 2005-01-20 08:54:28 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxCUB.DLL
+ 2005-01-20 09:54:28 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxCUB.DLL
- 2005-01-20 08:55:48 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxCUR.DLL
+ 2005-01-20 09:55:48 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxCUR.DLL
- 2004-12-16 14:14:08 116,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxDR5C.DLL
+ 2004-12-16 15:14:08 116,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxDR5C.DLL
- 2004-10-20 12:37:12 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxFLIB.DLL
+ 2004-10-20 13:37:12 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxFLIB.DLL
- 2004-12-16 14:27:26 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxhbn1.dll
+ 2004-12-16 15:27:26 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxhbn1.dll
- 2004-12-16 14:33:16 741,376 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxhbn3.dll
+ 2004-12-16 15:33:16 741,376 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxhbn3.dll
- 2004-10-20 12:37:14 413,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxHPEC.DLL
+ 2004-10-20 13:37:14 413,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxHPEC.DLL
- 2004-10-20 12:37:16 704,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxHPEH.DLL
+ 2004-10-20 13:37:16 704,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxHPEH.DLL
- 2004-10-20 12:37:18 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxHPEP.DLL
+ 2004-10-20 13:37:18 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxHPEP.DLL
- 2004-12-16 14:29:48 356,352 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxih.exe
+ 2004-12-16 15:29:48 356,352 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxih.exe
- 2005-01-20 08:54:18 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxins.dll
+ 2005-01-20 09:54:18 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxins.dll
- 2005-01-20 08:54:40 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxINSB.DLL
+ 2005-01-20 09:54:40 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxINSB.DLL
- 2005-01-20 08:56:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxinsr.dll
+ 2005-01-20 09:56:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxinsr.dll
- 2005-01-20 08:47:16 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxJSW.DLL
+ 2005-01-20 09:47:16 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxJSW.DLL
- 2005-01-20 08:54:40 471,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxJSWB.DLL
+ 2005-01-20 09:54:40 471,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxJSWB.DLL
- 2005-01-20 08:55:24 135,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxJSWR.DLL
+ 2005-01-20 09:55:24 135,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxJSWR.DLL
- 2004-12-16 14:33:48 483,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxlmpm.dll
+ 2004-12-16 15:33:48 483,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxlmpm.dll
- 2005-01-20 08:50:30 995,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxLPA.DLL
+ 2005-01-20 09:50:30 995,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxLPA.DLL
- 2005-01-20 08:54:52 5,480,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxLPAB.DLL
+ 2005-01-20 09:54:52 5,480,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxLPAB.DLL
- 2005-01-20 08:55:38 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxLPAR.DLL
+ 2005-01-20 09:55:38 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxLPAR.DLL
- 2004-12-16 14:15:16 4,096 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPCFG.DLL
+ 2004-12-16 15:15:16 4,096 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPCFG.DLL
- 2004-12-16 14:36:56 630,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxpmui.dll
+ 2004-12-16 15:36:56 630,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxpmui.dll
- 2004-12-16 14:15:10 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPP5C.DLL
+ 2004-12-16 15:15:10 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPP5C.DLL
- 2004-12-16 14:27:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxpplc.dll
+ 2004-12-16 15:27:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxpplc.dll
- 2004-12-16 14:26:48 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxprox.dll
+ 2004-12-16 15:26:48 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxprox.dll
- 2005-01-20 08:53:16 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPRP.DLL
+ 2005-01-20 09:53:16 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPRP.DLL
- 2005-01-20 08:55:14 1,990,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPRPB.DLL
+ 2005-01-20 09:55:14 1,990,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPRPB.DLL
- 2005-01-20 08:55:48 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPRPR.DLL
+ 2005-01-20 09:55:48 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPRPR.DLL
- 2005-01-20 08:51:26 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSW.DLL
+ 2005-01-20 09:51:26 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSW.DLL
- 2005-01-20 08:55:14 757,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSWB.DLL
+ 2005-01-20 09:55:14 757,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSWB.DLL
- 2005-01-20 08:55:38 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSWR.DLL
+ 2005-01-20 09:55:38 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSWR.DLL
- 2004-12-15 17:46:10 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSWX.EXE
+ 2004-12-15 18:46:10 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSWX.EXE
- 2004-12-16 14:36:10 1,146,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxserv.dll
+ 2004-12-16 15:36:10 1,146,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxserv.dll
- 2004-12-16 14:24:38 295,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxSTRN.DLL
+ 2004-12-16 15:24:38 295,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxSTRN.DLL
- 2004-12-16 14:14:42 56,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUI5C.DLL
+ 2004-12-16 15:14:42 56,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUI5C.DLL
- 2005-01-10 13:56:18 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxunst.exe
+ 2005-01-10 14:56:18 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxunst.exe
- 2005-01-20 08:53:32 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUPD.DLL
+ 2005-01-20 09:53:32 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUPD.DLL
- 2005-01-20 08:55:26 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUPDB.DLL
+ 2005-01-20 09:55:26 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUPDB.DLL
- 2005-01-20 08:56:12 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUPDR.DLL
+ 2005-01-20 09:56:12 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUPDR.DLL
- 2004-12-16 14:32:16 1,085,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxusb1.dll
+ 2004-12-16 15:32:16 1,085,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxusb1.dll
- 2005-01-20 08:46:32 397,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUTIL.DLL
+ 2005-01-20 09:46:32 397,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUTIL.DLL
+ 2007-06-09 18:52:34 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cCCFG.dll
+ 2007-04-16 16:26:02 163,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cCDTP.dll
+ 2007-06-08 13:12:42 53,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cCIP.dll
+ 2007-06-09 18:53:32 856,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cPCF.dll
+ 2007-07-16 16:19:54 1,949,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cPrc.dll
+ 2007-06-08 13:12:40 290,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cx3.dll
+ 2007-07-27 15:54:58 1,490,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cx3ui.dll
+ 2007-06-08 13:12:40 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cx3wm.exe
+ 2007-06-05 13:17:16 232,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cxeu.bin
+ 2007-06-05 13:17:30 232,826 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cxjp.bin
+ 2007-06-05 13:17:00 228,348 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cxuc.bin
+ 2007-06-08 13:12:40 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eS3cxum.dll
+ 2007-08-23 15:48:16 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eSPDLD.dll
+ 2007-08-10 11:19:32 20,480 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eSPDLDLG.dll
+ 2007-06-04 14:35:18 286,720 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\eSTsnmp.dll
- 2005-03-24 23:12:26 138,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2007-02-17 14:03:07 138,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
- 2005-03-24 23:12:28 480,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2007-02-17 14:03:08 480,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2004-11-09 18:27:22 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcfg.dll
+ 2004-11-09 19:27:22 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcfg.dll
- 2004-12-16 14:33:32 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcfg.exe
+ 2004-12-16 15:33:32 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcfg.exe
- 2004-12-16 14:33:28 663,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcomc.dll
+ 2004-12-16 15:33:28 663,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcomc.dll
- 2004-12-16 14:33:38 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcomm.dll
+ 2004-12-16 15:33:38 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcomm.dll
- 2004-12-16 14:26:58 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcoms.exe
+ 2004-12-16 15:26:58 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxcoms.exe
- 2005-01-20 08:53:44 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxCU.DLL
+ 2005-01-20 09:53:44 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxCU.DLL
- 2005-01-20 08:54:28 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxCUB.DLL
+ 2005-01-20 09:54:28 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxCUB.DLL
- 2005-01-20 08:55:48 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxCUR.DLL
+ 2005-01-20 09:55:48 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxCUR.DLL
- 2004-12-16 14:14:08 116,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxDR5C.DLL
+ 2004-12-16 15:14:08 116,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxDR5C.DLL
- 2004-10-20 12:37:12 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxFLIB.DLL
+ 2004-10-20 13:37:12 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxFLIB.DLL
- 2004-12-16 14:27:26 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxhbn1.dll
+ 2004-12-16 15:27:26 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxhbn1.dll
- 2004-12-16 14:33:16 741,376 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxhbn3.dll
+ 2004-12-16 15:33:16 741,376 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxhbn3.dll
- 2004-10-20 12:37:14 413,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxHPEC.DLL
+ 2004-10-20 13:37:14 413,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxHPEC.DLL
- 2004-10-20 12:37:16 704,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxHPEH.DLL
+ 2004-10-20 13:37:16 704,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxHPEH.DLL
- 2004-10-20 12:37:18 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxHPEP.DLL
+ 2004-10-20 13:37:18 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxHPEP.DLL
- 2004-12-16 14:29:48 356,352 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxih.exe
+ 2004-12-16 15:29:48 356,352 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxih.exe
- 2005-01-20 08:54:18 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxins.dll
+ 2005-01-20 09:54:18 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxins.dll
- 2005-01-20 08:54:40 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxINSB.DLL
+ 2005-01-20 09:54:40 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxINSB.DLL
- 2005-01-20 08:56:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxinsr.dll
+ 2005-01-20 09:56:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxinsr.dll
- 2005-01-20 08:47:16 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxJSW.DLL
+ 2005-01-20 09:47:16 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxJSW.DLL
- 2005-01-20 08:54:40 471,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxJSWB.DLL
+ 2005-01-20 09:54:40 471,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxJSWB.DLL
- 2005-01-20 08:55:24 135,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxJSWR.DLL
+ 2005-01-20 09:55:24 135,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxJSWR.DLL
- 2004-12-16 14:33:48 483,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxlmpm.dll
+ 2004-12-16 15:33:48 483,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxlmpm.dll
- 2005-01-20 08:50:30 995,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxLPA.DLL
+ 2005-01-20 09:50:30 995,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxLPA.DLL
- 2005-01-20 08:54:52 5,480,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxLPAB.DLL
+ 2005-01-20 09:54:52 5,480,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxLPAB.DLL
- 2005-01-20 08:55:38 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxLPAR.DLL
+ 2005-01-20 09:55:38 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxLPAR.DLL
- 2004-12-16 14:15:16 4,096 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPCFG.DLL
+ 2004-12-16 15:15:16 4,096 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPCFG.DLL
- 2004-12-16 14:36:56 630,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxpmui.dll
+ 2004-12-16 15:36:56 630,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxpmui.dll
- 2004-12-16 14:15:10 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPP5C.DLL
+ 2004-12-16 15:15:10 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPP5C.DLL
- 2004-12-16 14:27:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxpplc.dll
+ 2004-12-16 15:27:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxpplc.dll
- 2004-12-16 14:26:48 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxprox.dll
+ 2004-12-16 15:26:48 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxprox.dll
- 2005-01-20 08:53:16 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPRP.DLL
+ 2005-01-20 09:53:16 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPRP.DLL
- 2005-01-20 08:55:14 1,990,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPRPB.DLL
+ 2005-01-20 09:55:14 1,990,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPRPB.DLL
- 2005-01-20 08:55:48 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPRPR.DLL
+ 2005-01-20 09:55:48 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPRPR.DLL
- 2005-01-20 08:51:26 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPSW.DLL
+ 2005-01-20 09:51:26 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPSW.DLL
- 2005-01-20 08:55:14 757,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPSWB.DLL
+ 2005-01-20 09:55:14 757,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPSWB.DLL
- 2005-01-20 08:55:38 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPSWR.DLL
+ 2005-01-20 09:55:38 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPSWR.DLL
- 2004-12-15 17:46:10 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPSWX.EXE
+ 2004-12-15 18:46:10 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxPSWX.EXE
- 2004-12-16 14:36:10 1,146,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxserv.dll
+ 2004-12-16 15:36:10 1,146,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxserv.dll
- 2004-12-16 14:24:38 295,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxSTRN.DLL
+ 2004-12-16 15:24:38 295,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxSTRN.DLL
- 2004-12-16 14:14:42 56,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUI5C.DLL
+ 2004-12-16 15:14:42 56,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUI5C.DLL
- 2005-01-10 13:56:18 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxunst.exe
+ 2005-01-10 14:56:18 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxunst.exe
- 2005-01-20 08:53:32 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUPD.DLL
+ 2005-01-20 09:53:32 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUPD.DLL
- 2005-01-20 08:55:26 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUPDB.DLL
+ 2005-01-20 09:55:26 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUPDB.DLL
- 2005-01-20 08:56:12 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUPDR.DLL
+ 2005-01-20 09:56:12 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUPDR.DLL
- 2004-12-16 14:32:16 1,085,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxusb1.dll
+ 2004-12-16 15:32:16 1,085,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxusb1.dll
- 2005-01-20 08:46:32 397,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUTIL.DLL
+ 2005-01-20 09:46:32 397,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_9626f8f\dlbxUTIL.DLL
+ 1998-07-13 05:00:00 21,504 ----a-w C:\WINDOWS\system32\TABCTFR.DLL
+ 2000-10-02 01:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 1999-03-26 01:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-02 13:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 09:07 843776]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-10-06 17:56 161096]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 10:57 425984]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 16:43 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-11 12:28 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe]

C:\Documents and Settings\administrator.XRN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\dkutrick.XRN\Start Menu\Programs\Startup\
MediaShooterPro.lnk - C:\Program Files\MediaShooterPro\MediaShooterPro.exe [2004-08-03 14:09:12 917504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-11 12:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MediaShooterPro\\bin\\mm_rsync.exe"=
"C:\\Documents and Settings\\dkutrick\\Personal\\Programs\\utorrent.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R2 ASFIPmon;Broadcom ASF IP Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-03-17 18:25]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 pgsql-8.1;PostgreSQL Database Server 8.1;C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe runservice -N pgsql-8.1 -D C:\Program Files\PostgreSQL\8.1\data\ []
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-04 01:29:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{2C85BBB3-0392-421C-894A-7BDB153F153F} - C:\WINDOWS\system32\urqRHaYS.dll
BHO-{98B25E91-4608-4FE4-B3D2-B1955A544761} - C:\WINDOWS\system32\hgGwxYqr.dll
BHO-{FFD6B245-974F-4B2A-8844-795094786537} - C:\WINDOWS\system32\dDsRhebc.dll
HKCU-Run-PowerBar - (no file)
HKLM-Run-a4688fea - C:\WINDOWS\system32\qlwvefjq.dll
HKLM-Run-BMa75bbc76 - C:\WINDOWS\system32\cbjrbjmy.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 15:18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-07-09 15:30:12 - machine was rebooted [dkutrick]
ComboFix-quarantined-files.txt 2008-07-09 19:29:55
ComboFix2.txt 2008-06-17 21:09:04
ComboFix3.txt 2008-06-17 17:04:31

Pre-Run: 12,381,315,072 bytes free
Post-Run: 12,379,242,496 bytes free

476 --- E O F --- 2008-06-20 08:01:19

#10 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 09 July 2008 - 04:57 PM

HI

1. Please run Malwarebytes' Anti-Malware again, or post the log if you have already run it (which it looks as though you have) (I doubt it will be clean this time)

2. Then...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\BMa75bbc76.xml
C:\WINDOWS\system32\hgGwxYqr.dll_old
C:\WINDOWS\system32\wnmjsfta.tmp
C:\WINDOWS\system32\uiiqgvqd.tmp
C:\WINDOWS\system32\xwhkdpwn.tmp


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

3. Run DSS again & this time post the main.txt & extra.txt again

4. Open your Symantec AntiVirus and empty the Quarantine folder ...

5. Do you really need these in your trusted zone ?

O15 - Trusted Zone: *.ftp
O15 - Trusted Zone: http://www.mrmasteronline.com

6. empty your recycle bin

7. Lastly post a new KASPERSKY ONLINE SCAN log

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#11 Dkut

Dkut
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 10 July 2008 - 05:06 PM

The two entries for the trusted sites are those that I need for work. While running DSS.EDE only a main txt file popped up, no extra txt file.


Malwarebytes' Anti-Malware 1.20
Database version: 933
Windows 5.1.2600 Service Pack 2

10:17:24 AM 2008-07-10
mbam-log-7-10-2008 (10-17-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 155708
Time elapsed: 1 hour(s), 12 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 08-07-08.9 - dkutrick 2008-07-10 17:14:40.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.565 [GMT -4:00]
Running from: C:\Documents and Settings\dkutrick.XRN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dkutrick.XRN\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BMa75bbc76.xml
C:\WINDOWS\system32\hgGwxYqr.dll_old
C:\WINDOWS\system32\uiiqgvqd.tmp
C:\WINDOWS\system32\wnmjsfta.tmp
C:\WINDOWS\system32\xwhkdpwn.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BMa75bbc76.xml
C:\WINDOWS\system32\hgGwxYqr.dll_old
C:\WINDOWS\system32\uiiqgvqd.tmp
C:\WINDOWS\system32\wnmjsfta.tmp
C:\WINDOWS\system32\xwhkdpwn.tmp

----- BITS: Possible infected sites -----

hxxp://xrnbld02
.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-09 15:28 . 2008-07-09 15:29 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\X Prep Adult - 5 Minutes 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\Short Bus Imaging Service 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\RD1 X Prep Gold 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\RD1 X 7 Ross Brittain 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\RD1 X 7 Radio Guest Quest 06.16.08
2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d-------- C:\RD1 X 7 Prep Services 06.16.08
2008-06-24 14:01 . 2008-06-24 14:01 <DIR> d-------- C:\Program Files\Free Audio Pack
2008-06-20 13:41 . 2008-06-20 13:41 245,248 --a------ C:\WINDOWS\system32\SETB7C.tmp
2008-06-20 13:41 . 2008-06-20 13:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:41 . 2008-06-20 13:41 148,992 --a------ C:\WINDOWS\system32\SETB7D.tmp
2008-06-20 13:41 . 2008-06-20 13:41 148,992 --------- C:\WINDOWS\system32\dllcache\SETB81.tmp
2008-06-20 06:45 . 2008-06-20 06:45 360,320 --------- C:\WINDOWS\system32\dllcache\SETB7F.tmp
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 05:52 . 2008-06-20 05:52 225,920 --------- C:\WINDOWS\system32\dllcache\SETB7E.tmp
2008-06-19 15:06 . 2008-06-19 15:06 <DIR> d-------- C:\Documents and Settings\dkutrick.XRN\TOSHIBA
2008-06-19 15:05 . 2007-06-04 10:35 286,720 --a------ C:\WINDOWS\system32\eSTsnmp.dll
2008-06-17 12:54 . 2008-06-17 12:54 4,608,744 --a------ C:\Documents and Settings\dkutrick\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2008-06-17 12:27 . 2008-07-09 10:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Malwarebytes
2008-06-17 12:27 . 2008-06-17 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 12:27 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 12:27 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 12:26 . 2008-06-17 12:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 18:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 18:09 . 2008-06-13 18:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 17:56 . 2008-06-12 17:56 <DIR> d-------- C:\Deckard
2008-06-12 13:28 . 2008-06-12 13:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-12 13:27 . 2008-06-12 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 02:44 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 02:44 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 19:58 --------- d-----w C:\Program Files\DL_cats
2008-07-10 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-09 19:17 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-09 18:45 --------- d-----w C:\Program Files\Java
2008-07-07 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 14:32 --------- d-----w C:\Program Files\Google
2008-07-02 19:08 --------- d-----w C:\Documents and Settings\dkutrick.XRN\Application Data\uTorrent
2008-06-30 16:16 --------- d-----w C:\Program Files\Dell Photo AIO Printer 962
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 15:55 --------- d-----w C:\Program Files\MediaShooterPro
2008-06-12 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 19:38 --------- d-----w C:\Program Files\iDump
2008-06-05 19:27 --------- d-----w C:\Program Files\iPod To Computer Transfer
2008-06-05 19:27 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-06-02 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 15:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 14:56 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-05-27 14:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 14:32 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:22 --------- d-----w C:\Program Files\iTunes
2008-05-15 20:21 --------- d-----w C:\Program Files\iPod
2008-05-15 20:18 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 15:04 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-31 16:41 190 ----a-w C:\Program Files\Common Files\psasetup.log
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot_2008-07-09_15.29.15.86 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2006-10-27 00:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 19:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
- 2008-05-22 08:17:13 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-07-10 08:03:17 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-22 08:17:13 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-10 08:03:18 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-22 08:17:13 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-07-10 08:03:18 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-22 08:17:13 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-10 08:03:18 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-22 08:17:14 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-10 08:03:18 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-22 08:17:14 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-10 08:03:18 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-22 08:17:13 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-10 08:03:18 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-22 08:17:13 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-10 08:03:18 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-22 08:17:13 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-10 08:03:18 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-22 08:17:14 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-10 08:03:18 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-22 08:17:13 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-10 08:03:18 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-22 08:17:25 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-10 08:03:40 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-22 08:17:25 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-10 08:03:40 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-22 08:17:25 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-10 08:03:40 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-22 08:17:25 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-10 08:03:40 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-22 08:17:24 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-10 08:03:39 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-22 08:17:25 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-10 08:03:40 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-22 08:17:25 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-10 08:03:40 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-22 08:17:24 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-10 08:03:39 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-02 13:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 09:07 843776]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-10-06 17:56 161096]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 10:57 425984]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 16:43 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-11 12:28 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe]

C:\Documents and Settings\administrator.XRN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\dkutrick.XRN\Start Menu\Programs\Startup\
MediaShooterPro.lnk - C:\Program Files\MediaShooterPro\MediaShooterPro.exe [2004-08-03 14:09:12 917504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-11 12:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MediaShooterPro\\bin\\mm_rsync.exe"=
"C:\\Documents and Settings\\dkutrick\\Personal\\Programs\\utorrent.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R2 ASFIPmon;Broadcom ASF IP Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-03-17 18:25]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 pgsql-8.1;PostgreSQL Database Server 8.1;C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe runservice -N pgsql-8.1 -D C:\Program Files\PostgreSQL\8.1\data\ []
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-04 01:29:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 17:18:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-10 17:20:15
ComboFix-quarantined-files.txt 2008-07-10 21:19:54
ComboFix2.txt 2008-07-09 19:30:15
ComboFix3.txt 2008-06-17 21:09:04
ComboFix4.txt 2008-06-17 17:04:31

Pre-Run: 15,305,244,672 bytes free
Post-Run: 15,403,773,952 bytes free

236 --- E O F --- 2008-07-10 08:03:41

Deckard's System Scanner v20071014.68
Run by dkutrick on 2008-07-10 18:04:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as dkutrick.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04, on 2008-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxjswx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxjswx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dkutrick.XRN\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dkutrick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dial-global.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070305
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOffice...p;p2=5&p3=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: MediaShooterPro.lnk = C:\Program Files\MediaShooterPro\MediaShooterPro.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ftp
O15 - Trusted Zone: http://www.mrmasteronline.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199459051937
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xrn.ny
O17 - HKLM\Software\..\Telephony: DomainName = xrn.ny
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xrn.ny
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10715 bytes

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-09 15:28:59 0 d-------- C:\WINDOWS\LastGood
2008-07-03 12:57:44 0 dr-h----- C:\Documents and Settings\dkutrick.XRN\Recent
2008-06-26 19:05:52 0 d-------- C:\X Prep Adult - 5 Minutes 06.16.08
2008-06-26 19:05:52 0 d-------- C:\Short Bus Imaging Service 06.16.08
2008-06-26 19:05:52 0 d-------- C:\RD1 X Prep Gold 06.16.08
2008-06-26 19:05:52 0 d-------- C:\RD1 X 7 Ross Brittain 06.16.08
2008-06-26 19:05:52 0 d-------- C:\RD1 X 7 Radio Guest Quest 06.16.08
2008-06-26 19:05:52 0 d-------- C:\RD1 X 7 Prep Services 06.16.08
2008-06-24 14:01:49 479232 --a------ C:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-06-24 14:01:48 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2008-06-24 14:01:48 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-24 14:01:48 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2008-06-24 14:01:48 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-06-24 14:01:48 458752 --a------ C:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-06-24 14:01:48 454656 --a------ C:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-06-24 14:01:48 1212416 --a------ C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-06-24 14:01:48 1986560 --a------ C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-06-24 14:01:48 417792 --a------ C:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-06-24 14:01:48 2084864 --a------ C:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-06-24 14:01:47 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-24 14:01:47 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-06-24 14:01:46 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-24 14:01:46 0 d-------- C:\Program Files\Free Audio Pack
2008-06-19 15:06:17 0 d-------- C:\Documents and Settings\dkutrick.XRN\TOSHIBA
2008-06-19 15:05:06 286720 --a------ C:\WINDOWS\system32\eSTsnmp.dll
2008-06-17 12:58:01 0 d-------- C:\cmdcons
2008-06-17 12:56:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-17 12:56:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-17 12:56:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-17 12:56:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-17 12:56:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-17 12:56:38 98816 --a------ C:\WINDOWS\sed.exe
2008-06-17 12:56:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-17 12:56:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-17 12:27:49 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Malwarebytes
2008-06-17 12:27:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 12:27:45 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 12:26:11 0 d-------- C:\Program Files\Trend Micro
2008-06-13 18:09:10 0 d-------- C:\Program Files\Common Files\Java
2008-06-12 13:28:32 0 d-------- C:\Program Files\Lavasoft
2008-06-12 13:27:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-07-10 16:08:00 137822 --a------ C:\Documents and Settings\dkutrick.XRN\Application Data\Barracuda-WhiteList.xml
2008-07-10 15:58:44 0 d-------- C:\Program Files\DL_cats
2008-07-09 15:17:58 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-09 14:45:42 0 d-------- C:\Program Files\Java
2008-07-03 10:32:15 0 d-------- C:\Program Files\Google
2008-07-02 15:08:05 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\uTorrent
2008-06-30 12:16:43 0 d-------- C:\Program Files\Dell Photo AIO Printer 962
2008-06-17 11:55:04 0 d-------- C:\Program Files\MediaShooterPro
2008-06-13 18:09:10 0 d-------- C:\Program Files\Common Files
2008-06-05 15:38:53 0 d-------- C:\Program Files\iDump
2008-06-05 15:27:47 0 d-------- C:\Program Files\Common Files\eSellerate
2008-06-05 15:27:30 0 d-------- C:\Program Files\iPod To Computer Transfer
2008-05-27 11:01:18 2550 --a------ C:\WINDOWS\unins000.dat
2008-05-27 10:56:40 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-27 10:32:21 0 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-27 10:32:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 16:22:48 0 d-------- C:\Program Files\iTunes
2008-05-15 16:21:48 0 d-------- C:\Program Files\iPod
2008-05-15 16:18:41 0 d-------- C:\Program Files\QuickTime
2008-05-15 11:24:07 0 d-------- C:\Documents and Settings\dkutrick.XRN\Application Data\Adobe
2008-05-05 11:04:09 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-30 18:01:48 1697572 --a------ C:\WINDOWS\system32\SNAGIT6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 C:\WINDOWS\system32\ico.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 09:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-10-06 17:56]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 10:57]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 16:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-11 12:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-02 13:47]

C:\Documents and Settings\dkutrick.XRN\Start Menu\Programs\Startup\
MediaShooterPro.lnk - C:\Program Files\MediaShooterPro\MediaShooterPro.exe [2004-08-03 14:09:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2008-07-10 18:05:22 ------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 10, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 10, 2008 15:54:17
Records in database: 933057
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 100341
Threat name: 13
Infected objects: 67
Suspicious objects: 0
Duration of the scan: 02:56:56


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80001.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80002.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80003.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80004.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80005.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80006.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80007.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80008.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80009.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540000.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540001.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540002.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540003.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540004.VBN Infected: Trojan-Downloader.HTML.IFrame.ij 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A680000.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A680001.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A680002.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A680003.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A680004.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA40000.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C840000.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D5C0000.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D5C0001.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D5C0002.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D5C0003.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F180000.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F180001.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0000.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0001.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0002.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0003.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0004.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0005.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0006.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0007.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\209C0008.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.EZula.u 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\ireland2.exe.vir Infected: not-a-virus:AdWare.Win32.WebRebates.t 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe.vir Infected: Trojan-Dropper.Win32.Small.jh 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman1jtn.exe.vir Infected: Trojan-Downloader.Win32.Wren.d 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman5.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman5.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman5.exe.vir Infected: Trojan-Dropper.Win32.Small.jh 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spiderman5.exe.vir Infected: Trojan-Downloader.Win32.Wren.d 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: not-a-virus:AdWare.Win32.EZula.cp 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\spidermanwall.exe.vir Infected: Trojan-Dropper.Win32.Small.jh 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: Trojan-Downloader.Win32.Small.akj 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: Trojan-Downloader.Win32.Agent.er 1
C:\QooBox\Quarantine\C\Documents and Settings\dkutrick\My Pictures\stephenkingit.exe.vir Infected: not-a-virus:AdWare.Win32.EZula.z 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkHBTJC.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lcdzvp.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lqolfwvl.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qlwvefjq.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRIbyWn.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUkkifg.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\system32\hgGwxYqr.dll_old Infected: Trojan.Win32.Monderc.gen 1

The selected area was scanned.

#12 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 11 July 2008 - 02:20 PM

HI

The two entries for the trusted sites are those that I need for work. While running DSS.EDE only a main txt file popped up, no extra txt file.


OK on the trusted sites ... allowing ANY ftp site to download and run anything it wants on your computer without asking/telling you is risky as far as I'm concerned, but if you feel you need to allow this, that's your decision ...

RE: DSS ... you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt

-

FYI ... this is the malware we've removed since you posted a couple of days ago ...


O2 - BHO: (no name) - {2C85BBB3-0392-421C-894A-7BDB153F153F} - C:\WINDOWS\system32\urqRHaYS.dll (file missing)

O2 - BHO: (no name) - {7D3C7FA8-2270-4E6E-8758-87F33B8B3721} - C:\WINDOWS\system32\jkkHBTJC.dll
O2 - BHO: (no name) - {98B25E91-4608-4FE4-B3D2-B1955A544761} - C:\WINDOWS\system32\hgGwxYqr.dll (file missing)

O2 - BHO: (no name) - {B04FD561-D03B-41BA-A853-92088EB94FC8} - C:\WINDOWS\system32\rqRIbyWn.dll
O2 - BHO: {0da54f4d-7bb0-1818-b604-d30107f1583e} - {e3851f70-103d-406b-8181-0bb7d4f45ad0} - C:\WINDOWS\system32\lcdzvp.dll
O2 - BHO: (no name) - {FFD6B245-974F-4B2A-8844-795094786537} - C:\WINDOWS\system32\dDsRhebc.dll (file missing)

O4 - HKLM\..\Run: [a4688fea] rundll32.exe "C:\WINDOWS\system32\qlwvefjq.dll",b
O4 - HKLM\..\Run: [BMa75bbc76] Rundll32.exe "C:\WINDOWS\system32\cbjrbjmy.dll",s

O20 - Winlogon Notify: jkkHBTJC - C:\WINDOWS\SYSTEM32\jkkHBTJC.dll

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-07 16:10:26 103424 --a------ C:\WINDOWS\system32\lcdzvp.dll
2008-07-07 16:10:24 103424 --a------ C:\WINDOWS\system32\lqolfwvl.dll
2008-07-07 16:08:29 78336 --a------ C:\WINDOWS\system32\qlwvefjq.dll
2008-07-07 16:08:18 91648 --a------ C:\WINDOWS\system32\cbjrbjmy.dll
2008-07-07 16:07:21 626781 --ahs---- C:\WINDOWS\system32\nWybIRqr.ini2
2008-07-07 16:07:17 320512 --a------ C:\WINDOWS\system32\rqRIbyWn.dll
2008-07-07 10:21:52 0 --a------ C:\WINDOWS\system32\nuzhqg.dll
2008-07-07 10:21:51 0 --a------ C:\WINDOWS\system32\ucifpyef.dll
2008-07-07 10:21:09 2911 --ahs---- C:\WINDOWS\system32\rqYxwGgh.ini2
2008-07-03 12:57:44 0 dr-h----- C:\Documents and Settings\dkutrick.XRN\Recent
2008-07-03 12:43:40 0 --a------ C:\WINDOWS\system32\fcvtcf.dll
2008-07-03 12:43:36 0 --a------ C:\WINDOWS\system32\flwnslep.dll
2008-07-03 12:01:26 676268 --ahs---- C:\WINDOWS\system32\cbehRsDd.ini2
2008-07-02 14:14:06 582 --ahs---- C:\WINDOWS\system32\SYaHRqru.ini2
2008-07-02 14:08:53 25600 --a------ C:\WINDOWS\system32\vtUkkifg.dll
2008-07-02 14:08:53 25600 --a------ C:\WINDOWS\system32\jkkHBTJC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C85BBB3-0392-421C-894A-7BDB153F153F}]
C:\WINDOWS\system32\urqRHaYS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}]
07/02/08 02:08 PM 25600 --a------ C:\WINDOWS\system32\jkkHBTJC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B25E91-4608-4FE4-B3D2-B1955A544761}]
C:\WINDOWS\system32\hgGwxYqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B04FD561-D03B-41BA-A853-92088EB94FC8}]
07/07/08 04:07 PM 320512 --a------ C:\WINDOWS\system32\rqRIbyWn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3851f70-103d-406b-8181-0bb7d4f45ad0}]
07/07/08 04:10 PM 103424 --a------ C:\WINDOWS\system32\lcdzvp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFD6B245-974F-4B2A-8844-795094786537}]
C:\WINDOWS\system32\dDsRhebc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a4688fea"="C:\WINDOWS\system32\qlwvefjq.dll" [07/07/08 04:08 PM]
"BMa75bbc76"="C:\WINDOWS\system32\cbjrbjmy.dll" [07/07/08 04:08 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}"= C:\WINDOWS\system32\jkkHBTJC.dll [07/02/08 02:08 PM 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHBTJC]
jkkHBTJC.dll 07/02/08 02:08 PM 25600 C:\WINDOWS\system32\jkkHBTJC.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRIbyWn

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbehRsDd.ini
C:\WINDOWS\system32\cbehRsDd.ini2
C:\WINDOWS\system32\crqyuomw.ini
C:\WINDOWS\system32\jkkHBTJC.dll
C:\WINDOWS\system32\lcdzvp.dll
C:\WINDOWS\system32\lqolfwvl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nWybIRqr.ini
C:\WINDOWS\system32\nWybIRqr.ini2
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\qjfevwlq.ini
C:\WINDOWS\system32\qjfevwlq.ini2
C:\WINDOWS\system32\qjfevwlq.tmp
C:\WINDOWS\system32\qlwvefjq.dll
C:\WINDOWS\system32\rqRIbyWn.dll
C:\WINDOWS\system32\rqYxwGgh.ini
C:\WINDOWS\system32\rqYxwGgh.ini2
C:\WINDOWS\system32\SYaHRqru.ini
C:\WINDOWS\system32\SYaHRqru.ini2
C:\WINDOWS\system32\vtUkkifg.dll
C:\WINDOWS\system32\wnmjsfta.ini

2008-07-07 16:08 . 2008-07-09 11:50 110,415 --a------ C:\WINDOWS\BMa75bbc76.xml
2008-07-07 10:21 . 2008-07-07 10:21 318,976 --a------ C:\WINDOWS\system32\hgGwxYqr.dll_old
2008-07-03 12:46 . 2008-07-03 12:46 233 --ahs---- C:\WINDOWS\system32\wnmjsfta.tmp
2008-07-03 10:34 . 2008-07-03 10:34 1,718,692 --ahs---- C:\WINDOWS\system32\uiiqgvqd.tmp
2008-07-02 16:20 . 2008-07-02 16:20 1,714,850 --ahs---- C:\WINDOWS\system32\xwhkdpwn.tmp

BHO-{2C85BBB3-0392-421C-894A-7BDB153F153F} - C:\WINDOWS\system32\urqRHaYS.dll
BHO-{98B25E91-4608-4FE4-B3D2-B1955A544761} - C:\WINDOWS\system32\hgGwxYqr.dll
BHO-{FFD6B245-974F-4B2A-8844-795094786537} - C:\WINDOWS\system32\dDsRhebc.dll
HKCU-Run-PowerBar - (no file)
HKLM-Run-a4688fea - C:\WINDOWS\system32\qlwvefjq.dll
HKLM-Run-BMa75bbc76 - C:\WINDOWS\system32\cbjrbjmy.dll


Your logs are looking pretty good now :thumbsup:

Kaspersky shows files in 2 quarantine locations :-

1. Symantec AntiVirus Corporate Edition\7.5\Quarantine

You will have to open your Symantec AntiVirus Control Panel look for an option to empty/delete the contents of the quarantine ...

2. C:\QooBox\Quarantine ... This is Combofix's quarantine folder, which we'll deal with by uninstalling Combofix ...

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Posted Image

3. This just leaves one file found by KASPERSKY :-

C:\WINDOWS\system32\hgGwxYqr.dll_old Infected: Trojan.Win32.Monderc.gen 1

This is not a problem with the dll suffixed with _old ... however it poses a little mystery as to why it is still being found by KASPERSKY, as Combofix says it deleted it ?

So please have a look in your system32 folder & see if you can find the file :-

C:\WINDOWS\system32\hgGwxYqr.dll_old

If you do find it, RIGHT click on it & select delete ... then empty the recycle bin ...

Post a new KASPERSKY ONLINE SCANNER 7 REPORT please :)

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#13 Dkut

Dkut
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 16 July 2008 - 05:02 PM

Hi Steam,
I've emptied Quarentines, deleted that file, and here is the current scan:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 16, 2008 17:38:58
Records in database: 960110
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 103590
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:30:49


File name / Threat name / Threats count

C:\Documents and Settings\dkutrick\Personal\Programs\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1

The selected area was scanned.

#14 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 17 July 2008 - 01:29 PM

Hi

That's a false positive by KASPERSKY ... there's nothing fraudulent about the mbam-setup.exe file ...

However you've already set up & run Malwarebytes' Anti-Malware & don't need to keep that file anymore ... so you can delete it at your leisure :thumbsup:

You're good to go now ... are all your problems resolved ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#15 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 16 August 2008 - 05:47 PM

As this thread is resolved, :thumbsup: it is now locked.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users