Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not able to remove program that pops up on task bar and says I have spyware and keeps opening ads to various products.


  • This topic is locked This topic is locked
25 replies to this topic

#1 tntdreams

tntdreams

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 17 October 2008 - 08:33 AM

Ran SPYBOT SEARCH AND DESTROY. could not remove 3 "wildtangent" programs due to being in use.
Any help would be appreciated. Thank you.

Todd


Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:49 AM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe
C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fgcu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [lphcn29j0e58l] C:\WINDOWS\system32\lphcn29j0e58l.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rpmvcmeogx] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brcmtkkthezimv.dll" EntryPoint
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [Atgbjso] "C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZUxdm265YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://elearning.fgcu.edu
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Filter hijack: text/html - {3458829f-ee84-4413-ba7d-7a27de9b3d5b} - C:\WINDOWS\system32\msiebbar.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10038 bytes

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:20 AM

Posted 17 October 2008 - 08:55 AM

Hello tntdreams

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 tntdreams

tntdreams
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 17 October 2008 - 09:02 AM

Thanks for the fast reply. Here are both logs.

LOG.Txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tamara Shanaman at 2008-10-17 09:59:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (44%) free of 32 GB
Total RAM: 1014 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:26 AM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe
C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tamara Shanaman\Local Settings\Temporary Internet Files\Content.IE5\BDQCAYU2\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Tamara Shanaman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fgcu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: getsn32.msiesn - {36142BDD-7850-42FC-9681-1534A35285B9} - C:\WINDOWS\system32\getsn32.dll
O2 - BHO: (no name) - {3C070B53-2BED-4817-847E-B0F2D60221C4} - C:\WINDOWS\system32\nnnnMCuT.dll
O2 - BHO: (no name) - {3D839748-00F4-5A56-DF3C-58C0735984C8} - C:\WINDOWS\system32\cxcxh.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD273008-7BFE-40C1-8ED8-C7E2C22613AA} - C:\WINDOWS\system32\tuvSmkIY.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: innbanner browser enhancer - {e198b1aa-738f-f74c-75dc-5a7741252a3f} - C:\WINDOWS\system32\brcmtkkthezimv.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [lphcn29j0e58l] C:\WINDOWS\system32\lphcn29j0e58l.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rpmvcmeogx] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brcmtkkthezimv.dll" EntryPoint
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [Atgbjso] "C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZUxdm265YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://elearning.fgcu.edu
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Filter hijack: text/html - {3458829f-ee84-4413-ba7d-7a27de9b3d5b} - C:\WINDOWS\system32\msiebbar.dll
O20 - Winlogon Notify: nnnnMCuT - C:\WINDOWS\SYSTEM32\nnnnMCuT.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12190 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DG1J02B1-Tamara Shanaman).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
BHO Class - C:\Program Files\Webtools\webtools.dll [2008-10-16 90624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36142BDD-7850-42FC-9681-1534A35285B9}]
getsn32.msiesn - C:\WINDOWS\system32\getsn32.dll [2008-10-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C070B53-2BED-4817-847E-B0F2D60221C4}]
C:\WINDOWS\system32\nnnnMCuT.dll [2008-10-17 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D839748-00F4-5A56-DF3C-58C0735984C8}]
C:\WINDOWS\system32\cxcxh.dll [2008-09-30 60928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
McAfee AntiPhishing Filter - c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-03 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]
OIN Analytics - C:\Program Files\OINAnalytics\OINAnalytics2.dll [2008-10-16 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-18 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD273008-7BFE-40C1-8ED8-C7E2C22613AA}]
C:\WINDOWS\system32\tuvSmkIY.dll [2008-10-17 317440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-05-25 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
Browser Helper Object - C:\Program Files\Common\helper.dll [2008-10-02 282636]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\BAE\BAE.dll [2006-02-22 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e198b1aa-738f-f74c-75dc-5a7741252a3f}]
innbanner browser enhancer - C:\WINDOWS\system32\brcmtkkthezimv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-18 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
""= []
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\McAgent.exe [2005-09-22 303104]
"ctfmona"=C:\WINDOWS\system32\ctfmona.exe []
"lphcn29j0e58l"=C:\WINDOWS\system32\lphcn29j0e58l.exe []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-20 180269]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"rpmvcmeogx"=C:\WINDOWS\system32\brcmtkkthezimv.dll EntryPoint []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"GetModule23"=C:\Program Files\GetModule\GetModule23.exe [2008-10-03 344064]
"Facegame"=C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe [2008-10-15 56320]
"Gool"=C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe [2008-10-16 61440]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Uaol"=C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe [2008-10-17 89088]
"Atgbjso"=C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe [2008-09-30 230400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe [2007-03-06 116224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2008-09-04 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe [2005-09-26 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe [2006-11-07 1121280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-07-20 208941]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcj29j0e58l]
C:\Program Files\rhcj29j0e58l\rhcj29j0e58l.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-25 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-20 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
C:\PROGRA~1\EFAXME~1.3\J2GTray.exe [2007-03-06 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe [2008-02-05 54512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Tamara Shanaman\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnMCuT]
C:\WINDOWS\system32\nnnnMCuT.dll [2008-10-17 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3C070B53-2BED-4817-847E-B0F2D60221C4}"=C:\WINDOWS\system32\nnnnMCuT.dll [2008-10-17 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvSmkIY

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Documents and Settings\Tamara Shanaman\Local Settings\Temp\.tt17.tmp"="C:\Documents and Settings\Tamara Shanaman\Local Settings\Temp\.tt17.tmp:*:Enabled:enable"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14dfe384-7bf9-11dc-a3d3-00505b05bc3d}]
shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99fa9aff-692d-11db-a380-00505b05bc3d}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-10-17 09:59:22 ----D---- C:\rsit
2008-10-17 09:06:19 ----A---- C:\WINDOWS\system32\getsn32.dll
2008-10-17 08:30:24 ----A---- C:\WINDOWS\system32\235154cb-.txt
2008-10-17 08:28:29 ----ASH---- C:\WINDOWS\system32\YIkmSvut.ini2
2008-10-17 08:28:29 ----ASH---- C:\WINDOWS\system32\YIkmSvut.ini
2008-10-17 08:28:08 ----A---- C:\WINDOWS\system32\tuvSmkIY.dll
2008-10-17 07:53:58 ----A---- C:\WINDOWS\system32\cxcxh.dll
2008-10-17 07:53:46 ----D---- C:\Program Files\OINAnalytics
2008-10-17 07:50:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-17 07:50:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-17 07:25:43 ----A---- C:\WINDOWS\system32\rqRIbyWo.dll
2008-10-17 07:25:42 ----A---- C:\WINDOWS\system32\nnnnMCuT.dll
2008-10-16 22:00:14 ----D---- C:\Documents and Settings\Tamara Shanaman\Application Data\Gool
2008-10-16 21:55:11 ----D---- C:\Program Files\Webtools
2008-10-16 13:14:50 ----D---- C:\Program Files\Trend Micro
2008-10-15 21:43:49 ----A---- C:\WINDOWS\system32\smwin32.dll
2008-10-15 21:43:46 ----D---- C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame
2008-10-15 21:43:43 ----A---- C:\WINDOWS\system32\uesiuqcr.exe
2008-10-15 21:43:37 ----D---- C:\Program Files\GetModule
2008-10-15 21:41:36 ----A---- C:\WINDOWS\system32\msansspc.dll
2008-10-15 12:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 12:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 12:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 12:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 12:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-23 15:57:23 ----D---- C:\Program Files\ACW
2008-09-21 06:53:47 ----D---- C:\Program Files\Rhapsody

======List of files/folders modified in the last 1 months======

2008-10-17 09:58:43 ----D---- C:\WINDOWS\Temp
2008-10-17 09:08:57 ----D---- C:\WINDOWS
2008-10-17 09:07:48 ----D---- C:\WINDOWS\Registration
2008-10-17 09:07:38 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt
2008-10-17 09:07:38 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-10-17 09:06:19 ----D---- C:\WINDOWS\system32
2008-10-17 09:05:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-17 08:19:51 ----D---- C:\Program Files\Common Files
2008-10-17 08:19:49 ----D---- C:\WINDOWS\wt
2008-10-17 08:19:46 ----AC---- C:\WINDOWS\wininit.ini
2008-10-17 08:19:39 ----D---- C:\Program Files
2008-10-17 08:19:16 ----D---- C:\Program Files\Enigma Software Group
2008-10-17 07:54:00 ----D---- C:\WINDOWS\Prefetch
2008-10-17 07:33:20 ----SD---- C:\WINDOWS\Tasks
2008-10-17 07:32:25 ----SHD---- C:\WINDOWS\Installer
2008-10-17 07:32:23 ----HD---- C:\Config.Msi
2008-10-16 22:59:40 ----SHD---- C:\WINDOWS\CSC
2008-10-16 19:58:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-16 12:21:52 ----D---- C:\WINDOWS\system32\drivers
2008-10-16 12:21:51 ----D---- C:\Program Files\Lavasoft
2008-10-16 12:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 12:13:42 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-15 19:46:04 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-10-15 12:03:42 ----HD---- C:\WINDOWS\inf
2008-10-15 12:03:37 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-15 12:03:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 12:03:30 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 12:02:51 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:59:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-12 18:04:21 ----D---- C:\Program Files\Modem Helper
2008-10-12 17:37:35 ----A---- C:\WINDOWS\win.ini
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 19:50:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-01 07:03:16 ----SD---- C:\Documents and Settings\Tamara Shanaman\Application Data\Microsoft
2008-09-25 05:55:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-23 15:08:26 ----RASH---- C:\boot.ini
2008-09-23 15:08:26 ----A---- C:\WINDOWS\system.ini
2008-09-23 15:08:24 ----D---- C:\WINDOWS\pss
2008-09-23 12:38:15 ----D---- C:\WINDOWS\system32\Restore
2008-09-23 12:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-21 06:56:19 ----D---- C:\Documents and Settings\Tamara Shanaman\Application Data\Real
2008-09-21 06:37:48 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
R3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-02 17920]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 sysrest.sys;sysrest.sys; \??\C:\WINDOWS\system32\sysrest.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-09-04 991232]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 MskService;McAfee SpamKiller Server; C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe [2005-07-12 963072]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-18 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


Info.txt

info.txt logfile of random's system information tool 1.04 2008-10-17 09:59:29

======Uninstall list======

-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Clicktoy Trial-->MsiExec.exe /X{F10203E0-6408-11DD-AD8B-0800200C9A66}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
eFax Messenger 4.3-->C:\Program Files\eFax Messenger 4.3\Uninstall.exe
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog Connect\uninst.exe
LeapFrog Connect-->MsiExec.exe /X{0877E768-8B35-441E-9BE6-E7AFE1809282}
LeapFrog Tag Plugin-->MsiExec.exe /X{2130BBE2-6FA9-4520-A923-6E6C079B1CF7}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
magicking.zip-->C:\PROGRA~1\FILESU~1\MAGICK~1.ZIP\UNWISE.EXE C:\PROGRA~1\FILESU~1\MAGICK~1.ZIP\INSTALL.LOG
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mobile Broadband Drivers-->MsiExec.exe /X{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}
Mobile Broadband Drivers-->MsiExec.exe /X{8696ED8F-F797-40F0-A52A-CF6552E338E1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MyLayout Profile Editor-->"C:\PROGRA~1\Freeze.com\MyLayout Profile Editor\UNINSTAL.EXE"
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NCR Label Formats for MS Word Setup-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NCR Media Formats\Uninst.isu"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OIN Analytics-->C:\Program Files\OINAnalytics\Uninstall.exe
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody Player Engine-->MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
screensaver-->C:\WINDOWS\screensaver.scr /u
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Magic Kingdom-->C:\PROGRA~1\AAASCR~1\THEMAG~1\UNWISE.EXE C:\PROGRA~1\AAASCR~1\THEMAG~1\INSTALL.LOG
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)-->C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\flyusb_BDDEDC610968ACB312AFDDAA6B90C0D5FCBD66A6\flyusb.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Music Jukebox-->MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: McAfee VirusScan (outdated)
FW: McAfee Personal Firewall Plus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:20 AM

Posted 17 October 2008 - 09:08 AM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 tntdreams

tntdreams
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 17 October 2008 - 09:57 AM

Here is the log from combofix.

ComboFix 08-10-16.08 - Tamara Shanaman 2008-10-17 10:22:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.541 [GMT -4:00]
Running from: C:\Documents and Settings\Tamara Shanaman\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tamara Shanaman\Application Data\rhcj29j0e58l
C:\Documents and Settings\Tamara Shanaman\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Tamara Shanaman\Local Settings\Temporary Internet Files\fbk.sts
C:\Documents and Settings\Tamara Shanaman\Local Settings\Temporary Internet Files\fpinst.exe
C:\Documents and Settings\Tamara Shanaman\My Documents\SKS~1
C:\Documents and Settings\Tamara Shanaman\My Documents\SKS~1\??sks\
C:\Documents and Settings\Tamara Shanaman\My Documents\SKS~1\wuauboot.exe
C:\Documents and Settings\Tamara Shanaman\My Documents\YSTEM3~1
C:\Documents and Settings\Tamara Shanaman\My Documents\YSTEM3~1\r?gsvr32.exe
C:\Program Files\GetModule
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\GetModule\kwdik.gz
C:\RECYCLER\ADAPT_Installer.exe
C:\WINDOWS\default.htm
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\cxcxh.dll
C:\WINDOWS\system32\getsn32.dll
C:\WINDOWS\system32\msansspc.dll
C:\WINDOWS\system32\msiebbar.dll
C:\WINDOWS\system32\nnnnMCuT.dll
C:\WINDOWS\system32\rqRIbyWo.dll
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\tuvSmkIY.dll
C:\WINDOWS\system32\YIkmSvut.ini
C:\WINDOWS\system32\YIkmSvut.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-17 09:59 . 2008-10-17 09:59 <DIR> d-------- C:\rsit
2008-10-17 08:04 . 2008-10-17 08:04 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-10-17 08:04 . 2008-10-17 08:04 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-10-17 07:53 . 2008-10-17 07:53 <DIR> d-------- C:\Program Files\OINAnalytics
2008-10-17 07:50 . 2008-10-17 07:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 07:50 . 2008-10-17 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 22:00 . 2008-10-16 22:00 <DIR> d-------- C:\Documents and Settings\Tamara Shanaman\Application Data\Gool
2008-10-16 21:55 . 2008-10-16 21:55 <DIR> d-------- C:\Program Files\Webtools
2008-10-16 13:14 . 2008-10-16 13:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-15 21:44 . 2008-10-15 21:44 206,639 --a------ C:\WINDOWS\system32\wpv193.cpx
2008-10-15 21:43 . 2008-10-16 12:10 <DIR> d-------- C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame
2008-10-15 21:43 . 2008-10-15 21:43 206,639 --a------ C:\WINDOWS\system32\wpv393.cpx
2008-10-15 21:43 . 2008-10-15 21:43 85,008 --a------ C:\WINDOWS\system32\uesiuqcr.exe
2008-10-15 21:43 . 2008-10-17 10:38 8,704 --a------ C:\WINDOWS\system32\smwin32.dll
2008-10-15 21:41 . 2008-10-15 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-15 21:41 . 2008-10-15 21:41 21,504 --a------ C:\Documents and Settings\Tamara Shanaman\~.exe
2008-10-15 21:41 . 2008-10-15 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-15 03:16 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 03:16 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:15 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:15 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-24 07:10 . 2004-08-10 06:00 7,168 --a------ C:\WINDOWS\system32\dllcache\wamregps.dll
2008-09-24 07:09 . 2008-08-14 06:09 2,145,280 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-24 07:09 . 2004-08-10 06:00 169,984 --a------ C:\WINDOWS\system32\dllcache\iisui.dll
2008-09-24 07:09 . 2004-08-10 06:00 94,720 --a------ C:\WINDOWS\system32\dllcache\certmap.ocx
2008-09-24 07:09 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-09-24 07:09 . 2004-08-10 06:00 19,968 --a------ C:\WINDOWS\system32\dllcache\inetsloc.dll
2008-09-24 07:09 . 2004-08-10 06:00 14,336 --a------ C:\WINDOWS\system32\dllcache\iisreset.exe
2008-09-24 07:09 . 2004-08-10 06:00 7,680 --a------ C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-09-24 07:09 . 2004-08-10 06:00 6,144 --a------ C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-09-24 07:09 . 2004-08-10 06:00 5,632 --a------ C:\WINDOWS\system32\dllcache\iisrstap.dll
2008-09-23 15:57 . 2008-09-23 15:57 <DIR> d-------- C:\Program Files\ACW
2008-09-21 06:53 . 2008-09-21 06:57 <DIR> d-------- C:\Program Files\Rhapsody
2008-09-17 03:06 . 2008-09-17 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 12:19 --------- d-----w C:\Program Files\Enigma Software Group
2008-10-16 16:21 --------- d-----w C:\Program Files\Lavasoft
2008-10-16 16:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-12 22:04 --------- d-----w C:\Program Files\Modem Helper
2008-10-06 23:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-23 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-16 12:12 --------- d-----w C:\Program Files\Microsoft Works
2008-09-16 12:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-14 23:46 --------- d-----w C:\Program Files\DIFX
2008-09-14 23:45 --------- d-----w C:\Program Files\LeapFrog
2008-09-14 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Leapfrog
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 18:03 --------- d-----w C:\Program Files\Clicktoy
2008-08-19 10:56 --------- d-----w C:\Program Files\Common
2006-06-18 01:36 88 -csh--r C:\WINDOWS\system32\2D48E5A3AD.sys
2006-10-21 19:24 56 -csh--r C:\WINDOWS\system32\9A7AB3F6D2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Atgbjso"="C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Facegame"="C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe" [2008-10-15 56320]
"Gool"="C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe" [2008-10-16 61440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 303104]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-20 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

C:\Documents and Settings\Tamara Shanaman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\uesiuqcr.exe,"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-12 13:38 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\PROGRA~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2008-09-04 16:28 344064 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 17:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--a------ 2005-09-26 10:26 110592 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2006-11-07 15:49 1121280 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 16:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--------- 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-20 21:01 208941 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-25 19:51 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-20 21:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 18:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-09-04 991232]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-02 17920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14dfe384-7bf9-11dc-a3d3-00505b05bc3d}]
\Shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99fa9aff-692d-11db-a380-00505b05bc3d}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2008-10-04 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DG1J02B1-Tamara Shanaman).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 18:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{15421B84-3488-49A7-AD18-CBF84A3EFAF6} - (no file)
BHO-{36142BDD-7850-42FC-9681-1534A35285B9} - (no file)
BHO-{3C070B53-2BED-4817-847E-B0F2D60221C4} - C:\WINDOWS\system32\nnnnMCuT.dll
BHO-{3D839748-00F4-5A56-DF3C-58C0735984C8} - C:\WINDOWS\system32\cxcxh.dll
BHO-{6B221E01-F517-4959-8C41-81948E7F2F17} - (no file)
BHO-{AD273008-7BFE-40C1-8ED8-C7E2C22613AA} - C:\WINDOWS\system32\tuvSmkIY.dll
BHO-{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)
BHO-{e198b1aa-738f-f74c-75dc-5a7741252a3f} - C:\WINDOWS\system32\brcmtkkthezimv.dll
HKCU-Run-GetModule23 - C:\Program Files\GetModule\GetModule23.exe
HKCU-Run-Uaol - C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe
HKLM-Run-lphcn29j0e58l - C:\WINDOWS\system32\lphcn29j0e58l.exe
HKLM-Run-rpmvcmeogx - C:\WINDOWS\system32\brcmtkkthezimv.dll
HKLM-Run-ctfmona - C:\WINDOWS\system32\ctfmona.exe
HKLM-Run-<NO NAME> - (no file)
ShellExecuteHooks-{3C070B53-2BED-4817-847E-B0F2D60221C4} - C:\WINDOWS\system32\nnnnMCuT.dll
Notify-nnnnMCuT - (no file)
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-SMrhcj29j0e58l - C:\Program Files\rhcj29j0e58l\rhcj29j0e58l.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.fgcu.edu/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,SearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=TuDTUpVBnjOWRsi98Spi9Q&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
R0 -: HKCU-Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search - ?p=ZUxdm265YYUS
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 10:39:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-10-17 10:44:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-17 14:43:59

Pre-Run: 14,740,975,616 bytes free
Post-Run: 17,044,320,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

314 --- E O F --- 2008-10-15 16:03:44

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:20 AM

Posted 17 October 2008 - 11:23 AM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Tamara Shanaman\~.exe
C:\WINDOWS\system32\uesiuqcr.exe

Folder::
C:\Program Files\OINAnalytics
C:\Documents and Settings\Tamara Shanaman\Application Data\Gool

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Atgbjso"=-
"Gool"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14dfe384-7bf9-11dc-a3d3-00505b05bc3d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99fa9aff-692d-11db-a380-00505b05bc3d}]
R0 -: HKCU-Main,SearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=TuDTUpVBnjOWRsi98Spi9Q&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
O8 -: &Search - ?p=ZUxdm265YYUS


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 tntdreams

tntdreams
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 17 October 2008 - 12:10 PM

That seems to have fixed the problem from what I can see. Thank you so much.

Combofix log

ComboFix 08-10-16.08 - Tamara Shanaman 2008-10-17 12:56:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.559 [GMT -4:00]
Running from: C:\Documents and Settings\Tamara Shanaman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tamara Shanaman\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Documents and Settings\Tamara Shanaman\~.exe
C:\WINDOWS\system32\uesiuqcr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tamara Shanaman\~.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\Gool
C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe
C:\Program Files\OINAnalytics
C:\Program Files\OINAnalytics\OINAnalytics2.dll
C:\Program Files\OINAnalytics\Uninstall.exe
C:\WINDOWS\default.htm
C:\WINDOWS\system32\uesiuqcr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS


((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-17 09:59 . 2008-10-17 09:59 <DIR> d-------- C:\rsit
2008-10-17 08:04 . 2008-10-17 08:04 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-10-17 08:04 . 2008-10-17 08:04 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-10-17 07:50 . 2008-10-17 07:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 07:50 . 2008-10-17 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 21:55 . 2008-10-16 21:55 <DIR> d-------- C:\Program Files\Webtools
2008-10-16 13:14 . 2008-10-16 13:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-15 21:44 . 2008-10-15 21:44 206,639 --a------ C:\WINDOWS\system32\wpv193.cpx
2008-10-15 21:43 . 2008-10-16 12:10 <DIR> d-------- C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame
2008-10-15 21:43 . 2008-10-15 21:43 206,639 --a------ C:\WINDOWS\system32\wpv393.cpx
2008-10-15 21:43 . 2008-10-17 10:38 8,704 --a------ C:\WINDOWS\system32\smwin32.dll
2008-10-15 21:41 . 2008-10-15 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-15 21:41 . 2008-10-15 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-15 03:16 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 03:16 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:15 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:15 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-24 07:10 . 2004-08-10 06:00 7,168 --a------ C:\WINDOWS\system32\dllcache\wamregps.dll
2008-09-24 07:09 . 2008-08-14 06:09 2,145,280 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-24 07:09 . 2004-08-10 06:00 169,984 --a------ C:\WINDOWS\system32\dllcache\iisui.dll
2008-09-24 07:09 . 2004-08-10 06:00 94,720 --a------ C:\WINDOWS\system32\dllcache\certmap.ocx
2008-09-24 07:09 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-09-24 07:09 . 2004-08-10 06:00 19,968 --a------ C:\WINDOWS\system32\dllcache\inetsloc.dll
2008-09-24 07:09 . 2004-08-10 06:00 14,336 --a------ C:\WINDOWS\system32\dllcache\iisreset.exe
2008-09-24 07:09 . 2004-08-10 06:00 7,680 --a------ C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-09-24 07:09 . 2004-08-10 06:00 6,144 --a------ C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-09-24 07:09 . 2004-08-10 06:00 5,632 --a------ C:\WINDOWS\system32\dllcache\iisrstap.dll
2008-09-23 15:57 . 2008-09-23 15:57 <DIR> d-------- C:\Program Files\ACW
2008-09-21 06:53 . 2008-09-21 06:57 <DIR> d-------- C:\Program Files\Rhapsody
2008-09-17 03:06 . 2008-09-17 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 12:19 --------- d-----w C:\Program Files\Enigma Software Group
2008-10-16 16:21 --------- d-----w C:\Program Files\Lavasoft
2008-10-16 16:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-12 22:04 --------- d-----w C:\Program Files\Modem Helper
2008-10-06 23:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-23 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-16 12:12 --------- d-----w C:\Program Files\Microsoft Works
2008-09-16 12:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-14 23:46 --------- d-----w C:\Program Files\DIFX
2008-09-14 23:45 --------- d-----w C:\Program Files\LeapFrog
2008-09-14 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Leapfrog
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 18:03 --------- d-----w C:\Program Files\Clicktoy
2008-08-19 10:56 --------- d-----w C:\Program Files\Common
2006-06-18 01:36 88 -csh--r C:\WINDOWS\system32\2D48E5A3AD.sys
2006-10-21 19:24 56 -csh--r C:\WINDOWS\system32\9A7AB3F6D2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Atgbjso"="C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Facegame"="C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe" [2008-10-15 56320]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"GetModule23"="C:\Program Files\GetModule\GetModule23.exe" [BU]
"Uaol"="C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 303104]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-20 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

C:\Documents and Settings\Tamara Shanaman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnMCuT]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-12 13:38 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\PROGRA~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2008-09-04 16:28 344064 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 17:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--a------ 2005-09-26 10:26 110592 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2006-11-07 15:49 1121280 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 16:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--------- 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-20 21:01 208941 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-25 19:51 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-20 21:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 18:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-09-04 991232]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-02 17920]
.
Contents of the 'Scheduled Tasks' folder

2008-10-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2008-10-04 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DG1J02B1-Tamara Shanaman).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 18:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{15421B84-3488-49A7-AD18-CBF84A3EFAF6} - (no file)
BHO-{36142BDD-7850-42FC-9681-1534A35285B9} - (no file)
BHO-{3C070B53-2BED-4817-847E-B0F2D60221C4} - (no file)
BHO-{3D839748-00F4-5A56-DF3C-58C0735984C8} - (no file)
BHO-{6B221E01-F517-4959-8C41-81948E7F2F17} - (no file)
BHO-{AD273008-7BFE-40C1-8ED8-C7E2C22613AA} - (no file)
BHO-{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)
BHO-{e198b1aa-738f-f74c-75dc-5a7741252a3f} - (no file)
HKCU-Run-Gool - C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 13:02:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-10-17 13:06:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-17 17:06:30
ComboFix2.txt 2008-10-17 14:44:10

Pre-Run: 16,995,115,008 bytes free
Post-Run: 17,022,070,784 bytes free

258 --- E O F --- 2008-10-15 16:03:44

hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:29 PM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxsrvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fgcu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe" -vt yazb
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://elearning.fgcu.edu
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O20 - Winlogon Notify: nnnnMCuT - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9634 bytes

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:20 AM

Posted 17 October 2008 - 08:36 PM

Not quite one yet :thumbsup:

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
    explorer.exe
    
    :files
    C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame
    
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Atgbjso"=-
    "Facegame"=-
    "GetModule23"=-
    "Uaol"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnMCuT]
    
    :commands
    [emptytemp]
    [start explorer]
    [purity]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:
  • Ot Move it log
  • Malware Bytes log
  • New Rsit log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 tntdreams

tntdreams
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 26 October 2008 - 06:13 AM

Hello,
I am having problems with pop ups. I have run adaware and spybot and spybot found several programs (they both did) but was unable to delete 3 of them called "wildtangent" what ever is causing the pop ups also trys to find an internet connection while I am off line, the dial in box will appear. I also had combofix on my desk top from an issue you guys helped me with 2 weeks ago and that has disappeared. Anyway here is my Hijack this log anyhelp would be greatly appreciated.
Thank you.

Kahdah- I did not see the last post you put for the final step so that has not been done. Probably why this problem came back

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:24 AM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fgcu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [Atgbjso] "C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://elearning.fgcu.edu
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E22BA98-5AC5-49D4-B206-D761D844AB81}: NameServer = 66.174.95.44 69.78.96.14
O20 - AppInit_DLLs: jbpfob.dll lqojwm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9337 bytes

Edited by tntdreams, 26 October 2008 - 02:19 PM.


#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,701 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:20 AM

Posted 26 October 2008 - 01:28 PM

Hello tntdreams,

I have merged your latest topic with your previously existing topic in the HiJack This forum. I see that you failed to follow the directions in Kahdah's most recent post. It is imperative that you stick with a thread until your helper declares you clean. Just because the symptoms are gone doesn't mean the infection is gone - and then it can return even worse than it was before.

Please await new instructions from Kahdah instructions before doing anything as your computer has undoubtedly changed since Kahdah's most recent post.

Back to you Kahdah,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:20 AM

Posted 26 October 2008 - 03:29 PM

Hello tntdreams please stay in one topic and follow the steps provided please.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 tntdreams

tntdreams
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 26 October 2008 - 05:39 PM

Here is the log.txt info.txt did not show up. I ran it twice, I looked on task bar for minimised window and it was not there.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tamara Shanaman at 2008-10-26 18:35:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (52%) free of 32 GB
Total RAM: 1014 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:30 PM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\Documents and Settings\Tamara Shanaman\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tamara Shanaman.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fgcu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {36142BDD-7850-42FC-9681-1534A35285B9} - (no file)
O2 - BHO: (no name) - {3C070B53-2BED-4817-847E-B0F2D60221C4} - (no file)
O2 - BHO: (no name) - {3D839748-00F4-5A56-DF3C-58C0735984C8} - (no file)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {62D1390B-75E8-445C-A99D-3340E08FD4C5} - C:\WINDOWS\system32\xxyvurop.dll
O2 - BHO: (no name) - {69DAC24C-01F1-5A0D-8B3C-58C0735982CC} - C:\WINDOWS\system32\lovvmwu.dll
O2 - BHO: (no name) - {6B221E01-F517-4959-8C41-81948E7F2F17} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD273008-7BFE-40C1-8ED8-C7E2C22613AA} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {DA7FC66E-0DEC-4BD9-ACED-F3D8146CEC7F} - C:\WINDOWS\system32\geBqQhgH.dll
O2 - BHO: (no name) - {e198b1aa-738f-f74c-75dc-5a7741252a3f} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [Atgbjso] "C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://elearning.fgcu.edu
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E22BA98-5AC5-49D4-B206-D761D844AB81}: NameServer = 66.174.95.44 69.78.96.14
O20 - AppInit_DLLs: jbpfob.dll lqojwm.dll
O20 - Winlogon Notify: nnnnMCuT - C:\WINDOWS\
O20 - Winlogon Notify: xxyvurop - C:\WINDOWS\SYSTEM32\xxyvurop.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11162 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DG1J02B1-Tamara Shanaman).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36142BDD-7850-42FC-9681-1534A35285B9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C070B53-2BED-4817-847E-B0F2D60221C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D839748-00F4-5A56-DF3C-58C0735984C8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
McAfee AntiPhishing Filter - c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-03 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62D1390B-75E8-445C-A99D-3340E08FD4C5}]
C:\WINDOWS\system32\xxyvurop.dll [2008-10-24 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69DAC24C-01F1-5A0D-8B3C-58C0735982CC}]
C:\WINDOWS\system32\lovvmwu.dll [2008-09-30 60928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-18 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD273008-7BFE-40C1-8ED8-C7E2C22613AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-05-25 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\BAE\BAE.dll [2006-02-22 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA7FC66E-0DEC-4BD9-ACED-F3D8146CEC7F}]
C:\WINDOWS\system32\geBqQhgH.dll [2008-10-24 317440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e198b1aa-738f-f74c-75dc-5a7741252a3f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-18 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\McAgent.exe [2005-09-22 303104]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-20 180269]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Facegame"=C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"GetModule23"=C:\Program Files\GetModule\GetModule23.exe []
"Uaol"=C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe -vt yazb []
"Gool"=C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe [2008-10-24 61440]
"Atgbjso"=C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe [2007-03-06 116224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2008-09-04 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe [2005-09-26 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe [2006-11-07 1121280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-07-20 208941]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-25 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-20 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
C:\PROGRA~1\EFAXME~1.3\J2GTray.exe [2007-03-06 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe yahoomusicengine -preload []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Tamara Shanaman\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="jbpfob.dll lqojwm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnMCuT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyvurop]
C:\WINDOWS\system32\xxyvurop.dll [2008-10-24 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{62D1390B-75E8-445C-A99D-3340E08FD4C5}"=C:\WINDOWS\system32\xxyvurop.dll [2008-10-24 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBqQhgH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-25 20:17:17 ----A---- C:\WINDOWS\system32\lqojwm.dll
2008-10-25 20:17:11 ----A---- C:\WINDOWS\system32\npgjydxw.dll
2008-10-25 04:20:41 ----A---- C:\WINDOWS\system32\xxyawtuS.dll
2008-10-25 04:20:41 ----A---- C:\WINDOWS\system32\pmnllijK.dll
2008-10-24 19:52:56 ----A---- C:\WINDOWS\system32\jbpfob.dll
2008-10-24 19:52:55 ----A---- C:\WINDOWS\system32\uqekbyhx.dll
2008-10-24 19:46:47 ----A---- C:\WINDOWS\system32\siiqdktg.exe
2008-10-24 19:44:54 ----SH---- C:\WINDOWS\system32\kmclimfi.ini
2008-10-24 19:44:48 ----A---- C:\WINDOWS\system32\ifmilcmk.dll
2008-10-24 19:43:46 ----ASH---- C:\WINDOWS\system32\HghQqBeg.ini2
2008-10-24 19:43:45 ----ASH---- C:\WINDOWS\system32\HghQqBeg.ini
2008-10-24 19:43:36 ----A---- C:\WINDOWS\system32\geBqQhgH.dll
2008-10-24 19:38:31 ----A---- C:\WINDOWS\system32\xxyvurop.dll
2008-10-24 19:38:31 ----A---- C:\WINDOWS\system32\geBsrSMD.dll
2008-10-24 19:38:21 ----A---- C:\WINDOWS\system32\~.exe
2008-10-24 15:40:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 15:08:34 ----D---- C:\Program Files\??crosoft.NET
2008-10-24 15:08:33 ----A---- C:\WINDOWS\system32\lovvmwu.dll
2008-10-24 15:08:20 ----D---- C:\Documents and Settings\Tamara Shanaman\Application Data\A?pPatch
2008-10-24 14:48:16 ----D---- C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner
2008-10-24 14:43:14 ----D---- C:\Documents and Settings\Tamara Shanaman\Application Data\Gool
2008-10-24 14:33:10 ----D---- C:\Program Files\Mjcore
2008-10-21 05:01:28 ----A---- C:\WINDOWS\msoffice.ini
2008-10-17 13:06:38 ----D---- C:\WINDOWS\temp
2008-10-17 13:06:37 ----A---- C:\ComboFix.txt
2008-10-17 10:19:01 ----A---- C:\Boot.bak
2008-10-17 10:18:51 ----RASHD---- C:\cmdcons
2008-10-17 10:14:17 ----A---- C:\WINDOWS\zip.exe
2008-10-17 10:14:17 ----A---- C:\WINDOWS\SWREG.exe
2008-10-17 10:14:17 ----A---- C:\WINDOWS\sed.exe
2008-10-17 10:14:17 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-17 10:14:17 ----A---- C:\WINDOWS\grep.exe
2008-10-17 10:14:16 ----A---- C:\WINDOWS\VFIND.exe
2008-10-17 10:14:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-17 10:14:16 ----A---- C:\WINDOWS\SWSC.exe
2008-10-17 10:14:16 ----A---- C:\WINDOWS\fdsv.exe
2008-10-17 10:14:00 ----D---- C:\WINDOWS\ERDNT
2008-10-17 10:13:59 ----D---- C:\Qoobox
2008-10-17 09:59:22 ----D---- C:\rsit
2008-10-17 08:30:24 ----A---- C:\WINDOWS\system32\235154cb-.txt
2008-10-17 07:50:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-17 07:50:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 21:55:11 ----D---- C:\Program Files\Webtools
2008-10-16 13:14:50 ----D---- C:\Program Files\Trend Micro
2008-10-15 21:43:49 ----A---- C:\WINDOWS\system32\smwin32.dll
2008-10-15 21:43:46 ----D---- C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame
2008-10-15 12:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 12:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 12:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 12:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 12:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-10-26 18:34:07 ----D---- C:\WINDOWS\Prefetch
2008-10-26 18:33:51 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt
2008-10-25 20:17:17 ----D---- C:\WINDOWS\system32
2008-10-25 04:53:32 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-10-25 03:59:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-25 03:50:44 ----D---- C:\WINDOWS
2008-10-25 03:48:14 ----D---- C:\WINDOWS\Registration
2008-10-25 03:46:54 ----SHD---- C:\WINDOWS\CSC
2008-10-24 18:29:49 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-24 18:28:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-24 17:08:01 ----D---- C:\Program Files
2008-10-24 16:29:38 ----D---- C:\Program Files\Common Files
2008-10-24 15:41:01 ----HD---- C:\WINDOWS\inf
2008-10-24 15:40:48 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-24 15:40:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 15:38:13 ----AC---- C:\WINDOWS\wininit.ini
2008-10-21 05:07:48 ----SHD---- C:\WINDOWS\Installer
2008-10-21 05:07:41 ----HD---- C:\Config.Msi
2008-10-21 05:07:33 ----D---- C:\Documents and Settings\All Users\Application Data\YAHOO
2008-10-21 05:07:22 ----D---- C:\Program Files\Yahoo!
2008-10-21 05:07:20 ----D---- C:\WINDOWS\system32\drivers
2008-10-21 05:04:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-21 05:04:47 ----D---- C:\Program Files\MUSICMATCH
2008-10-21 05:01:59 ----A---- C:\WINDOWS\win.ini
2008-10-21 05:01:58 ----D---- C:\Program Files\Common Files\AOL
2008-10-21 05:01:56 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-17 18:30:00 ----SD---- C:\WINDOWS\Tasks
2008-10-17 13:01:41 ----A---- C:\WINDOWS\system.ini
2008-10-17 12:59:27 ----D---- C:\WINDOWS\system32\config
2008-10-17 12:58:29 ----D---- C:\WINDOWS\AppPatch
2008-10-17 10:24:21 ----SHD---- C:\RECYCLER
2008-10-17 10:19:01 ----RASH---- C:\boot.ini
2008-10-17 08:19:49 ----D---- C:\WINDOWS\wt
2008-10-17 08:19:16 ----D---- C:\Program Files\Enigma Software Group
2008-10-16 12:21:51 ----D---- C:\Program Files\Lavasoft
2008-10-16 12:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 19:46:04 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 12:03:43 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 12:02:51 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:59:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-12 18:04:21 ----D---- C:\Program Files\Modem Helper
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 19:50:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-01 07:03:16 ----SD---- C:\Documents and Settings\Tamara Shanaman\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
R3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-02 17920]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-09-04 991232]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 MskService;McAfee SpamKiller Server; C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe [2005-07-12 963072]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-18 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:20 AM

Posted 26 October 2008 - 09:05 PM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 tntdreams

tntdreams
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 27 October 2008 - 05:44 AM

Ran combofix
Here is the log:

ComboFix 08-10-25.01 - Tamara Shanaman 2008-10-27 6:25:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.552 [GMT -4:00]
Running from: C:\Documents and Settings\Tamara Shanaman\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tamara Shanaman\Application Data\APPATC~1
C:\Documents and Settings\Tamara Shanaman\Application Data\APPATC~1\A?pPatch\
C:\Documents and Settings\Tamara Shanaman\Application Data\APPATC~1\arpa.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner
C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\Tamara Shanaman\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Tamara Shanaman\Local Settings\Temporary Internet Files\fbk.sts
C:\Program Files\crosof~1.net
C:\Program Files\crosof~1.net\?ti2evxx.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\ftisfm.dll
C:\WINDOWS\system32\geBqQhgH.dll
C:\WINDOWS\system32\geBsrSMD.dll
C:\WINDOWS\system32\HghQqBeg.ini
C:\WINDOWS\system32\HghQqBeg.ini2
C:\WINDOWS\system32\ictpqcpc.dll
C:\WINDOWS\system32\ifmilcmk.dll
C:\WINDOWS\system32\jbpfob.dll
C:\WINDOWS\system32\kmclimfi.ini
C:\WINDOWS\system32\lovvmwu.dll
C:\WINDOWS\system32\lqojwm.dll
C:\WINDOWS\system32\mgyclrny.exe
C:\WINDOWS\system32\npgjydxw.dll
C:\WINDOWS\system32\pmnllijK.dll
C:\WINDOWS\system32\qynfdcxy.ini
C:\WINDOWS\system32\rovmtdcn.dll
C:\WINDOWS\system32\sdzllx.dll
C:\WINDOWS\system32\siiqdktg.exe
C:\WINDOWS\system32\smwin32.dll
C:\WINDOWS\system32\uqekbyhx.dll
C:\WINDOWS\system32\xxyawtuS.dll
C:\WINDOWS\system32\xxyvurop.dll
C:\WINDOWS\system32\yxcdfnyq.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-24 14:43 . 2008-10-24 14:43 <DIR> d-------- C:\Documents and Settings\Tamara Shanaman\Application Data\Gool
2008-10-24 14:33 . 2008-10-24 14:33 <DIR> d-------- C:\Program Files\Mjcore
2008-10-21 05:01 . 2008-10-21 05:01 2 --a------ C:\WINDOWS\msoffice.ini
2008-10-17 09:59 . 2008-10-17 09:59 <DIR> d-------- C:\rsit
2008-10-17 08:04 . 2008-10-17 08:04 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-10-17 08:04 . 2008-10-17 08:04 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-10-17 07:50 . 2008-10-17 07:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 07:50 . 2008-10-17 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 21:55 . 2008-10-24 14:38 <DIR> d-------- C:\Program Files\Webtools
2008-10-16 13:14 . 2008-10-16 13:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-15 21:44 . 2008-10-15 21:44 206,639 --a------ C:\WINDOWS\system32\wpv193.cpx
2008-10-15 21:43 . 2008-10-24 19:36 <DIR> d-------- C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame
2008-10-15 21:43 . 2008-10-15 21:43 206,639 --a------ C:\WINDOWS\system32\wpv393.cpx
2008-10-15 21:41 . 2008-10-15 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-15 21:41 . 2008-10-15 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-15 03:16 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 03:16 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:15 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:15 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 09:07 --------- d-----w C:\Program Files\Yahoo!
2008-10-21 09:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-10-21 09:04 --------- d-----w C:\Program Files\MUSICMATCH
2008-10-21 09:01 --------- d-----w C:\Program Files\Common Files\AOL
2008-10-21 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-10-17 12:19 --------- d-----w C:\Program Files\Enigma Software Group
2008-10-16 16:21 --------- d-----w C:\Program Files\Lavasoft
2008-10-16 16:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 16:34 337,408 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-12 22:04 --------- d-----w C:\Program Files\Modem Helper
2008-10-12 10:44 6,736 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-06 23:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-23 19:57 --------- d-----w C:\Program Files\ACW
2008-09-23 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-21 10:57 --------- d-----w C:\Program Files\Rhapsody
2008-09-17 07:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-16 12:12 --------- d-----w C:\Program Files\Microsoft Works
2008-09-16 12:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 23:46 --------- d-----w C:\Program Files\DIFX
2008-09-14 23:45 --------- d-----w C:\Program Files\LeapFrog
2008-09-14 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Leapfrog
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 18:03 --------- d-----w C:\Program Files\Clicktoy
2008-08-27 08:24 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-31 14:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 14:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 14:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2006-06-18 01:36 88 -csh--r C:\WINDOWS\system32\2D48E5A3AD.sys
2006-10-21 19:24 56 -csh--r C:\WINDOWS\system32\9A7AB3F6D2.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-17_10.43.34.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:11:48 141,312 ----a-w C:\WINDOWS\system32\dllcache\aclua.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\system32\dllcache\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ----a-w C:\WINDOWS\system32\dllcache\agentctl.dll
+ 2008-04-14 00:11:48 57,344 ----a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ----a-w C:\WINDOWS\system32\dllcache\agentmpx.dll
+ 2008-04-14 00:11:48 44,032 ----a-w C:\WINDOWS\system32\dllcache\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ----a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\system32\dllcache\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\system32\dllcache\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\agt040c.dll
+ 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0410.dll
+ 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\system32\dllcache\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt041f.dll
+ 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\system32\dllcache\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ----a-w C:\WINDOWS\system32\dllcache\agtintl.dll
+ 2008-04-13 16:44:16 17,920 ----a-w C:\WINDOWS\system32\dllcache\cobramsg.dll
+ 2008-04-14 00:11:51 195,072 ----a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2008-04-14 00:12:15 9,728 ----a-w C:\WINDOWS\system32\dllcache\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ----a-w C:\WINDOWS\system32\dllcache\comrereg.exe
+ 2008-04-14 00:11:53 21,504 ----a-w C:\WINDOWS\system32\dllcache\evntrprv.dll
+ 2008-04-14 00:11:53 45,056 ----a-w C:\WINDOWS\system32\dllcache\evtgprov.dll
+ 2008-04-13 16:10:32 61,440 ----a-w C:\WINDOWS\system32\dllcache\gacutil.exe
+ 2008-04-14 00:11:54 133,120 ----a-w C:\WINDOWS\system32\dllcache\guitrn.dll
+ 2008-04-14 00:11:54 115,200 ----a-w C:\WINDOWS\system32\dllcache\guitrna.dll
+ 2008-04-14 00:12:21 18,432 ----a-w C:\WINDOWS\system32\dllcache\hscupd.exe
+ 2008-04-14 00:11:56 24,576 ----a-w C:\WINDOWS\system32\dllcache\krnlprov.dll
+ 2008-04-14 00:11:56 19,968 ----a-w C:\WINDOWS\system32\dllcache\log.dll
+ 2008-04-14 00:11:57 274,432 ----a-w C:\WINDOWS\system32\dllcache\migism.dll
+ 2008-04-14 00:11:57 261,120 ----a-w C:\WINDOWS\system32\dllcache\migisma.dll
+ 2008-04-14 00:12:25 103,936 ----a-w C:\WINDOWS\system32\dllcache\migload.exe
+ 2008-04-14 00:12:25 241,152 ----a-w C:\WINDOWS\system32\dllcache\migwiza.exe
+ 2008-04-14 00:12:26 16,384 ----a-w C:\WINDOWS\system32\dllcache\mofcomp.exe
+ 2008-04-14 00:11:58 220,160 ----a-w C:\WINDOWS\system32\dllcache\mscandui.dll
+ 2008-04-13 17:24:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\msdaorar.dll
+ 2008-04-14 00:11:59 94,208 ----a-w C:\WINDOWS\system32\dllcache\msdatl3.dll
+ 2008-04-14 00:11:59 3,166,208 ----a-w C:\WINDOWS\system32\dllcache\msgr3en.dll
+ 2008-04-14 00:12:00 39,936 ----a-w C:\WINDOWS\system32\dllcache\mslwvtts.dll
+ 2008-04-14 00:12:00 122,368 ----a-w C:\WINDOWS\system32\dllcache\msobcomm.dll
+ 2008-04-14 00:12:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\msobdl.dll
+ 2008-04-14 00:12:00 565,248 ----a-w C:\WINDOWS\system32\dllcache\msobmain.dll
+ 2008-04-14 00:12:00 30,720 ----a-w C:\WINDOWS\system32\dllcache\msobshel.dll
+ 2008-04-14 00:12:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\msobweb.dll
+ 2008-04-14 00:12:28 29,184 ----a-w C:\WINDOWS\system32\dllcache\msoobe.exe
+ 2008-04-14 00:12:29 90,624 ----a-w C:\WINDOWS\system32\dllcache\muisetup.exe
+ 2008-04-14 00:12:01 57,344 ----a-w C:\WINDOWS\system32\dllcache\ndisnpp.dll
+ 2008-04-14 00:12:29 15,360 ----a-w C:\WINDOWS\system32\dllcache\nppagent.exe
+ 2008-04-14 00:12:02 212,992 ----a-w C:\WINDOWS\system32\dllcache\ntevt.dll
+ 2008-04-13 18:40:07 393,728 ----a-w C:\WINDOWS\system32\dllcache\obrb0401.dll
+ 2008-04-13 18:40:23 212,480 ----a-w C:\WINDOWS\system32\dllcache\obrb0404.dll
+ 2008-04-13 18:40:24 428,032 ----a-w C:\WINDOWS\system32\dllcache\obrb0405.dll
+ 2008-04-13 18:40:27 418,816 ----a-w C:\WINDOWS\system32\dllcache\obrb0406.dll
+ 2008-04-13 18:40:34 403,456 ----a-w C:\WINDOWS\system32\dllcache\obrb0407.dll
+ 2008-04-13 18:40:30 419,328 ----a-w C:\WINDOWS\system32\dllcache\obrb0408.dll
+ 2008-04-13 18:40:32 405,504 ----a-w C:\WINDOWS\system32\dllcache\obrb040b.dll
+ 2008-04-13 18:40:33 410,624 ----a-w C:\WINDOWS\system32\dllcache\obrb040C.dll
+ 2008-04-13 18:40:32 384,000 ----a-w C:\WINDOWS\system32\dllcache\obrb040D.dll
+ 2008-04-13 18:40:39 434,176 ----a-w C:\WINDOWS\system32\dllcache\obrb040e.dll
+ 2008-04-13 18:40:39 413,696 ----a-w C:\WINDOWS\system32\dllcache\obrb0410.dll
+ 2008-04-13 18:40:44 275,456 ----a-w C:\WINDOWS\system32\dllcache\obrb0411.dll
+ 2008-04-13 18:40:48 306,688 ----a-w C:\WINDOWS\system32\dllcache\obrb0412.dll
+ 2008-04-13 18:40:44 401,920 ----a-w C:\WINDOWS\system32\dllcache\obrb0413.dll
+ 2008-04-13 18:40:44 353,792 ----a-w C:\WINDOWS\system32\dllcache\obrb0414.dll
+ 2008-04-13 18:40:47 391,680 ----a-w C:\WINDOWS\system32\dllcache\obrb0415.dll
+ 2008-04-13 18:40:10 409,600 ----a-w C:\WINDOWS\system32\dllcache\obrb0416.dll
+ 2008-04-13 18:40:50 427,008 ----a-w C:\WINDOWS\system32\dllcache\obrb0419.dll
+ 2008-04-13 18:40:52 405,504 ----a-w C:\WINDOWS\system32\dllcache\obrb041b.dll
+ 2008-04-13 18:40:56 363,008 ----a-w C:\WINDOWS\system32\dllcache\obrb041D.dll
+ 2008-04-13 18:41:00 390,144 ----a-w C:\WINDOWS\system32\dllcache\obrb041f.dll
+ 2008-04-13 18:40:56 408,576 ----a-w C:\WINDOWS\system32\dllcache\obrb0424.dll
+ 2008-04-13 18:40:24 270,336 ----a-w C:\WINDOWS\system32\dllcache\obrb0804.dll
+ 2008-04-13 18:40:48 435,200 ----a-w C:\WINDOWS\system32\dllcache\obrb0816.dll
+ 2008-04-13 18:40:30 446,464 ----a-w C:\WINDOWS\system32\dllcache\obrb0C0A.dll
+ 2008-04-14 00:12:31 51,200 ----a-w C:\WINDOWS\system32\dllcache\oobebaln.exe
+ 2008-04-14 00:12:02 102,912 ----a-w C:\WINDOWS\system32\dllcache\pchshell.dll
+ 2008-04-14 00:12:02 92,672 ----a-w C:\WINDOWS\system32\dllcache\policman.dll
+ 2008-04-14 00:12:03 237,056 ----a-w C:\WINDOWS\system32\dllcache\provthrd.dll
+ 2008-04-14 00:12:34 36,352 ----a-w C:\WINDOWS\system32\dllcache\scrcons.exe
+ 2008-04-14 00:12:05 215,552 ----a-w C:\WINDOWS\system32\dllcache\script.dll
+ 2008-04-14 00:12:05 199,680 ----a-w C:\WINDOWS\system32\dllcache\scripta.dll
+ 2008-04-14 00:12:05 221,696 ----a-w C:\WINDOWS\system32\dllcache\seo.dll
+ 2008-04-14 00:12:06 34,816 ----a-w C:\WINDOWS\system32\dllcache\sniffpol.dll
+ 2008-04-14 00:12:06 130,048 ----a-w C:\WINDOWS\system32\dllcache\softkbd.dll
+ 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\system32\dllcache\spgrmr.dll
+ 2008-04-13 18:35:06 186,880 ----a-w C:\WINDOWS\system32\dllcache\spra0401.dll
+ 2008-04-13 18:35:08 189,440 ----a-w C:\WINDOWS\system32\dllcache\spra0402.dll
+ 2008-04-13 18:35:09 161,280 ----a-w C:\WINDOWS\system32\dllcache\spra0404.dll
+ 2008-04-13 18:35:09 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra0405.dll
+ 2008-04-13 18:35:09 192,000 ----a-w C:\WINDOWS\system32\dllcache\spra0406.dll
+ 2008-04-13 18:35:21 199,680 ----a-w C:\WINDOWS\system32\dllcache\spra0407.dll
+ 2008-04-13 18:35:11 197,632 ----a-w C:\WINDOWS\system32\dllcache\spra0408.dll
+ 2008-04-13 18:35:11 186,368 ----a-w C:\WINDOWS\system32\dllcache\spra040b.dll
+ 2008-04-13 18:35:20 197,632 ----a-w C:\WINDOWS\system32\dllcache\spra040C.dll
+ 2008-04-13 18:35:21 181,760 ----a-w C:\WINDOWS\system32\dllcache\spra040D.dll
+ 2008-04-13 18:35:23 195,584 ----a-w C:\WINDOWS\system32\dllcache\spra040e.dll
+ 2008-04-13 18:35:23 195,072 ----a-w C:\WINDOWS\system32\dllcache\spra0410.dll
+ 2008-04-13 18:35:23 171,008 ----a-w C:\WINDOWS\system32\dllcache\spra0411.dll
+ 2008-04-13 18:35:23 167,936 ----a-w C:\WINDOWS\system32\dllcache\spra0412.dll
+ 2008-04-13 18:35:25 196,096 ----a-w C:\WINDOWS\system32\dllcache\spra0413.dll
+ 2008-04-13 18:35:25 189,440 ----a-w C:\WINDOWS\system32\dllcache\spra0414.dll
+ 2008-04-13 18:35:26 194,560 ----a-w C:\WINDOWS\system32\dllcache\spra0415.dll
+ 2008-04-13 18:35:08 192,512 ----a-w C:\WINDOWS\system32\dllcache\spra0416.dll
+ 2008-04-13 18:35:27 190,464 ----a-w C:\WINDOWS\system32\dllcache\spra0418.dll
+ 2008-04-13 18:35:27 192,512 ----a-w C:\WINDOWS\system32\dllcache\spra0419.dll
+ 2008-04-13 18:35:21 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra041a.dll
+ 2008-04-13 18:35:28 192,512 ----a-w C:\WINDOWS\system32\dllcache\spra041b.dll
+ 2008-04-13 18:35:28 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra041D.dll
+ 2008-04-13 18:35:29 188,416 ----a-w C:\WINDOWS\system32\dllcache\spra041e.dll
+ 2008-04-13 18:35:30 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra041f.dll
+ 2008-04-13 18:35:28 192,512 ----a-w C:\WINDOWS\system32\dllcache\spra0424.dll
+ 2008-04-13 18:35:11 186,880 ----a-w C:\WINDOWS\system32\dllcache\spra0425.dll
+ 2008-04-13 18:35:24 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra0426.dll
+ 2008-04-13 18:35:24 189,952 ----a-w C:\WINDOWS\system32\dllcache\spra0427.dll
+ 2008-04-13 18:35:06 161,280 ----a-w C:\WINDOWS\system32\dllcache\spra0804.dll
+ 2008-04-13 18:35:26 194,560 ----a-w C:\WINDOWS\system32\dllcache\spra0816.dll
+ 2008-04-13 18:35:11 196,096 ----a-w C:\WINDOWS\system32\dllcache\spra0C0A.dll
+ 2008-04-13 18:35:49 2,869,248 ----a-w C:\WINDOWS\system32\dllcache\sprb0401.dll
+ 2008-04-13 18:36:10 477,696 ----a-w C:\WINDOWS\system32\dllcache\sprb0404.dll
+ 2008-04-13 18:36:10 734,720 ----a-w C:\WINDOWS\system32\dllcache\sprb0405.dll
+ 2008-04-13 18:36:10 742,912 ----a-w C:\WINDOWS\system32\dllcache\sprb0406.dll
+ 2008-04-13 18:37:03 788,480 ----a-w C:\WINDOWS\system32\dllcache\sprb0407.dll
+ 2008-04-13 18:36:35 801,280 ----a-w C:\WINDOWS\system32\dllcache\sprb0408.dll
+ 2008-04-13 18:36:39 729,088 ----a-w C:\WINDOWS\system32\dllcache\sprb040b.dll
+ 2008-04-13 18:36:55 793,088 ----a-w C:\WINDOWS\system32\dllcache\sprb040C.dll
+ 2008-04-13 18:37:07 2,842,112 ----a-w C:\WINDOWS\system32\dllcache\sprb040D.dll
+ 2008-04-13 18:37:22 769,536 ----a-w C:\WINDOWS\system32\dllcache\sprb040e.dll
+ 2008-04-13 18:37:22 769,536 ----a-w C:\WINDOWS\system32\dllcache\sprb0410.dll
+ 2008-04-13 18:37:34 562,688 ----a-w C:\WINDOWS\system32\dllcache\sprb0411.dll
+ 2008-04-13 18:37:37 543,744 ----a-w C:\WINDOWS\system32\dllcache\sprb0412.dll
+ 2008-04-13 18:38:00 769,024 ----a-w C:\WINDOWS\system32\dllcache\sprb0413.dll
+ 2008-04-13 18:38:02 716,288 ----a-w C:\WINDOWS\system32\dllcache\sprb0414.dll
+ 2008-04-13 18:38:05 759,808 ----a-w C:\WINDOWS\system32\dllcache\sprb0415.dll
+ 2008-04-13 18:35:43 752,128 ----a-w C:\WINDOWS\system32\dllcache\sprb0416.dll
+ 2008-04-13 18:38:28 736,768 ----a-w C:\WINDOWS\system32\dllcache\sprb0419.dll
+ 2008-04-13 18:38:37 757,248 ----a-w C:\WINDOWS\system32\dllcache\sprb041b.dll
+ 2008-04-13 18:38:47 724,480 ----a-w C:\WINDOWS\system32\dllcache\sprb041D.dll
+ 2008-04-13 18:38:51 724,480 ----a-w C:\WINDOWS\system32\dllcache\sprb041f.dll
+ 2008-04-13 18:38:36 732,160 ----a-w C:\WINDOWS\system32\dllcache\sprb0424.dll
+ 2008-04-13 18:35:54 470,016 ----a-w C:\WINDOWS\system32\dllcache\sprb0804.dll
+ 2008-04-13 18:38:06 751,616 ----a-w C:\WINDOWS\system32\dllcache\sprb0816.dll
+ 2008-04-13 18:36:38 773,632 ----a-w C:\WINDOWS\system32\dllcache\sprb0C0A.dll
+ 2008-04-13 18:39:02 656,896 ----a-w C:\WINDOWS\system32\dllcache\sprc0401.dll
+ 2008-04-13 18:39:13 327,680 ----a-w C:\WINDOWS\system32\dllcache\sprc0404.dll
+ 2008-04-13 18:39:02 601,088 ----a-w C:\WINDOWS\system32\dllcache\sprc0405.dll
+ 2008-04-13 18:39:12 605,696 ----a-w C:\WINDOWS\system32\dllcache\sprc0406.dll
+ 2008-04-13 18:39:19 663,552 ----a-w C:\WINDOWS\system32\dllcache\sprc0407.dll
+ 2008-04-13 18:39:12 679,936 ----a-w C:\WINDOWS\system32\dllcache\sprc0408.dll
+ 2008-04-13 18:39:17 604,672 ----a-w C:\WINDOWS\system32\dllcache\sprc040b.dll
+ 2008-04-13 18:39:20 663,040 ----a-w C:\WINDOWS\system32\dllcache\sprc040C.dll
+ 2008-04-13 18:39:28 620,544 ----a-w C:\WINDOWS\system32\dllcache\sprc040D.dll
+ 2008-04-13 18:39:28 645,120 ----a-w C:\WINDOWS\system32\dllcache\sprc040e.dll
+ 2008-04-13 18:39:28 658,432 ----a-w C:\WINDOWS\system32\dllcache\sprc0410.dll
+ 2008-04-13 18:39:49 412,672 ----a-w C:\WINDOWS\system32\dllcache\sprc0411.dll
+ 2008-04-13 18:39:49 392,704 ----a-w C:\WINDOWS\system32\dllcache\sprc0412.dll
+ 2008-04-13 18:39:47 645,120 ----a-w C:\WINDOWS\system32\dllcache\sprc0413.dll
+ 2008-04-13 18:39:48 591,872 ----a-w C:\WINDOWS\system32\dllcache\sprc0414.dll
+ 2008-04-13 18:39:52 641,024 ----a-w C:\WINDOWS\system32\dllcache\sprc0415.dll
+ 2008-04-13 18:38:56 620,032 ----a-w C:\WINDOWS\system32\dllcache\sprc0416.dll
+ 2008-04-13 18:39:56 627,200 ----a-w C:\WINDOWS\system32\dllcache\sprc0419.dll
+ 2008-04-13 18:40:04 577,536 ----a-w C:\WINDOWS\system32\dllcache\sprc041b.dll
+ 2008-04-13 18:40:05 590,848 ----a-w C:\WINDOWS\system32\dllcache\sprc041D.dll
+ 2008-04-13 18:40:09 592,896 ----a-w C:\WINDOWS\system32\dllcache\sprc041f.dll
+ 2008-04-13 18:40:05 576,512 ----a-w C:\WINDOWS\system32\dllcache\sprc0424.dll
+ 2008-04-13 18:39:03 322,560 ----a-w C:\WINDOWS\system32\dllcache\sprc0804.dll
+ 2008-04-13 18:39:53 639,488 ----a-w C:\WINDOWS\system32\dllcache\sprc0816.dll
+ 2008-04-13 18:39:13 648,704 ----a-w C:\WINDOWS\system32\dllcache\sprc0C0A.dll
+ 2008-04-14 00:12:06 151,552 ----a-w C:\WINDOWS\system32\dllcache\sqldb20.dll
+ 2008-04-14 00:12:06 462,848 ----a-w C:\WINDOWS\system32\dllcache\sqlqp20.dll
+ 2008-04-14 00:12:06 110,592 ----a-w C:\WINDOWS\system32\dllcache\sqlse20.dll
+ 2008-04-14 00:12:06 217,088 ----a-w C:\WINDOWS\system32\dllcache\sqlxmlx.dll
+ 2008-04-14 00:12:07 33,280 ----a-w C:\WINDOWS\system32\dllcache\sstub.dll
+ 2008-04-14 00:12:07 86,528 ----a-w C:\WINDOWS\system32\dllcache\stdprov.dll
+ 2008-04-14 00:12:07 193,024 ----a-w C:\WINDOWS\system32\dllcache\sysmod.dll
+ 2008-04-14 00:12:07 173,568 ----a-w C:\WINDOWS\system32\dllcache\sysmoda.dll
+ 2008-04-14 00:12:07 279,040 ----a-w C:\WINDOWS\system32\dllcache\tshoot.dll
+ 2008-04-14 00:12:38 150,528 ----a-w C:\WINDOWS\system32\dllcache\uploadm.exe
+ 2008-04-14 00:12:08 131,584 ----a-w C:\WINDOWS\system32\dllcache\viewprov.dll
+ 2008-04-14 00:12:08 196,608 ----a-w C:\WINDOWS\system32\dllcache\wbemcntl.dll
+ 2008-04-14 00:12:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\wbemperf.dll
+ 2008-04-14 00:12:39 116,224 ----a-w C:\WINDOWS\system32\dllcache\wbemtest.exe
+ 2008-04-14 00:12:08 197,120 ----a-w C:\WINDOWS\system32\dllcache\wbemupgd.dll
+ 2008-04-14 00:12:45 146,432 ----a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2008-04-14 00:12:40 196,608 ----a-w C:\WINDOWS\system32\dllcache\wmiadap.exe
+ 2008-04-13 17:10:20 6,656 ----a-w C:\WINDOWS\system32\dllcache\wmiapres.dll
+ 2008-04-14 00:12:09 88,576 ----a-w C:\WINDOWS\system32\dllcache\wmiaprpl.dll
+ 2008-04-14 00:12:40 358,912 ----a-w C:\WINDOWS\system32\dllcache\wmic.exe
+ 2008-04-14 00:12:09 60,928 ----a-w C:\WINDOWS\system32\dllcache\wmicookr.dll
+ 2008-04-14 00:12:09 140,800 ----a-w C:\WINDOWS\system32\dllcache\wmidcprv.dll
+ 2008-04-14 00:12:09 132,096 ----a-w C:\WINDOWS\system32\dllcache\wmipdskq.dll
+ 2008-04-14 00:12:09 61,952 ----a-w C:\WINDOWS\system32\dllcache\wmipiprt.dll
+ 2008-04-14 00:12:09 62,464 ----a-w C:\WINDOWS\system32\dllcache\wmipjobj.dll
+ 2008-04-14 00:12:09 41,472 ----a-w C:\WINDOWS\system32\dllcache\wmipsess.dll
- 2008-04-14 00:12:01 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Atgbjso"="C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"GetModule23"="C:\Program Files\GetModule\GetModule23.exe" [BU]
"Uaol"="C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe" [BU]
"Gool"="C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe" [2008-10-24 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 303104]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-20 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 C:\WINDOWS\stsystra.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

C:\Documents and Settings\Tamara Shanaman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnMCuT]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-12 13:38 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\PROGRA~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2008-09-04 16:28 344064 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 17:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--a------ 2005-09-26 10:26 110592 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2006-11-07 15:49 1121280 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 16:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--------- 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-20 21:01 208941 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-25 19:51 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-20 21:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 18:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-09-04 991232]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-02 17920]
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2008-10-17 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DG1J02B1-Tamara Shanaman).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 18:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0369B80C-4073-4F89-B75D-883234F592DA} - C:\WINDOWS\system32\geBqQhgH.dll
BHO-{36142BDD-7850-42FC-9681-1534A35285B9} - (no file)
BHO-{3C070B53-2BED-4817-847E-B0F2D60221C4} - (no file)
BHO-{3D839748-00F4-5A56-DF3C-58C0735984C8} - (no file)
BHO-{62D1390B-75E8-445C-A99D-3340E08FD4C5} - C:\WINDOWS\system32\xxyvurop.dll
BHO-{699dbe18-9f1d-4327-9ccb-b284eca9c135} - C:\WINDOWS\system32\sdzllx.dll
BHO-{69DAC24C-01F1-5A0D-8B3C-58C0735982CC} - C:\WINDOWS\system32\lovvmwu.dll
BHO-{6B221E01-F517-4959-8C41-81948E7F2F17} - (no file)
BHO-{AD273008-7BFE-40C1-8ED8-C7E2C22613AA} - (no file)
BHO-{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)
BHO-{DA7FC66E-0DEC-4BD9-ACED-F3D8146CEC7F} - (no file)
BHO-{e198b1aa-738f-f74c-75dc-5a7741252a3f} - (no file)
HKCU-Run-Facegame - C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe
ShellExecuteHooks-{62D1390B-75E8-445C-A99D-3340E08FD4C5} - C:\WINDOWS\system32\xxyvurop.dll
Notify-xxyvurop - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.fgcu.edu/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 06:35:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\WudfHost.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-10-27 6:41:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 10:41:15
ComboFix2.txt 2008-10-17 17:06:37
ComboFix3.txt 2008-10-17 14:44:10

Pre-Run: 17,276,719,104 bytes free
Post-Run: 17,544,462,336 bytes free

513 --- E O F --- 2008-10-24 19:41:03

#15 tntdreams

tntdreams
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 27 October 2008 - 06:11 AM

ran combofix here is the log:

ComboFix 08-10-25.01 - Tamara Shanaman 2008-10-27 6:25:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.552 [GMT -4:00]
Running from: C:\Documents and Settings\Tamara Shanaman\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tamara Shanaman\Application Data\APPATC~1
C:\Documents and Settings\Tamara Shanaman\Application Data\APPATC~1\A?pPatch\
C:\Documents and Settings\Tamara Shanaman\Application Data\APPATC~1\arpa.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner
C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Tamara Shanaman\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\Tamara Shanaman\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Tamara Shanaman\Local Settings\Temporary Internet Files\fbk.sts
C:\Program Files\crosof~1.net
C:\Program Files\crosof~1.net\?ti2evxx.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\ftisfm.dll
C:\WINDOWS\system32\geBqQhgH.dll
C:\WINDOWS\system32\geBsrSMD.dll
C:\WINDOWS\system32\HghQqBeg.ini
C:\WINDOWS\system32\HghQqBeg.ini2
C:\WINDOWS\system32\ictpqcpc.dll
C:\WINDOWS\system32\ifmilcmk.dll
C:\WINDOWS\system32\jbpfob.dll
C:\WINDOWS\system32\kmclimfi.ini
C:\WINDOWS\system32\lovvmwu.dll
C:\WINDOWS\system32\lqojwm.dll
C:\WINDOWS\system32\mgyclrny.exe
C:\WINDOWS\system32\npgjydxw.dll
C:\WINDOWS\system32\pmnllijK.dll
C:\WINDOWS\system32\qynfdcxy.ini
C:\WINDOWS\system32\rovmtdcn.dll
C:\WINDOWS\system32\sdzllx.dll
C:\WINDOWS\system32\siiqdktg.exe
C:\WINDOWS\system32\smwin32.dll
C:\WINDOWS\system32\uqekbyhx.dll
C:\WINDOWS\system32\xxyawtuS.dll
C:\WINDOWS\system32\xxyvurop.dll
C:\WINDOWS\system32\yxcdfnyq.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-24 14:43 . 2008-10-24 14:43 <DIR> d-------- C:\Documents and Settings\Tamara Shanaman\Application Data\Gool
2008-10-24 14:33 . 2008-10-24 14:33 <DIR> d-------- C:\Program Files\Mjcore
2008-10-21 05:01 . 2008-10-21 05:01 2 --a------ C:\WINDOWS\msoffice.ini
2008-10-17 09:59 . 2008-10-17 09:59 <DIR> d-------- C:\rsit
2008-10-17 08:04 . 2008-10-17 08:04 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-10-17 08:04 . 2008-10-17 08:04 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-10-17 07:50 . 2008-10-17 07:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 07:50 . 2008-10-17 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 21:55 . 2008-10-24 14:38 <DIR> d-------- C:\Program Files\Webtools
2008-10-16 13:14 . 2008-10-16 13:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-15 21:44 . 2008-10-15 21:44 206,639 --a------ C:\WINDOWS\system32\wpv193.cpx
2008-10-15 21:43 . 2008-10-24 19:36 <DIR> d-------- C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame
2008-10-15 21:43 . 2008-10-15 21:43 206,639 --a------ C:\WINDOWS\system32\wpv393.cpx
2008-10-15 21:41 . 2008-10-15 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-15 21:41 . 2008-10-15 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-15 03:16 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 03:16 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:15 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:15 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 09:07 --------- d-----w C:\Program Files\Yahoo!
2008-10-21 09:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-10-21 09:04 --------- d-----w C:\Program Files\MUSICMATCH
2008-10-21 09:01 --------- d-----w C:\Program Files\Common Files\AOL
2008-10-21 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-10-17 12:19 --------- d-----w C:\Program Files\Enigma Software Group
2008-10-16 16:21 --------- d-----w C:\Program Files\Lavasoft
2008-10-16 16:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 16:34 337,408 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-12 22:04 --------- d-----w C:\Program Files\Modem Helper
2008-10-12 10:44 6,736 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-06 23:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-23 19:57 --------- d-----w C:\Program Files\ACW
2008-09-23 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-21 10:57 --------- d-----w C:\Program Files\Rhapsody
2008-09-17 07:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-16 12:12 --------- d-----w C:\Program Files\Microsoft Works
2008-09-16 12:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 23:46 --------- d-----w C:\Program Files\DIFX
2008-09-14 23:45 --------- d-----w C:\Program Files\LeapFrog
2008-09-14 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Leapfrog
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 18:03 --------- d-----w C:\Program Files\Clicktoy
2008-08-27 08:24 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-31 14:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 14:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 14:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2006-06-18 01:36 88 -csh--r C:\WINDOWS\system32\2D48E5A3AD.sys
2006-10-21 19:24 56 -csh--r C:\WINDOWS\system32\9A7AB3F6D2.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-17_10.43.34.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:11:48 141,312 ----a-w C:\WINDOWS\system32\dllcache\aclua.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\system32\dllcache\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ----a-w C:\WINDOWS\system32\dllcache\agentctl.dll
+ 2008-04-14 00:11:48 57,344 ----a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ----a-w C:\WINDOWS\system32\dllcache\agentmpx.dll
+ 2008-04-14 00:11:48 44,032 ----a-w C:\WINDOWS\system32\dllcache\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ----a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\system32\dllcache\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\system32\dllcache\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\agt040c.dll
+ 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0410.dll
+ 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\system32\dllcache\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt041f.dll
+ 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\system32\dllcache\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ----a-w C:\WINDOWS\system32\dllcache\agtintl.dll
+ 2008-04-13 16:44:16 17,920 ----a-w C:\WINDOWS\system32\dllcache\cobramsg.dll
+ 2008-04-14 00:11:51 195,072 ----a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2008-04-14 00:12:15 9,728 ----a-w C:\WINDOWS\system32\dllcache\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ----a-w C:\WINDOWS\system32\dllcache\comrereg.exe
+ 2008-04-14 00:11:53 21,504 ----a-w C:\WINDOWS\system32\dllcache\evntrprv.dll
+ 2008-04-14 00:11:53 45,056 ----a-w C:\WINDOWS\system32\dllcache\evtgprov.dll
+ 2008-04-13 16:10:32 61,440 ----a-w C:\WINDOWS\system32\dllcache\gacutil.exe
+ 2008-04-14 00:11:54 133,120 ----a-w C:\WINDOWS\system32\dllcache\guitrn.dll
+ 2008-04-14 00:11:54 115,200 ----a-w C:\WINDOWS\system32\dllcache\guitrna.dll
+ 2008-04-14 00:12:21 18,432 ----a-w C:\WINDOWS\system32\dllcache\hscupd.exe
+ 2008-04-14 00:11:56 24,576 ----a-w C:\WINDOWS\system32\dllcache\krnlprov.dll
+ 2008-04-14 00:11:56 19,968 ----a-w C:\WINDOWS\system32\dllcache\log.dll
+ 2008-04-14 00:11:57 274,432 ----a-w C:\WINDOWS\system32\dllcache\migism.dll
+ 2008-04-14 00:11:57 261,120 ----a-w C:\WINDOWS\system32\dllcache\migisma.dll
+ 2008-04-14 00:12:25 103,936 ----a-w C:\WINDOWS\system32\dllcache\migload.exe
+ 2008-04-14 00:12:25 241,152 ----a-w C:\WINDOWS\system32\dllcache\migwiza.exe
+ 2008-04-14 00:12:26 16,384 ----a-w C:\WINDOWS\system32\dllcache\mofcomp.exe
+ 2008-04-14 00:11:58 220,160 ----a-w C:\WINDOWS\system32\dllcache\mscandui.dll
+ 2008-04-13 17:24:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\msdaorar.dll
+ 2008-04-14 00:11:59 94,208 ----a-w C:\WINDOWS\system32\dllcache\msdatl3.dll
+ 2008-04-14 00:11:59 3,166,208 ----a-w C:\WINDOWS\system32\dllcache\msgr3en.dll
+ 2008-04-14 00:12:00 39,936 ----a-w C:\WINDOWS\system32\dllcache\mslwvtts.dll
+ 2008-04-14 00:12:00 122,368 ----a-w C:\WINDOWS\system32\dllcache\msobcomm.dll
+ 2008-04-14 00:12:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\msobdl.dll
+ 2008-04-14 00:12:00 565,248 ----a-w C:\WINDOWS\system32\dllcache\msobmain.dll
+ 2008-04-14 00:12:00 30,720 ----a-w C:\WINDOWS\system32\dllcache\msobshel.dll
+ 2008-04-14 00:12:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\msobweb.dll
+ 2008-04-14 00:12:28 29,184 ----a-w C:\WINDOWS\system32\dllcache\msoobe.exe
+ 2008-04-14 00:12:29 90,624 ----a-w C:\WINDOWS\system32\dllcache\muisetup.exe
+ 2008-04-14 00:12:01 57,344 ----a-w C:\WINDOWS\system32\dllcache\ndisnpp.dll
+ 2008-04-14 00:12:29 15,360 ----a-w C:\WINDOWS\system32\dllcache\nppagent.exe
+ 2008-04-14 00:12:02 212,992 ----a-w C:\WINDOWS\system32\dllcache\ntevt.dll
+ 2008-04-13 18:40:07 393,728 ----a-w C:\WINDOWS\system32\dllcache\obrb0401.dll
+ 2008-04-13 18:40:23 212,480 ----a-w C:\WINDOWS\system32\dllcache\obrb0404.dll
+ 2008-04-13 18:40:24 428,032 ----a-w C:\WINDOWS\system32\dllcache\obrb0405.dll
+ 2008-04-13 18:40:27 418,816 ----a-w C:\WINDOWS\system32\dllcache\obrb0406.dll
+ 2008-04-13 18:40:34 403,456 ----a-w C:\WINDOWS\system32\dllcache\obrb0407.dll
+ 2008-04-13 18:40:30 419,328 ----a-w C:\WINDOWS\system32\dllcache\obrb0408.dll
+ 2008-04-13 18:40:32 405,504 ----a-w C:\WINDOWS\system32\dllcache\obrb040b.dll
+ 2008-04-13 18:40:33 410,624 ----a-w C:\WINDOWS\system32\dllcache\obrb040C.dll
+ 2008-04-13 18:40:32 384,000 ----a-w C:\WINDOWS\system32\dllcache\obrb040D.dll
+ 2008-04-13 18:40:39 434,176 ----a-w C:\WINDOWS\system32\dllcache\obrb040e.dll
+ 2008-04-13 18:40:39 413,696 ----a-w C:\WINDOWS\system32\dllcache\obrb0410.dll
+ 2008-04-13 18:40:44 275,456 ----a-w C:\WINDOWS\system32\dllcache\obrb0411.dll
+ 2008-04-13 18:40:48 306,688 ----a-w C:\WINDOWS\system32\dllcache\obrb0412.dll
+ 2008-04-13 18:40:44 401,920 ----a-w C:\WINDOWS\system32\dllcache\obrb0413.dll
+ 2008-04-13 18:40:44 353,792 ----a-w C:\WINDOWS\system32\dllcache\obrb0414.dll
+ 2008-04-13 18:40:47 391,680 ----a-w C:\WINDOWS\system32\dllcache\obrb0415.dll
+ 2008-04-13 18:40:10 409,600 ----a-w C:\WINDOWS\system32\dllcache\obrb0416.dll
+ 2008-04-13 18:40:50 427,008 ----a-w C:\WINDOWS\system32\dllcache\obrb0419.dll
+ 2008-04-13 18:40:52 405,504 ----a-w C:\WINDOWS\system32\dllcache\obrb041b.dll
+ 2008-04-13 18:40:56 363,008 ----a-w C:\WINDOWS\system32\dllcache\obrb041D.dll
+ 2008-04-13 18:41:00 390,144 ----a-w C:\WINDOWS\system32\dllcache\obrb041f.dll
+ 2008-04-13 18:40:56 408,576 ----a-w C:\WINDOWS\system32\dllcache\obrb0424.dll
+ 2008-04-13 18:40:24 270,336 ----a-w C:\WINDOWS\system32\dllcache\obrb0804.dll
+ 2008-04-13 18:40:48 435,200 ----a-w C:\WINDOWS\system32\dllcache\obrb0816.dll
+ 2008-04-13 18:40:30 446,464 ----a-w C:\WINDOWS\system32\dllcache\obrb0C0A.dll
+ 2008-04-14 00:12:31 51,200 ----a-w C:\WINDOWS\system32\dllcache\oobebaln.exe
+ 2008-04-14 00:12:02 102,912 ----a-w C:\WINDOWS\system32\dllcache\pchshell.dll
+ 2008-04-14 00:12:02 92,672 ----a-w C:\WINDOWS\system32\dllcache\policman.dll
+ 2008-04-14 00:12:03 237,056 ----a-w C:\WINDOWS\system32\dllcache\provthrd.dll
+ 2008-04-14 00:12:34 36,352 ----a-w C:\WINDOWS\system32\dllcache\scrcons.exe
+ 2008-04-14 00:12:05 215,552 ----a-w C:\WINDOWS\system32\dllcache\script.dll
+ 2008-04-14 00:12:05 199,680 ----a-w C:\WINDOWS\system32\dllcache\scripta.dll
+ 2008-04-14 00:12:05 221,696 ----a-w C:\WINDOWS\system32\dllcache\seo.dll
+ 2008-04-14 00:12:06 34,816 ----a-w C:\WINDOWS\system32\dllcache\sniffpol.dll
+ 2008-04-14 00:12:06 130,048 ----a-w C:\WINDOWS\system32\dllcache\softkbd.dll
+ 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\system32\dllcache\spgrmr.dll
+ 2008-04-13 18:35:06 186,880 ----a-w C:\WINDOWS\system32\dllcache\spra0401.dll
+ 2008-04-13 18:35:08 189,440 ----a-w C:\WINDOWS\system32\dllcache\spra0402.dll
+ 2008-04-13 18:35:09 161,280 ----a-w C:\WINDOWS\system32\dllcache\spra0404.dll
+ 2008-04-13 18:35:09 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra0405.dll
+ 2008-04-13 18:35:09 192,000 ----a-w C:\WINDOWS\system32\dllcache\spra0406.dll
+ 2008-04-13 18:35:21 199,680 ----a-w C:\WINDOWS\system32\dllcache\spra0407.dll
+ 2008-04-13 18:35:11 197,632 ----a-w C:\WINDOWS\system32\dllcache\spra0408.dll
+ 2008-04-13 18:35:11 186,368 ----a-w C:\WINDOWS\system32\dllcache\spra040b.dll
+ 2008-04-13 18:35:20 197,632 ----a-w C:\WINDOWS\system32\dllcache\spra040C.dll
+ 2008-04-13 18:35:21 181,760 ----a-w C:\WINDOWS\system32\dllcache\spra040D.dll
+ 2008-04-13 18:35:23 195,584 ----a-w C:\WINDOWS\system32\dllcache\spra040e.dll
+ 2008-04-13 18:35:23 195,072 ----a-w C:\WINDOWS\system32\dllcache\spra0410.dll
+ 2008-04-13 18:35:23 171,008 ----a-w C:\WINDOWS\system32\dllcache\spra0411.dll
+ 2008-04-13 18:35:23 167,936 ----a-w C:\WINDOWS\system32\dllcache\spra0412.dll
+ 2008-04-13 18:35:25 196,096 ----a-w C:\WINDOWS\system32\dllcache\spra0413.dll
+ 2008-04-13 18:35:25 189,440 ----a-w C:\WINDOWS\system32\dllcache\spra0414.dll
+ 2008-04-13 18:35:26 194,560 ----a-w C:\WINDOWS\system32\dllcache\spra0415.dll
+ 2008-04-13 18:35:08 192,512 ----a-w C:\WINDOWS\system32\dllcache\spra0416.dll
+ 2008-04-13 18:35:27 190,464 ----a-w C:\WINDOWS\system32\dllcache\spra0418.dll
+ 2008-04-13 18:35:27 192,512 ----a-w C:\WINDOWS\system32\dllcache\spra0419.dll
+ 2008-04-13 18:35:21 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra041a.dll
+ 2008-04-13 18:35:28 192,512 ----a-w C:\WINDOWS\system32\dllcache\spra041b.dll
+ 2008-04-13 18:35:28 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra041D.dll
+ 2008-04-13 18:35:29 188,416 ----a-w C:\WINDOWS\system32\dllcache\spra041e.dll
+ 2008-04-13 18:35:30 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra041f.dll
+ 2008-04-13 18:35:28 192,512 ----a-w C:\WINDOWS\system32\dllcache\spra0424.dll
+ 2008-04-13 18:35:11 186,880 ----a-w C:\WINDOWS\system32\dllcache\spra0425.dll
+ 2008-04-13 18:35:24 188,928 ----a-w C:\WINDOWS\system32\dllcache\spra0426.dll
+ 2008-04-13 18:35:24 189,952 ----a-w C:\WINDOWS\system32\dllcache\spra0427.dll
+ 2008-04-13 18:35:06 161,280 ----a-w C:\WINDOWS\system32\dllcache\spra0804.dll
+ 2008-04-13 18:35:26 194,560 ----a-w C:\WINDOWS\system32\dllcache\spra0816.dll
+ 2008-04-13 18:35:11 196,096 ----a-w C:\WINDOWS\system32\dllcache\spra0C0A.dll
+ 2008-04-13 18:35:49 2,869,248 ----a-w C:\WINDOWS\system32\dllcache\sprb0401.dll
+ 2008-04-13 18:36:10 477,696 ----a-w C:\WINDOWS\system32\dllcache\sprb0404.dll
+ 2008-04-13 18:36:10 734,720 ----a-w C:\WINDOWS\system32\dllcache\sprb0405.dll
+ 2008-04-13 18:36:10 742,912 ----a-w C:\WINDOWS\system32\dllcache\sprb0406.dll
+ 2008-04-13 18:37:03 788,480 ----a-w C:\WINDOWS\system32\dllcache\sprb0407.dll
+ 2008-04-13 18:36:35 801,280 ----a-w C:\WINDOWS\system32\dllcache\sprb0408.dll
+ 2008-04-13 18:36:39 729,088 ----a-w C:\WINDOWS\system32\dllcache\sprb040b.dll
+ 2008-04-13 18:36:55 793,088 ----a-w C:\WINDOWS\system32\dllcache\sprb040C.dll
+ 2008-04-13 18:37:07 2,842,112 ----a-w C:\WINDOWS\system32\dllcache\sprb040D.dll
+ 2008-04-13 18:37:22 769,536 ----a-w C:\WINDOWS\system32\dllcache\sprb040e.dll
+ 2008-04-13 18:37:22 769,536 ----a-w C:\WINDOWS\system32\dllcache\sprb0410.dll
+ 2008-04-13 18:37:34 562,688 ----a-w C:\WINDOWS\system32\dllcache\sprb0411.dll
+ 2008-04-13 18:37:37 543,744 ----a-w C:\WINDOWS\system32\dllcache\sprb0412.dll
+ 2008-04-13 18:38:00 769,024 ----a-w C:\WINDOWS\system32\dllcache\sprb0413.dll
+ 2008-04-13 18:38:02 716,288 ----a-w C:\WINDOWS\system32\dllcache\sprb0414.dll
+ 2008-04-13 18:38:05 759,808 ----a-w C:\WINDOWS\system32\dllcache\sprb0415.dll
+ 2008-04-13 18:35:43 752,128 ----a-w C:\WINDOWS\system32\dllcache\sprb0416.dll
+ 2008-04-13 18:38:28 736,768 ----a-w C:\WINDOWS\system32\dllcache\sprb0419.dll
+ 2008-04-13 18:38:37 757,248 ----a-w C:\WINDOWS\system32\dllcache\sprb041b.dll
+ 2008-04-13 18:38:47 724,480 ----a-w C:\WINDOWS\system32\dllcache\sprb041D.dll
+ 2008-04-13 18:38:51 724,480 ----a-w C:\WINDOWS\system32\dllcache\sprb041f.dll
+ 2008-04-13 18:38:36 732,160 ----a-w C:\WINDOWS\system32\dllcache\sprb0424.dll
+ 2008-04-13 18:35:54 470,016 ----a-w C:\WINDOWS\system32\dllcache\sprb0804.dll
+ 2008-04-13 18:38:06 751,616 ----a-w C:\WINDOWS\system32\dllcache\sprb0816.dll
+ 2008-04-13 18:36:38 773,632 ----a-w C:\WINDOWS\system32\dllcache\sprb0C0A.dll
+ 2008-04-13 18:39:02 656,896 ----a-w C:\WINDOWS\system32\dllcache\sprc0401.dll
+ 2008-04-13 18:39:13 327,680 ----a-w C:\WINDOWS\system32\dllcache\sprc0404.dll
+ 2008-04-13 18:39:02 601,088 ----a-w C:\WINDOWS\system32\dllcache\sprc0405.dll
+ 2008-04-13 18:39:12 605,696 ----a-w C:\WINDOWS\system32\dllcache\sprc0406.dll
+ 2008-04-13 18:39:19 663,552 ----a-w C:\WINDOWS\system32\dllcache\sprc0407.dll
+ 2008-04-13 18:39:12 679,936 ----a-w C:\WINDOWS\system32\dllcache\sprc0408.dll
+ 2008-04-13 18:39:17 604,672 ----a-w C:\WINDOWS\system32\dllcache\sprc040b.dll
+ 2008-04-13 18:39:20 663,040 ----a-w C:\WINDOWS\system32\dllcache\sprc040C.dll
+ 2008-04-13 18:39:28 620,544 ----a-w C:\WINDOWS\system32\dllcache\sprc040D.dll
+ 2008-04-13 18:39:28 645,120 ----a-w C:\WINDOWS\system32\dllcache\sprc040e.dll
+ 2008-04-13 18:39:28 658,432 ----a-w C:\WINDOWS\system32\dllcache\sprc0410.dll
+ 2008-04-13 18:39:49 412,672 ----a-w C:\WINDOWS\system32\dllcache\sprc0411.dll
+ 2008-04-13 18:39:49 392,704 ----a-w C:\WINDOWS\system32\dllcache\sprc0412.dll
+ 2008-04-13 18:39:47 645,120 ----a-w C:\WINDOWS\system32\dllcache\sprc0413.dll
+ 2008-04-13 18:39:48 591,872 ----a-w C:\WINDOWS\system32\dllcache\sprc0414.dll
+ 2008-04-13 18:39:52 641,024 ----a-w C:\WINDOWS\system32\dllcache\sprc0415.dll
+ 2008-04-13 18:38:56 620,032 ----a-w C:\WINDOWS\system32\dllcache\sprc0416.dll
+ 2008-04-13 18:39:56 627,200 ----a-w C:\WINDOWS\system32\dllcache\sprc0419.dll
+ 2008-04-13 18:40:04 577,536 ----a-w C:\WINDOWS\system32\dllcache\sprc041b.dll
+ 2008-04-13 18:40:05 590,848 ----a-w C:\WINDOWS\system32\dllcache\sprc041D.dll
+ 2008-04-13 18:40:09 592,896 ----a-w C:\WINDOWS\system32\dllcache\sprc041f.dll
+ 2008-04-13 18:40:05 576,512 ----a-w C:\WINDOWS\system32\dllcache\sprc0424.dll
+ 2008-04-13 18:39:03 322,560 ----a-w C:\WINDOWS\system32\dllcache\sprc0804.dll
+ 2008-04-13 18:39:53 639,488 ----a-w C:\WINDOWS\system32\dllcache\sprc0816.dll
+ 2008-04-13 18:39:13 648,704 ----a-w C:\WINDOWS\system32\dllcache\sprc0C0A.dll
+ 2008-04-14 00:12:06 151,552 ----a-w C:\WINDOWS\system32\dllcache\sqldb20.dll
+ 2008-04-14 00:12:06 462,848 ----a-w C:\WINDOWS\system32\dllcache\sqlqp20.dll
+ 2008-04-14 00:12:06 110,592 ----a-w C:\WINDOWS\system32\dllcache\sqlse20.dll
+ 2008-04-14 00:12:06 217,088 ----a-w C:\WINDOWS\system32\dllcache\sqlxmlx.dll
+ 2008-04-14 00:12:07 33,280 ----a-w C:\WINDOWS\system32\dllcache\sstub.dll
+ 2008-04-14 00:12:07 86,528 ----a-w C:\WINDOWS\system32\dllcache\stdprov.dll
+ 2008-04-14 00:12:07 193,024 ----a-w C:\WINDOWS\system32\dllcache\sysmod.dll
+ 2008-04-14 00:12:07 173,568 ----a-w C:\WINDOWS\system32\dllcache\sysmoda.dll
+ 2008-04-14 00:12:07 279,040 ----a-w C:\WINDOWS\system32\dllcache\tshoot.dll
+ 2008-04-14 00:12:38 150,528 ----a-w C:\WINDOWS\system32\dllcache\uploadm.exe
+ 2008-04-14 00:12:08 131,584 ----a-w C:\WINDOWS\system32\dllcache\viewprov.dll
+ 2008-04-14 00:12:08 196,608 ----a-w C:\WINDOWS\system32\dllcache\wbemcntl.dll
+ 2008-04-14 00:12:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\wbemperf.dll
+ 2008-04-14 00:12:39 116,224 ----a-w C:\WINDOWS\system32\dllcache\wbemtest.exe
+ 2008-04-14 00:12:08 197,120 ----a-w C:\WINDOWS\system32\dllcache\wbemupgd.dll
+ 2008-04-14 00:12:45 146,432 ----a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2008-04-14 00:12:40 196,608 ----a-w C:\WINDOWS\system32\dllcache\wmiadap.exe
+ 2008-04-13 17:10:20 6,656 ----a-w C:\WINDOWS\system32\dllcache\wmiapres.dll
+ 2008-04-14 00:12:09 88,576 ----a-w C:\WINDOWS\system32\dllcache\wmiaprpl.dll
+ 2008-04-14 00:12:40 358,912 ----a-w C:\WINDOWS\system32\dllcache\wmic.exe
+ 2008-04-14 00:12:09 60,928 ----a-w C:\WINDOWS\system32\dllcache\wmicookr.dll
+ 2008-04-14 00:12:09 140,800 ----a-w C:\WINDOWS\system32\dllcache\wmidcprv.dll
+ 2008-04-14 00:12:09 132,096 ----a-w C:\WINDOWS\system32\dllcache\wmipdskq.dll
+ 2008-04-14 00:12:09 61,952 ----a-w C:\WINDOWS\system32\dllcache\wmipiprt.dll
+ 2008-04-14 00:12:09 62,464 ----a-w C:\WINDOWS\system32\dllcache\wmipjobj.dll
+ 2008-04-14 00:12:09 41,472 ----a-w C:\WINDOWS\system32\dllcache\wmipsess.dll
- 2008-04-14 00:12:01 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Atgbjso"="C:\Documents and Settings\Tamara Shanaman\My Documents\?ystem32\r?gsvr32.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"GetModule23"="C:\Program Files\GetModule\GetModule23.exe" [BU]
"Uaol"="C:\DOCUME~1\TAMARA~1\MYDOCU~1\SKS~1\wuauboot.exe" [BU]
"Gool"="C:\Documents and Settings\Tamara Shanaman\Application Data\Gool\Gool.exe" [2008-10-24 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 303104]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-20 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 C:\WINDOWS\stsystra.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

C:\Documents and Settings\Tamara Shanaman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnMCuT]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 13:21 116224 C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-12 13:38 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\PROGRA~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2008-09-04 16:28 344064 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 17:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--a------ 2005-09-26 10:26 110592 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2006-11-07 15:49 1121280 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 16:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--------- 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-20 21:01 208941 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-25 19:51 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-20 21:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 18:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-09-04 991232]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-02 17920]
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2008-10-17 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DG1J02B1-Tamara Shanaman).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 18:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0369B80C-4073-4F89-B75D-883234F592DA} - C:\WINDOWS\system32\geBqQhgH.dll
BHO-{36142BDD-7850-42FC-9681-1534A35285B9} - (no file)
BHO-{3C070B53-2BED-4817-847E-B0F2D60221C4} - (no file)
BHO-{3D839748-00F4-5A56-DF3C-58C0735984C8} - (no file)
BHO-{62D1390B-75E8-445C-A99D-3340E08FD4C5} - C:\WINDOWS\system32\xxyvurop.dll
BHO-{699dbe18-9f1d-4327-9ccb-b284eca9c135} - C:\WINDOWS\system32\sdzllx.dll
BHO-{69DAC24C-01F1-5A0D-8B3C-58C0735982CC} - C:\WINDOWS\system32\lovvmwu.dll
BHO-{6B221E01-F517-4959-8C41-81948E7F2F17} - (no file)
BHO-{AD273008-7BFE-40C1-8ED8-C7E2C22613AA} - (no file)
BHO-{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)
BHO-{DA7FC66E-0DEC-4BD9-ACED-F3D8146CEC7F} - (no file)
BHO-{e198b1aa-738f-f74c-75dc-5a7741252a3f} - (no file)
HKCU-Run-Facegame - C:\Documents and Settings\Tamara Shanaman\Application Data\Facegame\Facegame.exe
ShellExecuteHooks-{62D1390B-75E8-445C-A99D-3340E08FD4C5} - C:\WINDOWS\system32\xxyvurop.dll
Notify-xxyvurop - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.fgcu.edu/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 06:35:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\WudfHost.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-10-27 6:41:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 10:41:15
ComboFix2.txt 2008-10-17 17:06:37
ComboFix3.txt 2008-10-17 14:44:10

Pre-Run: 17,276,719,104 bytes free
Post-Run: 17,544,462,336 bytes free

513 --- E O F --- 2008-10-24 19:41:03




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users