Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a wicked bad virus/malware problem. Help please


  • This topic is locked This topic is locked
20 replies to this topic

#1 firefightertom

firefightertom

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springfield Illinois
  • Local time:06:33 PM

Posted 13 December 2008 - 03:18 PM

I have a virus or malware problem that is so bad it wont even alow me to run any spyware or antivirus program. It wont allow me to log onto bleeping computer. I made a copy of Hijack this, and e-mailed it to another computer and communicating through the uninfected computer. That email address is here is my log. please help I'm too young for this many grey hairs. I'll even become a bleeping computer helper if you can help me get this figured out.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:27, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VnrBlock\VnrBlock21.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre6\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [4c45f0db] rundll32.exe "C:\WINDOWS\system32\urpvrwsa.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetPack26] "C:\Program Files\GetPack\GetPack26.exe"
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\QUICKENW\bagent.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208558859556
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS3\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O20 - AppInit_DLLs: C:\WINDOWS\System32\d3d832.dll esboff.dll,C:\WINDOWS\System32\d3d832.dll nlalhr.dll,C:\WINDOWS\System32\d3d832.dll exaipo.dll,C:\WINDOWS\System32\d3d832.dll
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)

--
End of file - 9963 bytes

Edited by kahdah, 13 December 2008 - 04:07 PM.
Removed e-mail address


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:33 PM

Posted 13 December 2008 - 04:06 PM

Hello firefightertom

Welcome to BleepingComputer :thumbsup:
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Lop check
      File - Purity Scan

      Under Basic scans:
      Rootkit Search -Yes
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 firefightertom

firefightertom
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springfield Illinois
  • Local time:06:33 PM

Posted 14 December 2008 - 01:24 PM

If I sent this twice sorry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:40, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VnrBlock\VnrBlock21.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\The Dodd Family\Desktop\OTScanIt2.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [4c45f0db] rundll32.exe "C:\WINDOWS\system32\uijfkaou.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetPack26] "C:\Program Files\GetPack\GetPack26.exe"
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\QUICKENW\bagent.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208558859556
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS3\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O20 - AppInit_DLLs: C:\WINDOWS\System32\d3d832.dll esboff.dll,C:\WINDOWS\System32\d3d832.dll nlalhr.dll,C:\WINDOWS\System32\d3d832.dll exaipo.dll,C:\WINDOWS\System32\d3d832.dll bchzmt.dll,C:\WINDOWS\System32\d3d832.dll clqhrl.dll,C:\WINDOWS\System32\d3d832.dll
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)

--
End of file - 10749 bytes





OTScanIt2 logfile created on: 12/14/2008 10:00:41 AM - Run 8
OTScanIt2 by OldTimer - Version 1.0.3.1	 Folder = C:\Documents and Settings\The Dodd Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
766.80 Mb Total Physical Memory | 345.15 Mb Available Physical Memory | 45.01% Memory free
1.83 Gb Paging File | 1.12 Gb Available in Paging File | 60.99% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 105.10 Gb Free Space | 82.12% Space Free | Partition Type: NTFS
Drive D: | 170.10 Gb Total Space | 141.72 Gb Free Space | 83.31% Space Free | Partition Type: NTFS
Drive E: | 189.92 Gb Total Space | 40.95 Gb Free Space | 21.56% Space Free | Partition Type: NTFS
Drive F: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DODD-GPQAELEXEZ
Current User Name: The Dodd Family
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.)
brctrcen.exe -> %ProgramFiles%\Brother\ControlCenter2\brctrcen.exe -> [2004/07/20 08:34:28 | 00,851,968 | ---- | M] (Brother Industries, Ltd.)
brmfcwnd.exe -> %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe -> [2004/03/26 18:30:12 | 00,819,200 | ---- | M] (Brother Industries, Ltd.)
brmfrmps.exe -> %SystemRoot%\system32\Brmfrmps.exe -> [2003/05/05 18:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.)
brss01a.exe -> %SystemRoot%\system32\brss01a.exe -> [2001/12/12 23:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd)
brsvc01a.exe -> %SystemRoot%\system32\brsvc01a.exe -> [2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
dcfssvc.exe -> %SystemRoot%\system32\drivers\dcfssvc.exe -> [2001/10/09 13:15:42 | 00,159,806 | ---- | M] (Eastman Kodak Company)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/14 11:12:58 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jucheck.exe -> %ProgramFiles%\Java\jre6\bin\jucheck.exe -> [2008/11/14 11:12:58 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/14 11:12:58 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KHAL\KHALMNPR.EXE -> [2005/08/04 02:42:00 | 00,028,160 | ---- | M] (Logitech Inc.)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2005/03/17 10:17:34 | 00,038,912 | ---- | M] ()
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2003/10/06 13:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
pptd40nt.exe -> %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe -> [2004/04/14 13:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.)
pts.exe -> %ProgramFiles%\KODAK\KODAK Picture Transfer Software\PTS.exe -> [2001/10/18 06:21:40 | 00,737,280 | ---- | M] (Eastman Kodak Company)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
searchfilterhost.exe -> %SystemRoot%\system32\searchfilterhost.exe -> [2008/05/26 22:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation)
searchindexer.exe -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
searchprotocolhost.exe -> %SystemRoot%\system32\searchprotocolhost.exe -> [2008/05/26 22:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation)
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2005/08/04 02:42:00 | 00,528,384 | ---- | M] (Logitech Inc.)
spuvolumewatcher.exe -> %ProgramFiles%\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> [2007/01/15 12:23:48 | 00,344,064 | ---- | M] (Sony Corporation)
tavsvc.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavsvc.exe -> [2007/01/19 17:48:58 | 00,251,408 | ---- | M] (Trend Micro Inc.)
tavui.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavui.exe -> [2008/05/08 17:44:18 | 04,613,384 | ---- | M] (Trend Micro Inc.)
tmproxy.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\components\TmProxy.exe -> [2007/01/10 19:19:26 | 00,566,872 | ---- | M] (Trend Micro Inc.)
vnrblock21.exe -> %ProgramFiles%\VnrBlock\VnrBlock21.exe -> [2008/09/18 17:16:44 | 00,364,032 | ---- | M] ()
webshots.scr -> %ProgramFiles%\Webshots\Webshots.scr -> [2008/03/24 16:48:52 | 03,310,928 | ---- | M] (Webshots.com)
windowssearch.exe -> %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
winloggn.exe -> %UserProfile%\Local Settings\Temp\winloggn.exe -> [2008/12/09 22:57:13 | 00,015,000 | ---- | M] ()
yahoowidgets.exe -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgets.exe -> [2007/12/11 16:34:48 | 03,746,856 | ---- | M] (Yahoo! Inc.)
yahoowidgets.exe -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgets.exe -> [2007/12/11 16:34:48 | 03,746,856 | ---- | M] (Yahoo! Inc.)
yahoowidgets.exe -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgets.exe -> [2007/12/11 16:34:48 | 03,746,856 | ---- | M] (Yahoo! Inc.)
 
[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(brmfrmps) Brother Popup Suspend service for Resource manager [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Brmfrmps.exe -> [2003/05/05 18:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.)
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\brsvc01a.exe -> [2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(Dcfssvc) Dcfssvc [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\dcfssvc.exe -> [2001/10/09 13:15:42 | 00,159,806 | ---- | M] (Eastman Kodak Company)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/14 11:12:58 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2005/03/17 10:17:34 | 00,038,912 | ---- | M] ()
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2003/10/06 13:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(tavsvc) Trend Micro AntiVirus Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavsvc.exe -> [2007/01/19 17:48:58 | 00,251,408 | ---- | M] (Trend Micro Inc.)
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\AntiVirus 2007\components\TmProxy.exe -> [2007/01/10 19:19:26 | 00,566,872 | ---- | M] (Trend Micro Inc.)
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Stopped] ->  -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WSearch) Windows Search [Win32_Own | Auto | Running] -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AnyDVD.sys -> [2008/11/12 13:57:24 | 00,103,360 | ---- | M] (SlySoft, Inc.)
(basic2) basic2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\basic2.sys -> [2001/07/18 19:01:56 | 00,077,426 | ---- | M] (Conexant Systems)
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BrScnUsb.sys -> [2003/12/19 21:15:50 | 00,015,263 | ---- | M] (Brother Industries Ltd.)
(BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BrSerIf.sys -> [2004/06/12 05:27:18 | 00,051,712 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BrUsbSer.sys -> [2004/01/10 04:28:18 | 00,011,648 | ---- | M] (Brother Industries Ltd.)
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\DcCam.sys -> [2001/10/09 13:15:42 | 00,034,756 | ---- | M] (Eastman Kodak Company)
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcFpoint.sys -> [2001/10/09 13:15:42 | 00,061,872 | ---- | M] (Eastman Kodak Company)
(DCFS2K) DCFS2K [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\DCFS2k.sys -> [2001/10/09 13:15:42 | 00,036,831 | ---- | M] (Eastman Kodak Company)
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcLps.sys -> [2001/10/09 13:15:42 | 00,008,304 | ---- | M] (Eastman Kodak Company)
(DcPTP) DcPTP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcPtp.sys -> [2001/10/09 13:15:42 | 00,055,108 | ---- | M] (Eastman Kodak Company)
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> [2008/07/21 06:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG)
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyDelay.sys -> [2005/04/12 02:41:20 | 00,004,608 | ---- | M] (Elaborate Bytes AG)
(Exportit) Exportit [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\ExportIt.sys -> [2001/10/09 13:15:04 | 00,131,252 | ---- | M] (Eastman Kodak Company)
(Fallback) Fallback [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\fallback.sys -> [2001/07/18 19:04:04 | 00,310,899 | ---- | M] (Conexant Systems)
(Fsks) Fsks [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\fsksnt.sys -> [2001/07/18 19:06:12 | 00,127,405 | ---- | M] (Conexant Systems)
(gameenum) Santa Cruz Game Port [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hsfbs2s2.sys -> [2004/08/03 23:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hsfdpsp2.sys -> [2004/08/03 23:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.)
(hsf_msft) hsf_msft [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_MSFT.sys -> [2001/08/17 07:28:10 | 00,542,879 | ---- | M] (Conexant)
(K56) K56 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\k56nt.sys -> [2001/07/18 19:06:40 | 00,426,783 | ---- | M] (Conexant Systems)
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\L8042mou.Sys -> [2005/07/22 23:41:08 | 00,055,040 | ---- | M] (Logitech, Inc.)
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouKE.Sys -> [2005/07/22 23:41:42 | 00,068,864 | ---- | M] (Logitech, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/08/03 23:41:55 | 00,011,868 | ---- | M] (Conexant)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 07:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2003/10/06 13:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation)
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2001/08/22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2001/08/18 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2006/11/02 15:57:04 | 00,036,624 | ---- | M] (Sonic Solutions)
(Rksample) Rksample [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rksample.sys -> [2001/07/18 19:01:38 | 00,067,654 | ---- | M] (Conexant Systems)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rtl8139.sys -> [2004/08/03 23:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SoftFax) SoftFax [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\faxnt.sys -> [2001/07/18 19:05:26 | 00,217,019 | ---- | M] (Conexant Systems)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(SpeakerPhone) SpeakerPhone [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\spkpnt.sys -> [2001/07/18 19:07:00 | 00,080,449 | ---- | M] (Conexant Systems)
(tbcspud) Santa Cruz Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tbcspud.sys -> [2002/04/03 10:51:11 | 00,144,768 | ---- | M] (Voyetra Turtle Beach)
(tbcwdm) Santa Cruz WDM Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tbcwdm.sys -> [2002/04/03 10:51:15 | 00,545,088 | ---- | M] (Voyetra Turtle Beach)
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.)
(tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> [2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.)
(tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> [2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.)
(Tones) Tones [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tonesnt.sys -> [2001/07/18 19:04:26 | 00,056,607 | ---- | M] (Conexant Systems)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.)
(V124) V124 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\v124nt.sys -> [2001/07/18 19:01:20 | 00,534,125 | ---- | M] (Conexant Systems)
(vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> [2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsf_cnxt.sys -> [2001/07/25 17:58:28 | 00,584,336 | ---- | M] (Conexant Systems)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2001/08/18 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< HOSTS File > (233948 bytes and 8231 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.1001-search.info
127.0.0.1	1001-search.info
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.139mm.com
127.0.0.1	139mm.com
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
127.0.0.1	171203.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> %SystemRoot%\system32\hgGaxwuu.dll [Reg Error: Value  does not exist or could not be read.] -> [2008/12/09 22:57:39 | 00,039,936 | ---- | M] ()
{D5BF49A2-94F1-42BD-F434-3604812C807D} [HKLM] -> %SystemRoot%\system32\jsdf768wude.dll [C:\WINDOWS\system32\jsdf768wude.dll] -> [2008/12/09 22:57:12 | 00,015,000 | ---- | M] ()
{F792D87A-EA34-494C-A188-75C055099112} [HKLM] -> %SystemRoot%\system32\ljJDSLDV.dll [Reg Error: Value  does not exist or could not be read.] -> [2008/12/09 23:02:50 | 00,240,128 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"4c45f0db" -> %SystemRoot%\system32\uijfkaou.dll [rundll32.exe "C:\WINDOWS\system32\uijfkaou.dll",b] -> [2008/12/13 21:27:49 | 00,068,096 | ---- | M] ()
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"ControlCenter2.0" -> %ProgramFiles%\Brother\ControlCenter2\brctrcen.exe ["C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun] -> [2004/07/20 08:34:28 | 00,851,968 | ---- | M] (Brother Industries, Ltd.)
"IndexSearch" -> %ProgramFiles%\ScanSoft\PaperPort\IndexSearch.exe ["C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"] -> [2004/04/14 14:04:12 | 00,040,960 | ---- | M] (ScanSoft, Inc.)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.)
"Microsoft Works Update Detection" -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe ["C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"] -> [2003/09/13 20:36:52 | 00,050,688 | ---- | M] (Microsoft® Corporation)
"NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe ["C:\WINDOWS\system32\NeroCheck.exe"] -> [2001/07/09 10:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll ["C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2003/10/06 13:16:00 | 05,058,560 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe ["C:\WINDOWS\system32\nwiz.exe" /install] -> [2003/10/06 13:16:00 | 00,741,376 | ---- | M] (NVIDIA Corporation)
"PaperPort PTD" -> %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe ["C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"] -> [2004/04/14 13:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/03/28 22:37:20 | 00,413,696 | ---- | M] (Apple Inc.)
"SetDefPrt" -> %ProgramFiles%\Brother\Brmfl04a\BrStDvPt.exe ["C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"] -> [2004/05/25 08:16:56 | 00,049,152 | ---- | M] (Brother Industories, Ltd.)
"SSBkgdUpdate" -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> [2003/10/14 09:22:30 | 00,155,648 | R--- | M] (Scansoft, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/14 11:12:58 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"Trend Micro AntiVirus 2007" -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavui.exe ["C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15] -> [2008/05/08 17:44:18 | 04,613,384 | ---- | M] (Trend Micro Inc.)
"xsjfn83jkemfofght" -> %UserProfile%\Local Settings\Temp\winloggn.exe [C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe] -> [2008/12/09 22:57:13 | 00,015,000 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AnyDVD" -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe ["C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"] -> [2008/11/17 06:49:20 | 00,089,024 | ---- | M] (SlySoft, Inc.)
"BitTorrent DNA" -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> File not found
"GetPack26" -> %ProgramFiles%\GetPack\GetPack26.exe ["C:\Program Files\GetPack\GetPack26.exe"] -> [2008/12/07 12:40:50 | 00,350,720 | ---- | M] ()
"VnrBlock21" -> %ProgramFiles%\VnrBlock\VnrBlock21.exe ["C:\Program Files\VnrBlock\VnrBlock21.exe"] -> [2008/09/18 17:16:44 | 00,364,032 | ---- | M] ()
"xsjfn83jkemfofght" -> %UserProfile%\Local Settings\Temp\winloggn.exe [C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe] -> [2008/12/09 22:57:13 | 00,015,000 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 14:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Billminder.lnk -> %SystemDrive%\QUICKENW\BILLMIND.EXE -> [2003/07/29 20:49:34 | 00,016,384 | ---- | M] (Intuit)
%AllUsersProfile%\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk -> %ProgramFiles%\KODAK\KODAK Picture Transfer Software\PTS.exe -> [2001/10/18 06:21:40 | 00,737,280 | ---- | M] (Eastman Kodak Company)
%AllUsersProfile%\Start Menu\Programs\Startup\KODAK Software Updater.lnk -> %ProgramFiles%\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe -> [2008/07/31 07:44:25 | 00,016,384 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2005/08/04 02:42:00 | 00,528,384 | ---- | M] (Logitech Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> D:\QUICKENW\bagent.exe -> [2003/07/29 20:49:48 | 00,057,344 | ---- | M] (Intuit Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Status Monitor.lnk -> %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe -> [2004/03/26 18:30:12 | 00,819,200 | ---- | M] (Brother Industries, Ltd.)
%AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
< The Dodd Family Startup Folder > -> C:\Documents and Settings\The Dodd Family\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\p2pmax.lnk -> %ProgramFiles%\p2pmax\p2pmax.exe -> [2008/12/01 18:31:36 | 00,010,240 | ---- | M] ()
%UserProfile%\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk -> %ProgramFiles%\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> [2007/01/15 12:23:48 | 00,344,064 | ---- | M] (Sony Corporation)
%UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> %ProgramFiles%\Webshots\Launcher.exe -> [2008/03/24 16:48:42 | 00,157,008 | ---- | M] (Webshots.com)
%UserProfile%\Start Menu\Programs\Startup\Yahoo! Widgets.lnk -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgets.exe -> [2007/12/11 16:34:48 | 03,746,856 | ---- | M] (Yahoo! Inc.)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [227] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
\\"HideLegacyLogonScripts" ->  [0] -> File not found
\\"HideLogoffScripts" ->  [0] -> File not found
\\"RunLogonScriptSync" ->  [1] -> File not found
\\"RunStartupScriptSync" ->  [0] -> File not found
\\"HideStartupScripts" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"HideLegacyLogonScripts" ->  [0] -> File not found
\\"HideLogoffScripts" ->  [0] -> File not found
\\"HideStartupScripts" ->  [0] -> File not found
\\"RunLogonScriptSync" ->  [1] -> File not found
\\"RunStartupScriptSync" ->  [0] -> File not found
\\"disableregistrytools" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2003/08/13 01:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{5E638779-1818-4754-A595-EF1C63B87A56}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4366 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6995 domain(s) found. -> 
39 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5 Control] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{315B0BFB-2BD4-481B-80A3-A9B80727C61B} [HKLM] -> http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}[WebIQ Engine Application Object] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://photos.walmart.com/WalmartActivia.cab[Snapfish Activia] -> 
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208558859556[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{213496DF-AB0D-46D2-87F7-E717062B344D} -> 68.87.72.130,68.87.77.130   (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\WINDOWS\System32\d3d832.dll esboff.dll -> %SystemRoot%\System32\d3d832.dll esboff.dll -> File not found
C:\WINDOWS\System32\d3d832.dll nlalhr.dll -> %SystemRoot%\System32\d3d832.dll nlalhr.dll -> File not found
C:\WINDOWS\System32\d3d832.dll exaipo.dll -> %SystemRoot%\System32\d3d832.dll exaipo.dll -> File not found
C:\WINDOWS\System32\d3d832.dll bchzmt.dll -> %SystemRoot%\System32\d3d832.dll bchzmt.dll -> File not found
C:\WINDOWS\System32\d3d832.dll clqhrl.dll -> %SystemRoot%\System32\d3d832.dll clqhrl.dll -> File not found
C:\WINDOWS\System32\d3d832.dll -> %SystemRoot%\system32\d3d832.dll -> [2008/12/09 23:02:30 | 00,135,168 | ---- | M] ()
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
4c45f074502 ->  -> File not found
4c45f074511 -> %SystemRoot%\system32\d3d832.dll -> [2008/12/09 23:02:30 | 00,135,168 | ---- | M] ()
hgGaxwuu -> %SystemRoot%\system32\hgGaxwuu.dll -> [2008/12/09 22:57:39 | 00,039,936 | ---- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{D5BF49A2-94F1-42BD-F434-3604812C807D}" [HKLM] -> %SystemRoot%\system32\jsdf768wude.dll [KJhaiufhw3nrih7wefywjfsdfd] -> [2008/12/09 22:57:12 | 00,015,000 | ---- | M] ()
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> %ProgramFiles%\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2008/05/26 22:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation)
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\hgGaxwuu.dll [] -> [2008/12/09 22:57:39 | 00,039,936 | ---- | M] ()
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
C:\WINDOWS\system32\ljJDSLDV -> %SystemRoot%\system32\ljJDSLDV.dll -> [2008/12/09 23:02:50 | 00,240,128 | ---- | M] ()
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour] -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Disabled:DNA] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/03/30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2006/06/21 08:58:33 | 00,159,744 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 12:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/04/18 16:22:55 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
 
[Files/Folders - Created Within 30 Days]
12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
3 D:\*.tmp files -> D:\*.tmp -> 
2 C:\Documents and Settings\The Dodd Family\Desktop\*.tmp files -> C:\Documents and Settings\The Dodd Family\Desktop\*.tmp -> 
hhactivex.dll -> %SystemRoot%\System32\hhactivex.dll -> [2011/04/21 11:05:55 | 00,446,464 | R--- | C] (Blue Sky Software Corporation.)
MSCOMCT2.OCX -> %SystemRoot%\System32\MSCOMCT2.OCX -> [2011/04/21 11:05:54 | 00,645,616 | ---- | C] (Microsoft Corporation)
COMCT332.OCX -> %SystemRoot%\System32\COMCT332.OCX -> [2011/04/21 11:05:54 | 00,414,944 | ---- | C] (Microsoft Corporation )
ssa3d30.ocx -> %SystemRoot%\System32\ssa3d30.ocx -> [2011/04/21 11:05:53 | 00,328,480 | ---- | C] (Sheridan Software Systems, Inc.)
VB5DB.DLL -> %SystemRoot%\System32\VB5DB.DLL -> [2011/04/21 11:05:52 | 00,089,360 | ---- | C] (Microsoft Corporation)
RECYCLER -> D:\RECYCLER -> [2011/04/21 10:01:46 | 00,000,000 | -HSD | C]
Symantec -> %AllUsersProfile%\Application Data\Symantec -> [2011/04/21 08:38:21 | 00,000,000 | ---D | C]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [2011/04/21 08:37:03 | 00,000,000 | ---D | C]
Logitech -> %AppData%\Logitech -> [2011/04/20 19:50:40 | 00,000,000 | ---D | C]
unicows.dll -> %SystemRoot%\System32\unicows.dll -> [2011/04/20 19:48:58 | 00,258,352 | ---- | C] (Microsoft Corporation)
msvcp71.dll -> %SystemRoot%\System32\msvcp71.dll -> [2011/04/20 19:48:57 | 00,499,712 | ---- | C] (Microsoft Corporation)
msvcr71.dll -> %SystemRoot%\System32\msvcr71.dll -> [2011/04/20 19:48:57 | 00,348,160 | ---- | C] (Microsoft Corporation)
MFC71u.dll -> %SystemRoot%\System32\MFC71u.dll -> [2011/04/20 19:48:56 | 01,047,552 | ---- | C] (Microsoft Corporation)
MFC71.dll -> %SystemRoot%\System32\MFC71.dll -> [2011/04/20 19:48:55 | 01,060,864 | ---- | C] (Microsoft Corporation)
atl71.dll -> %SystemRoot%\System32\atl71.dll -> [2011/04/20 19:48:54 | 00,089,088 | ---- | C] (Microsoft Corporation)
Voyetra -> %CommonProgramFiles%\Voyetra -> [2011/04/20 17:21:31 | 00,000,000 | ---D | C]
splitter.sys -> %SystemRoot%\System32\drivers\splitter.sys -> [2011/04/20 17:21:29 | 00,006,272 | ---- | C] (Microsoft Corporation)
wdmaud.sys -> %SystemRoot%\System32\drivers\wdmaud.sys -> [2011/04/20 17:21:26 | 00,083,072 | ---- | C] (Microsoft Corporation)
dmusic.sys -> %SystemRoot%\System32\drivers\dmusic.sys -> [2011/04/20 17:21:25 | 00,052,864 | ---- | C] (Microsoft Corporation)
swmidi.sys -> %SystemRoot%\System32\drivers\swmidi.sys -> [2011/04/20 17:21:24 | 00,056,576 | ---- | C] (Microsoft Corporation)
aec.sys -> %SystemRoot%\System32\drivers\aec.sys -> [2011/04/20 17:21:22 | 00,142,592 | ---- | C] (Microsoft Corporation)
kmixer.sys -> %SystemRoot%\System32\drivers\kmixer.sys -> [2011/04/20 17:21:21 | 00,172,416 | ---- | C] (Microsoft Corporation)
drmkaud.sys -> %SystemRoot%\System32\drivers\drmkaud.sys -> [2011/04/20 17:21:19 | 00,002,944 | ---- | C] (Microsoft Corporation)
sysaudio.sys -> %SystemRoot%\System32\drivers\sysaudio.sys -> [2011/04/20 17:21:17 | 00,060,800 | ---- | C] (Microsoft Corporation)
gameenum.sys -> %SystemRoot%\System32\drivers\gameenum.sys -> [2011/04/20 17:21:15 | 00,010,624 | ---- | C] (Microsoft Corporation)
portcls.sys -> %SystemRoot%\System32\drivers\portcls.sys -> [2011/04/20 17:21:00 | 00,146,048 | ---- | C] (Microsoft Corporation)
drmk.sys -> %SystemRoot%\System32\drivers\drmk.sys -> [2011/04/20 17:21:00 | 00,060,160 | ---- | C] (Microsoft Corporation)
tbcdata -> %SystemRoot%\tbcdata -> [2011/04/20 17:20:52 | 00,000,000 | ---D | C]
tbctray.exe -> %SystemRoot%\System32\tbctray.exe -> [2011/04/20 17:20:50 | 00,290,816 | ---- | C] (Voyetra Turtle Beach, Inc.)
WinInit.INI -> %SystemRoot%\WinInit.INI -> [2011/04/20 17:20:48 | 00,000,012 | ---- | C] ()
tbccpnl.cpl -> %SystemRoot%\System32\tbccpnl.cpl -> [2011/04/20 17:20:46 | 00,155,648 | ---- | C] (Voyetra Turtle Beach, Inc.)
tbcwdm.sys -> %SystemRoot%\System32\drivers\tbcwdm.sys -> [2011/04/20 17:20:42 | 00,545,088 | ---- | C] (Voyetra Turtle Beach)
tbclang.dll -> %SystemRoot%\System32\tbclang.dll -> [2011/04/20 17:20:42 | 00,425,472 | ---- | C] (Voyetra Turtle Beach)
tbcspud.sys -> %SystemRoot%\System32\drivers\tbcspud.sys -> [2011/04/20 17:20:42 | 00,144,768 | ---- | C] (Voyetra Turtle Beach)
tbcos.sys -> %SystemRoot%\System32\drivers\tbcos.sys -> [2011/04/20 17:20:42 | 00,004,224 | ---- | C] (Voyetra Turtle Beach)
Turtle Beach -> %ProgramFiles%\Turtle Beach -> [2011/04/20 17:20:32 | 00,000,000 | ---D | C]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2011/04/20 15:47:12 | 00,000,116 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/04/20 15:47:11 | 00,197,120 | ---- | C] ()
mouhid.sys -> %SystemRoot%\System32\drivers\mouhid.sys -> [2011/04/20 15:40:39 | 00,012,160 | ---- | C] (Microsoft Corporation)
mouhid.sys -> %SystemRoot%\System32\dllcache\mouhid.sys -> [2011/04/20 15:40:39 | 00,012,160 | ---- | C] (Microsoft Corporation)
hidusb.sys -> %SystemRoot%\System32\drivers\hidusb.sys -> [2011/04/20 15:40:36 | 00,010,368 | ---- | C] (Microsoft Corporation)
RECYCLER -> %SystemDrive%\RECYCLER -> [2011/04/19 15:28:37 | 00,000,000 | -HSD | C]
AltrixSoft -> %AppData%\AltrixSoft -> [2011/04/19 15:25:04 | 00,000,000 | ---D | C]
OTScaIt2 -> %UserProfile%\Desktop\OTScaIt2 -> [2008/12/14 09:23:57 | 00,000,000 | ---D | C]
OTScanIt2 -> D:\OTScanIt2 -> [2008/12/14 09:21:32 | 00,000,000 | ---D | C]
uoakfjiu.ini -> %SystemRoot%\System32\uoakfjiu.ini -> [2008/12/13 21:27:49 | 01,651,888 | -HS- | C] ()
uijfkaou.dll -> %SystemRoot%\System32\uijfkaou.dll -> [2008/12/13 21:27:48 | 00,068,096 | ---- | C] ()
clqhrl.dll -> %SystemRoot%\System32\clqhrl.dll -> [2008/12/13 21:21:51 | 00,104,448 | ---- | C] ()
iyjebmcp.dll -> %SystemRoot%\System32\iyjebmcp.dll -> [2008/12/13 21:21:49 | 00,104,448 | ---- | C] ()
ufhdargg.ini -> %SystemRoot%\System32\ufhdargg.ini -> [2008/12/12 21:24:44 | 01,651,888 | -HS- | C] ()
ggradhfu.dll -> %SystemRoot%\System32\ggradhfu.dll -> [2008/12/12 21:24:43 | 00,068,608 | ---- | C] ()
ocgejdfw.dll -> %SystemRoot%\System32\ocgejdfw.dll -> [2008/12/12 21:21:30 | 00,103,936 | ---- | C] ()
bchzmt.dll -> %SystemRoot%\System32\bchzmt.dll -> [2008/12/12 21:21:30 | 00,103,936 | ---- | C] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | C] (OldTimer Tools)
Luann -> %UserProfile%\Desktop\Luann -> [2008/12/11 18:13:59 | 00,000,000 | ---D | C]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [2008/12/11 12:55:54 | 00,000,000 | ---D | C]
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2008/12/11 12:55:41 | 00,000,700 | ---- | C] ()
SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [2008/12/11 12:55:39 | 00,000,000 | ---D | C]
exaipo.dll -> %SystemRoot%\System32\exaipo.dll -> [2008/12/11 12:47:28 | 00,103,424 | ---- | C] ()
fwhyuqfq.dll -> %SystemRoot%\System32\fwhyuqfq.dll -> [2008/12/11 12:47:27 | 00,103,424 | ---- | C] ()
aswrvpru.ini -> %SystemRoot%\System32\aswrvpru.ini -> [2008/12/11 12:45:14 | 01,646,381 | -HS- | C] ()
Config.Msi -> %SystemDrive%\Config.Msi -> [2008/12/11 11:34:59 | 00,000,000 | -HSD | C]
oadjvm.dll -> %SystemRoot%\System32\oadjvm.dll -> [2008/12/11 10:49:35 | 00,105,984 | ---- | C] ()
uaqefhge.dll -> %SystemRoot%\System32\uaqefhge.dll -> [2008/12/11 10:49:34 | 00,105,984 | ---- | C] ()
skebtics.ini -> %SystemRoot%\System32\skebtics.ini -> [2008/12/11 10:46:32 | 01,621,179 | -HS- | C] ()
scitbeks.dll -> %SystemRoot%\System32\scitbeks.dll -> [2008/12/11 10:46:32 | 00,071,680 | ---- | C] ()
GetPack -> %ProgramFiles%\GetPack -> [2008/12/11 08:22:09 | 00,000,000 | ---D | C]
oydsxatc.dll -> %SystemRoot%\System32\oydsxatc.dll -> [2008/12/11 06:50:47 | 00,107,520 | ---- | C] ()
nlalhr.dll -> %SystemRoot%\System32\nlalhr.dll -> [2008/12/11 06:50:47 | 00,107,520 | ---- | C] ()
xinrcwes.ini -> %SystemRoot%\System32\xinrcwes.ini -> [2008/12/11 06:48:59 | 00,000,120 | -HS- | C] ()
Essay #4 revised.doc -> D:\Essay #4 revised.doc -> [2008/12/10 20:31:13 | 00,034,816 | ---- | C] ()
esboff.dll -> %SystemRoot%\System32\esboff.dll -> [2008/12/09 23:04:04 | 00,107,520 | ---- | C] ()
juarorwv.dll -> %SystemRoot%\System32\juarorwv.dll -> [2008/12/09 23:04:01 | 00,107,520 | ---- | C] ()
idvgcaqn.ini -> %SystemRoot%\System32\idvgcaqn.ini -> [2008/12/09 23:03:57 | 01,544,917 | -HS- | C] ()
nqacgvdi.dll -> %SystemRoot%\System32\nqacgvdi.dll -> [2008/12/09 23:03:52 | 00,072,192 | ---- | C] ()
VDLSDJjl.ini2 -> %SystemRoot%\System32\VDLSDJjl.ini2 -> [2008/12/09 23:02:52 | 00,001,508 | -HS- | C] ()
VDLSDJjl.ini -> %SystemRoot%\System32\VDLSDJjl.ini -> [2008/12/09 23:02:51 | 00,001,508 | -HS- | C] ()
ljJDSLDV.dll -> %SystemRoot%\System32\ljJDSLDV.dll -> [2008/12/09 23:02:48 | 00,240,128 | ---- | C] ()
d3d832.dll -> %SystemRoot%\System32\d3d832.dll -> [2008/12/09 23:02:30 | 00,135,168 | ---- | C] ()
VnrBlock -> %ProgramFiles%\VnrBlock -> [2008/12/09 22:57:50 | 00,000,000 | ---D | C]
iCheck -> %ProgramFiles%\iCheck -> [2008/12/09 22:57:50 | 00,000,000 | ---D | C]
pn8.exe -> %SystemRoot%\pn8.exe -> [2008/12/09 22:57:47 | 00,197,185 | ---- | C] ()
fjpcarri.job -> %SystemRoot%\tasks\fjpcarri.job -> [2008/12/09 22:57:47 | 00,000,314 | ---- | C] ()
ssqOGaaX.dll -> %SystemRoot%\System32\ssqOGaaX.dll -> [2008/12/09 22:57:43 | 00,065,024 | ---- | C] (ESET)
hgGaxwuu.dll -> %SystemRoot%\System32\hgGaxwuu.dll -> [2008/12/09 22:57:39 | 00,039,936 | ---- | C] ()
IEToolbar -> %ProgramFiles%\IEToolbar -> [2008/12/09 22:57:35 | 00,000,000 | ---D | C]
ykgee3362.exe -> %SystemRoot%\ykgee3362.exe -> [2008/12/09 22:57:31 | 00,905,545 | ---- | C] ()
cont_adsoftinc-remove.exe -> %SystemRoot%\System32\cont_adsoftinc-remove.exe -> [2008/12/09 22:57:28 | 00,053,942 | ---- | C] ()
p2pmax.lnk -> %UserProfile%\Start Menu\Programs\Startup\p2pmax.lnk -> [2008/12/09 22:57:28 | 00,000,676 | ---- | C] ()
p2pmax -> %ProgramFiles%\p2pmax -> [2008/12/09 22:57:28 | 00,000,000 | ---D | C]
c20232.exe -> %SystemRoot%\c20232.exe -> [2008/12/09 22:57:26 | 00,054,255 | ---- | C] ()
gncyq5.exe -> %SystemRoot%\gncyq5.exe -> [2008/12/09 22:57:20 | 01,807,468 | ---- | C] (www.episodeking.com										 )
jsdf768wude.dll -> %SystemRoot%\System32\jsdf768wude.dll -> [2008/12/09 22:57:12 | 00,015,000 | ---- | C] ()
vtj708346.exe -> %SystemRoot%\vtj708346.exe -> [2008/12/09 22:57:03 | 00,084,982 | ---- | C] ()
nohh06760.exe -> %SystemRoot%\nohh06760.exe -> [2008/12/09 22:57:01 | 00,191,625 | ---- | C] ()
CyberLink -> %AllUsersProfile%\Application Data\CyberLink -> [2008/12/09 22:52:45 | 00,000,000 | ---D | C]
CyberLink -> %AppData%\CyberLink -> [2008/12/09 22:52:40 | 00,000,000 | ---D | C]
CyberLink -> D:\CyberLink -> [2008/12/09 22:51:36 | 00,000,000 | ---D | C]
PFConfig -> %ProgramFiles%\PFConfig -> [2008/12/09 20:49:36 | 00,000,000 | ---D | C]
uTorrent -> %ProgramFiles%\uTorrent -> [2008/12/09 20:40:28 | 00,000,000 | ---D | C]
uTorrent -> %AppData%\uTorrent -> [2008/12/09 20:40:25 | 00,000,000 | ---D | C]
WebIQEngineSetup.exe -> %SystemRoot%\System32\WebIQEngineSetup.exe -> [2008/12/09 18:43:45 | 00,091,520 | ---- | C] ()
Usability Sciences -> %ProgramFiles%\Usability Sciences -> [2008/12/09 18:43:45 | 00,000,000 | ---D | C]
Nutcracker 08 -> %UserProfile%\Desktop\Nutcracker 08 -> [2008/12/08 20:25:44 | 00,000,000 | ---D | C]
Dad's Music -> %UserProfile%\Desktop\Dad's Music -> [2008/12/05 11:02:42 | 00,000,000 | R--D | C]
seven deadly sins.doc -> D:\seven deadly sins.doc -> [2008/12/04 00:44:01 | 00,025,600 | ---- | C] ()
Essay #1-revised  [FINAL!!!].doc -> D:\Essay #1-revised  [FINAL!!!].doc -> [2008/12/03 22:47:07 | 00,030,208 | ---- | C] ()
Essay #3(revised) final.doc -> D:\Essay #3(revised) final.doc -> [2008/12/03 20:21:36 | 00,034,304 | ---- | C] ()
Essay #1-revised.doc -> D:\Essay #1-revised.doc -> [2008/12/03 17:18:29 | 00,029,184 | ---- | C] ()
nsk4428.dll -> %SystemRoot%\System32\nsk4428.dll -> [2008/12/02 10:11:08 | 00,673,280 | ---- | C] ()
Bibliography #4.doc -> D:\Bibliography #4.doc -> [2008/12/01 21:16:47 | 00,027,648 | ---- | C] ()
Bibliography.xml -> D:\Bibliography.xml -> [2008/12/01 21:08:14 | 00,005,896 | ---- | C] ()
UIS tuition.doc -> D:\UIS tuition.doc -> [2008/12/01 20:47:44 | 00,048,128 | ---- | C] ()
Essay #4.doc -> D:\Essay #4.doc -> [2008/11/30 21:05:51 | 00,032,768 | ---- | C] ()
springfield college.doc -> D:\springfield college.doc -> [2008/11/30 20:34:19 | 00,041,472 | ---- | C] ()
Midwest Technical Institute.doc -> D:\Midwest Technical Institute.doc -> [2008/11/30 20:22:50 | 00,054,272 | ---- | C] ()
amanda Christmas 2008 -> %UserProfile%\Desktop\amanda Christmas 2008 -> [2008/11/30 13:17:33 | 00,000,000 | ---D | C]
My Videos -> %AllUsersProfile%\Documents\My Videos -> [2008/11/30 11:33:54 | 00,000,000 | R--D | C]
Windows Search -> %AppData%\Windows Search -> [2008/11/29 13:39:45 | 00,000,000 | ---D | C]
CONEXANT -> %ProgramFiles%\CONEXANT -> [2008/11/29 13:36:26 | 00,000,000 | ---D | C]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [2008/11/29 13:27:56 | 00,000,000 | ---D | C]
Windows Desktop Search -> %AppData%\Windows Desktop Search -> [2008/11/29 13:22:12 | 00,000,000 | ---D | C]
Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> [2008/11/29 13:21:30 | 00,001,797 | ---- | C] ()
Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search -> [2008/11/29 13:21:00 | 00,000,000 | ---D | C]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [2008/11/29 13:20:59 | 00,000,000 | ---D | C]
nlhtml.dll -> %SystemRoot%\System32\dllcache\nlhtml.dll -> [2008/11/29 13:19:43 | 00,098,304 | ---- | C] (Microsoft Corporation)
mimefilt.dll -> %SystemRoot%\System32\dllcache\mimefilt.dll -> [2008/11/29 13:19:43 | 00,029,696 | ---- | C] (Microsoft Corporation)
offfilt.dll -> %SystemRoot%\System32\dllcache\offfilt.dll -> [2008/11/29 13:19:42 | 00,192,000 | ---- | C] (Microsoft Corporation)
12400c4c17dc179d06c3ef -> D:\12400c4c17dc179d06c3ef -> [2008/11/29 13:19:36 | 00,000,000 | ---D | C]
spmsg.dll -> %SystemRoot%\System32\spmsg.dll -> [2008/11/29 13:19:17 | 00,016,760 | ---- | C] (Microsoft Corporation)
Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [2008/11/29 13:18:11 | 00,000,000 | ---D | C]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2008/11/29 13:15:00 | 00,000,000 | -H-- | C] ()
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [2008/11/29 13:14:53 | 00,000,000 | ---D | C]
LogFiles -> %SystemRoot%\System32\LogFiles -> [2008/11/29 13:14:53 | 00,000,000 | ---D | C]
URTTEMP -> %SystemRoot%\System32\URTTEMP -> [2008/11/29 13:12:19 | 00,000,000 | ---D | C]
Baseball -> D:\Baseball -> [2008/11/23 15:39:00 | 00,000,000 | ---D | C]
Mary Kay Christmas Sale.pub -> D:\Mary Kay Christmas Sale.pub -> [2008/11/22 21:29:53 | 00,139,776 | ---- | C] ()
L8042Kbd.SYS -> %SystemRoot%\System32\drivers\L8042Kbd.SYS -> [2008/11/17 14:05:39 | 00,013,440 | ---- | C] (Logitech, Inc.)
Logitech SetPoint.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> [2008/11/17 14:04:13 | 00,001,697 | ---- | C] ()
Logitech -> %CommonProgramFiles%\Logitech -> [2008/11/17 14:03:03 | 00,000,000 | ---D | C]
LMouKE.Sys -> %SystemRoot%\System32\drivers\LMouKE.Sys -> [2008/11/17 14:02:28 | 00,068,864 | ---- | C] (Logitech, Inc.)
L8042mou.Sys -> %SystemRoot%\System32\drivers\L8042mou.Sys -> [2008/11/17 14:02:23 | 00,055,040 | ---- | C] (Logitech, Inc.)
Logitech -> %ProgramFiles%\Logitech -> [2008/11/17 14:02:23 | 00,000,000 | ---D | C]
TweakUI.exe -> %SystemRoot%\System32\TweakUI.exe -> [2008/11/15 20:44:43 | 00,266,360 | ---- | C] (Microsoft Corporation)
PowerToysLicense.rtf -> %SystemRoot%\System32\PowerToysLicense.rtf -> [2008/11/15 20:44:43 | 00,160,217 | ---- | C] ()
wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008/11/15 06:17:44 | 00,023,576 | ---- | C] (Microsoft Corporation)
install.dat -> %SystemDrive%\install.dat -> [2008/11/14 14:14:52 | 00,000,164 | ---- | C] ()
info -> %SystemDrive%\info -> [2008/11/14 12:13:35 | 00,000,000 | ---D | C]
AuBackup.ini -> %SystemRoot%\System32\drivers\AU_Backup\AuBackup.ini -> [2008/11/14 11:49:38 | 00,000,978 | ---- | C] ()
backup.002 -> %SystemRoot%\System32\drivers\AU_Backup\2\16\backup.002 -> [2008/11/14 11:49:32 | 01,052,472 | ---- | C] (Trend Micro Inc.)
Tmfilter.sys -> %SystemRoot%\System32\drivers\Tmfilter.sys -> [2008/11/14 11:49:32 | 00,265,688 | ---- | C] (Trend Micro Inc.)
backup.001 -> %SystemRoot%\System32\drivers\AU_Backup\2\16\backup.001 -> [2008/11/14 11:49:32 | 00,199,440 | ---- | C] (Trend Micro Inc.)
backup.000 -> %SystemRoot%\System32\drivers\AU_Backup\2\553648256\backup.000 -> [2008/11/14 11:49:32 | 00,094,480 | ---- | C] (Trend Micro Inc.)
backup.000 -> %SystemRoot%\System32\drivers\AU_Backup\2\16\backup.000 -> [2008/11/14 11:49:32 | 00,032,528 | ---- | C] (Trend Micro Inc.)
tmfilter.cat -> %SystemRoot%\System32\drivers\tmfilter.cat -> [2008/11/14 11:49:32 | 00,012,319 | ---- | C] ()
tmcomm.cat -> %SystemRoot%\System32\drivers\tmcomm.cat -> [2008/11/14 11:49:32 | 00,010,533 | ---- | C] ()
tmpreflt.inf -> %SystemRoot%\System32\drivers\tmpreflt.inf -> [2008/11/14 11:49:32 | 00,003,444 | ---- | C] ()
tmxpflt.inf -> %SystemRoot%\System32\drivers\tmxpflt.inf -> [2008/11/14 11:49:32 | 00,002,583 | ---- | C] ()
vsapint.inf -> %SystemRoot%\System32\drivers\vsapint.inf -> [2008/11/14 11:49:32 | 00,002,544 | ---- | C] ()
tmcomm.inf -> %SystemRoot%\System32\drivers\tmcomm.inf -> [2008/11/14 11:49:32 | 00,002,487 | ---- | C] ()
AU_Backup -> %SystemRoot%\System32\drivers\AU_Backup -> [2008/11/14 11:49:32 | 00,000,000 | ---D | C]
553648256 -> %SystemRoot%\System32\drivers\AU_Backup\2\553648256 -> [2008/11/14 11:49:32 | 00,000,000 | ---D | C]
2 -> %SystemRoot%\System32\drivers\AU_Backup\2 -> [2008/11/14 11:49:32 | 00,000,000 | ---D | C]
16 -> %SystemRoot%\System32\drivers\AU_Backup\2\16 -> [2008/11/14 11:49:32 | 00,000,000 | ---D | C]
Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro -> [2008/11/14 11:43:15 | 00,000,000 | ---D | C]
tmpreflt.sys -> %SystemRoot%\System32\drivers\tmpreflt.sys -> [2008/11/14 11:42:40 | 00,036,368 | ---- | C] (Trend Micro Inc.)
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2008/11/14 11:42:39 | 00,138,384 | ---- | C] (Trend Micro Inc.)
Trend Micro AntiVirus 2007.lnk -> %AllUsersProfile%\Desktop\Trend Micro AntiVirus 2007.lnk -> [2008/11/14 11:42:34 | 00,001,767 | ---- | C] ()
ComboFix -> %SystemDrive%\ComboFix -> [2008/11/14 11:15:37 | 00,000,000 | ---D | C]
Java -> %ProgramFiles%\Java -> [2008/11/14 11:12:52 | 00,000,000 | ---D | C]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [2008/11/14 10:20:22 | 00,001,739 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
3 D:\*.tmp files -> D:\*.tmp -> 
2 C:\Documents and Settings\The Dodd Family\Desktop\*.tmp files -> C:\Documents and Settings\The Dodd Family\Desktop\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2008/04/18 16:58:26 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/13 13:01:24 | 00,005,179 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/13 13:01:50 | 00,004,232 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2008/04/24 04:52:16 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008/04/24 04:52:16 | 00,008,206 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc -> [2008/12/13 12:42:53 | 00,000,000 | ---D | M]
Perflib_Perfdata_fc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_fc.dat -> [2008/12/13 12:40:59 | 00,016,384 | ---- | M] ()
C:\Documents and Settings\The Dodd Family\Local Settings\Temp\ -> C:\Documents and Settings\The Dodd Family\Local Settings\Temp -> [2008/12/14 09:59:20 | 00,000,000 | ---D | M]
winloggn.exe -> C:\Documents and Settings\The Dodd Family\Local Settings\Temp\winloggn.exe -> [2008/12/09 22:57:13 | 00,015,000 | ---- | M] ()
2 C:\Documents and Settings\The Dodd Family\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\The Dodd Family\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\The Dodd Family\Local Settings\Temp\ -> C:\Documents and Settings\The Dodd Family\Local Settings\Temp -> [2008/12/14 09:59:20 | 00,000,000 | ---D | M]
IadHide3.dll -> C:\Documents and Settings\The Dodd Family\Local Settings\Temp\IadHide3.dll -> [2008/07/31 07:44:24 | 00,024,576 | ---- | M] (BackWeb)
2 C:\Documents and Settings\The Dodd Family\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\The Dodd Family\Local Settings\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/14 09:18:52 | 00,000,000 | ---D | M]
Perflib_Perfdata_4b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat -> [2008/12/14 08:30:59 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a8.dat -> [2008/12/11 13:18:10 | 00,016,384 | ---- | M] ()
2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
WinInit.INI -> %SystemRoot%\WinInit.INI -> [2011/04/20 17:20:48 | 00,000,012 | ---- | M] ()
WIN.QB -> %SystemRoot%\WIN.QB -> [2011/04/20 12:48:20 | 00,000,615 | ---- | M] ()
VDLSDJjl.ini -> %SystemRoot%\System32\VDLSDJjl.ini -> [2008/12/14 10:01:11 | 00,001,508 | -HS- | M] ()
fjpcarri.job -> %SystemRoot%\tasks\fjpcarri.job -> [2008/12/14 10:00:00 | 00,000,314 | ---- | M] ()
VDLSDJjl.ini2 -> %SystemRoot%\System32\VDLSDJjl.ini2 -> [2008/12/14 09:59:56 | 00,001,508 | -HS- | M] ()
uoakfjiu.ini -> %SystemRoot%\System32\uoakfjiu.ini -> [2008/12/13 21:28:03 | 01,651,888 | -HS- | M] ()
uijfkaou.dll -> %SystemRoot%\System32\uijfkaou.dll -> [2008/12/13 21:27:49 | 00,068,096 | ---- | M] ()
ufhdargg.ini -> %SystemRoot%\System32\ufhdargg.ini -> [2008/12/13 21:26:00 | 01,651,888 | -HS- | M] ()
iyjebmcp.dll -> %SystemRoot%\System32\iyjebmcp.dll -> [2008/12/13 21:21:51 | 00,104,448 | ---- | M] ()
clqhrl.dll -> %SystemRoot%\System32\clqhrl.dll -> [2008/12/13 21:21:51 | 00,104,448 | ---- | M] ()
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI -> [2008/12/13 15:38:45 | 00,002,290 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/12/13 12:41:54 | 00,054,156 | -H-- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/13 12:40:20 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/13 12:39:56 | 00,002,048 | --S- | M] ()
ggradhfu.dll -> %SystemRoot%\System32\ggradhfu.dll -> [2008/12/12 21:24:43 | 00,068,608 | ---- | M] ()
ocgejdfw.dll -> %SystemRoot%\System32\ocgejdfw.dll -> [2008/12/12 21:21:30 | 00,103,936 | ---- | M] ()
bchzmt.dll -> %SystemRoot%\System32\bchzmt.dll -> [2008/12/12 21:21:30 | 00,103,936 | ---- | M] ()
aswrvpru.ini -> %SystemRoot%\System32\aswrvpru.ini -> [2008/12/12 21:20:52 | 01,646,381 | -HS- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2008/12/11 12:55:41 | 00,000,700 | ---- | M] ()
fwhyuqfq.dll -> %SystemRoot%\System32\fwhyuqfq.dll -> [2008/12/11 12:47:28 | 00,103,424 | ---- | M] ()
exaipo.dll -> %SystemRoot%\System32\exaipo.dll -> [2008/12/11 12:47:28 | 00,103,424 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/12/11 11:56:50 | 00,233,948 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/12/11 11:36:38 | 00,000,733 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2008/12/11 11:36:38 | 00,000,281 | RHS- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2008/12/11 11:36:38 | 00,000,243 | ---- | M] ()
uaqefhge.dll -> %SystemRoot%\System32\uaqefhge.dll -> [2008/12/11 10:49:34 | 00,105,984 | ---- | M] ()
oadjvm.dll -> %SystemRoot%\System32\oadjvm.dll -> [2008/12/11 10:49:34 | 00,105,984 | ---- | M] ()
skebtics.ini -> %SystemRoot%\System32\skebtics.ini -> [2008/12/11 10:46:47 | 01,621,179 | -HS- | M] ()
scitbeks.dll -> %SystemRoot%\System32\scitbeks.dll -> [2008/12/11 10:46:32 | 00,071,680 | ---- | M] ()
oydsxatc.dll -> %SystemRoot%\System32\oydsxatc.dll -> [2008/12/11 06:50:47 | 00,107,520 | ---- | M] ()
nlalhr.dll -> %SystemRoot%\System32\nlalhr.dll -> [2008/12/11 06:50:47 | 00,107,520 | ---- | M] ()
xinrcwes.ini -> %SystemRoot%\System32\xinrcwes.ini -> [2008/12/11 06:48:59 | 00,000,120 | -HS- | M] ()
Bibliography #4.doc -> D:\Bibliography #4.doc -> [2008/12/10 22:15:50 | 00,027,648 | ---- | M] ()
Essay #4 revised.doc -> D:\Essay #4 revised.doc -> [2008/12/10 22:12:33 | 00,034,816 | ---- | M] ()
GnuHashes.ini -> %SystemRoot%\GnuHashes.ini -> [2008/12/09 23:10:15 | 00,006,144 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/09 23:09:47 | 00,000,116 | ---- | M] ()
idvgcaqn.ini -> %SystemRoot%\System32\idvgcaqn.ini -> [2008/12/09 23:04:04 | 01,544,917 | -HS- | M] ()
juarorwv.dll -> %SystemRoot%\System32\juarorwv.dll -> [2008/12/09 23:04:03 | 00,107,520 | ---- | M] ()
esboff.dll -> %SystemRoot%\System32\esboff.dll -> [2008/12/09 23:04:03 | 00,107,520 | ---- | M] ()
nqacgvdi.dll -> %SystemRoot%\System32\nqacgvdi.dll -> [2008/12/09 23:03:54 | 00,072,192 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/09 23:03:23 | 00,002,206 | ---- | M] ()
ljJDSLDV.dll -> %SystemRoot%\System32\ljJDSLDV.dll -> [2008/12/09 23:02:50 | 00,240,128 | ---- | M] ()
GroupPolicy000.dat -> %SystemRoot%\System32\GroupPolicy000.dat -> [2008/12/09 23:02:34 | 00,001,693 | -HS- | M] ()
d3d832.dll -> %SystemRoot%\System32\d3d832.dll -> [2008/12/09 23:02:30 | 00,135,168 | ---- | M] ()
pn8.exe -> %SystemRoot%\pn8.exe -> [2008/12/09 22:57:49 | 00,197,185 | ---- | M] ()
ssqOGaaX.dll -> %SystemRoot%\System32\ssqOGaaX.dll -> [2008/12/09 22:57:44 | 00,065,024 | ---- | M] (ESET)
hgGaxwuu.dll -> %SystemRoot%\System32\hgGaxwuu.dll -> [2008/12/09 22:57:39 | 00,039,936 | ---- | M] ()
ykgee3362.exe -> %SystemRoot%\ykgee3362.exe -> [2008/12/09 22:57:34 | 00,905,545 | ---- | M] ()
cont_adsoftinc-remove.exe -> %SystemRoot%\System32\cont_adsoftinc-remove.exe -> [2008/12/09 22:57:28 | 00,053,942 | ---- | M] ()
p2pmax.lnk -> %UserProfile%\Start Menu\Programs\Startup\p2pmax.lnk -> [2008/12/09 22:57:28 | 00,000,676 | ---- | M] ()
c20232.exe -> %SystemRoot%\c20232.exe -> [2008/12/09 22:57:27 | 00,054,255 | ---- | M] ()
gncyq5.exe -> %SystemRoot%\gncyq5.exe -> [2008/12/09 22:57:23 | 01,807,468 | ---- | M] (www.episodeking.com										 )
jsdf768wude.dll -> %SystemRoot%\System32\jsdf768wude.dll -> [2008/12/09 22:57:12 | 00,015,000 | ---- | M] ()
vtj708346.exe -> %SystemRoot%\vtj708346.exe -> [2008/12/09 22:57:04 | 00,084,982 | ---- | M] ()
nohh06760.exe -> %SystemRoot%\nohh06760.exe -> [2008/12/09 22:57:02 | 00,191,625 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/09 18:25:04 | 00,000,284 | ---- | M] ()
kodakPS.The Dodd Family.ini -> %SystemRoot%\kodakPS.The Dodd Family.ini -> [2008/12/08 20:28:38 | 00,000,122 | ---- | M] ()
Webshots.lnk -> %UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> [2008/12/08 20:16:30 | 00,000,686 | ---- | M] ()
speech.doc -> D:\speech.doc -> [2008/12/07 19:39:30 | 00,030,720 | ---- | M] ()
Essay #3(revised) final.doc -> D:\Essay #3(revised) final.doc -> [2008/12/04 07:40:58 | 00,034,304 | ---- | M] ()
seven deadly sins.doc -> D:\seven deadly sins.doc -> [2008/12/04 01:01:26 | 00,025,600 | ---- | M] ()
Essay #1-revised  [FINAL!!!].doc -> D:\Essay #1-revised  [FINAL!!!].doc -> [2008/12/03 22:47:07 | 00,030,208 | ---- | M] ()
Essay #3(revised).doc -> D:\Essay #3(revised).doc -> [2008/12/03 20:21:21 | 00,033,792 | ---- | M] ()
Essay #1-revised.doc -> D:\Essay #1-revised.doc -> [2008/12/03 20:16:18 | 00,029,184 | ---- | M] ()
QBWCD.INI -> %SystemRoot%\QBWCD.INI -> [2008/12/02 12:28:37 | 00,000,133 | ---- | M] ()
nsk4428.dll -> %SystemRoot%\System32\nsk4428.dll -> [2008/12/02 10:11:08 | 00,673,280 | ---- | M] ()
Essay #4.doc -> D:\Essay #4.doc -> [2008/12/02 09:33:23 | 00,032,768 | ---- | M] ()
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2008/12/02 09:03:05 | 00,002,137 | ---- | M] ()
Bibliography.xml -> D:\Bibliography.xml -> [2008/12/01 21:08:14 | 00,005,896 | ---- | M] ()
UIS tuition.doc -> D:\UIS tuition.doc -> [2008/12/01 20:47:45 | 00,048,128 | ---- | M] ()
springfield college.doc -> D:\springfield college.doc -> [2008/11/30 20:35:54 | 00,041,472 | ---- | M] ()
Midwest Technical Institute.doc -> D:\Midwest Technical Institute.doc -> [2008/11/30 20:22:51 | 00,054,272 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/29 13:27:11 | 00,430,166 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/29 13:27:11 | 00,071,572 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/29 13:27:10 | 00,499,254 | ---- | M] ()
Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> [2008/11/29 13:21:30 | 00,001,797 | ---- | M] ()
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [2008/11/29 13:18:44 | 00,023,392 | ---- | M] ()
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [2008/11/29 13:18:44 | 00,016,832 | ---- | M] ()
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [2008/11/29 13:16:34 | 00,316,640 | ---- | M] ()
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2008/11/29 13:15:00 | 00,000,000 | -H-- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/11/28 22:32:15 | 00,197,120 | ---- | M] ()
AnyDVD.lnk -> %AllUsersProfile%\Desktop\AnyDVD.lnk -> [2008/11/26 21:35:05 | 00,000,764 | ---- | M] ()
Girls, We Really Are Our Own Worst Enemies.doc -> D:\Girls, We Really Are Our Own Worst Enemies.doc -> [2008/11/25 17:47:50 | 00,024,576 | ---- | M] ()
YouTube - Bella the Beagle listens to the Mac.url -> %UserProfile%\Desktop\YouTube - Bella the Beagle listens to the Mac.url -> [2008/11/23 21:32:29 | 00,000,291 | ---- | M] ()
Mary Kay Christmas Sale.pub -> D:\Mary Kay Christmas Sale.pub -> [2008/11/22 23:03:17 | 00,139,776 | ---- | M] ()
Logitech SetPoint.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> [2008/11/17 14:04:13 | 00,001,697 | ---- | M] ()
Twilight Quiz - Which Twilight Character Are You.url -> %UserProfile%\Desktop\Twilight Quiz - Which Twilight Character Are You.url -> [2008/11/15 19:53:33 | 00,000,925 | ---- | M] ()
InfModM.ini -> %SystemRoot%\InfModM.ini -> [2008/11/15 10:31:00 | 00,000,020 | ---- | M] ()
install.dat -> %SystemDrive%\install.dat -> [2008/11/14 14:14:53 | 00,000,164 | ---- | M] ()
AuBackup.ini -> %SystemRoot%\System32\drivers\AU_Backup\AuBackup.ini -> [2008/11/14 11:49:38 | 00,000,978 | ---- | M] ()
Trend Micro AntiVirus 2007.lnk -> %AllUsersProfile%\Desktop\Trend Micro AntiVirus 2007.lnk -> [2008/11/14 11:42:34 | 00,001,767 | ---- | M] ()
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [2008/11/14 10:20:22 | 00,001,739 | ---- | M] ()
[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/11 12:55:54 | 00,000,000 | RH-D | M]
Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [2008/04/19 18:06:32 | 00,000,000 | ---D | M]
AVS4YOU -> C:\Documents and Settings\All Users\Application Data\AVS4YOU -> [2008/05/30 20:40:57 | 00,000,000 | ---D | M]
Broderbund Software -> C:\Documents and Settings\All Users\Application Data\Broderbund Software -> [2008/04/27 11:48:42 | 00,000,000 | ---D | M]
Brother -> C:\Documents and Settings\All Users\Application Data\Brother -> [2008/04/22 16:22:08 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2008/12/09 22:52:48 | 00,000,000 | ---D | M]
ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2008/04/22 16:23:09 | 00,000,000 | ---D | M]
SlySoft -> C:\Documents and Settings\All Users\Application Data\SlySoft -> [2008/04/23 09:59:31 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/12/14 08:28:07 | 00,000,000 | ---D | M]
WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2008/04/22 18:28:45 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\The Dodd Family\Application Data -> [2008/12/11 11:56:53 | 00,000,000 | -H-D | M]
.BitTornado -> C:\Documents and Settings\The Dodd Family\Application Data\.BitTornado -> [2008/05/08 18:14:11 | 00,000,000 | ---D | M]
Ahead -> C:\Documents and Settings\The Dodd Family\Application Data\Ahead -> [2008/06/18 14:00:06 | 00,000,000 | ---D | M]
AltrixSoft -> C:\Documents and Settings\The Dodd Family\Application Data\AltrixSoft -> [2011/04/19 15:25:04 | 00,000,000 | ---D | M]
AVS4YOU -> C:\Documents and Settings\The Dodd Family\Application Data\AVS4YOU -> [2008/09/10 14:38:19 | 00,000,000 | ---D | M]
AVSMedia -> C:\Documents and Settings\The Dodd Family\Application Data\AVSMedia -> [2008/06/01 16:28:32 | 00,000,000 | ---D | M]
Brother -> C:\Documents and Settings\The Dodd Family\Application Data\Brother -> [2008/05/24 09:56:03 | 00,000,000 | RHSD | M]
ClickFreeBackup -> C:\Documents and Settings\The Dodd Family\Application Data\ClickFreeBackup -> [2008/11/05 14:00:25 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\The Dodd Family\Application Data\CyberLink -> [2008/12/09 22:52:40 | 00,000,000 | ---D | M]
LimeWire -> C:\Documents and Settings\The Dodd Family\Application Data\LimeWire -> [2008/04/22 22:52:28 | 00,000,000 | ---D | M]
MSNInstaller -> C:\Documents and Settings\The Dodd Family\Application Data\MSNInstaller -> [2008/07/26 12:29:13 | 00,000,000 | ---D | M]
Ofoto -> C:\Documents and Settings\The Dodd Family\Application Data\Ofoto -> [2008/05/02 19:39:31 | 00,000,000 | ---D | M]
Snapfish -> C:\Documents and Settings\The Dodd Family\Application Data\Snapfish -> [2008/05/02 20:20:24 | 00,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\The Dodd Family\Application Data\uTorrent -> [2008/12/10 00:19:20 | 00,000,000 | ---D | M]
Webshots -> C:\Documents and Settings\The Dodd Family\Application Data\Webshots -> [2008/04/18 21:52:18 | 00,000,000 | ---D | M]
Windows Desktop Search -> C:\Documents and Settings\The Dodd Family\Application Data\Windows Desktop Search -> [2008/11/29 13:22:12 | 00,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\The Dodd Family\Application Data\Windows Search -> [2008/11/29 13:39:45 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/11 11:56:36 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/12/09 18:25:04 | 00,000,284 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2001/08/18 06:00:00 | 00,000,065 | RH-- | M] ()
fjpcarri.job -> C:\WINDOWS\Tasks\fjpcarri.job -> [2008/12/14 10:00:00 | 00,000,314 | ---- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/13 12:40:20 | 00,000,006 | -H-- | M] ()
[File - Purity Scan]
 
[CatchMe Rootkit Scan by GMER]
Rootkit scan error - could not find scan log
Rootkit scan error - could not find scan log
 
[Alternate Data Streams]
@Alternate Data Stream - 894 bytes -> %UserProfile%\Desktop\Twilight Quiz - Which Twilight Character Are You.url:favicon
@Alternate Data Stream - 894 bytes -> %UserProfile%\Desktop\Twilight Poster, Celebrity READ Posters - The ALA Store- reading posters, bookmarks, librarian professional development books.url:favicon
@Alternate Data Stream - 3638 bytes -> %UserProfile%\Desktop\Theatre Locations for Upcoming Events.url:favicon
@Alternate Data Stream - 3638 bytes -> %UserProfile%\Desktop\JY films The Advertising Techniques Used to Target Children.url:favicon
@Alternate Data Stream - 3638 bytes -> %UserProfile%\Desktop\http--www.fathomevents.com-details.aspxeventid=719.url:favicon
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
@Alternate Data Stream - 1150 bytes -> %UserProfile%\Desktop\YouTube - SSHS JV Cheerleaders Football SHS.url:favicon
@Alternate Data Stream - 1150 bytes -> %UserProfile%\Desktop\YouTube - Bella the Beagle listens to the Mac.url:favicon
@Alternate Data Stream - 1150 bytes -> %UserProfile%\Desktop\Twilighters Anonymous - A Twilight Fansite, Twilight, New Moon, Eclipse, Breaking Dawn - QUIZ RESULT.url:favicon
@Alternate Data Stream - 0 bytes -> D:\Thumbs.db:encryptable
< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:33 PM

Posted 14 December 2008 - 01:54 PM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YY -> vnrblock21.exe -> %ProgramFiles%\VnrBlock\VnrBlock21.exe
YY -> winloggn.exe -> %UserProfile%\Local Settings\Temp\winloggn.exe
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> %SystemRoot%\system32\hgGaxwuu.dll [Reg Error: Value  does not exist or could not be read.]
NY -> {D5BF49A2-94F1-42BD-F434-3604812C807D} [HKLM] -> %SystemRoot%\system32\jsdf768wude.dll [C:\WINDOWS\system32\jsdf768wude.dll]
NY -> {F792D87A-EA34-494C-A188-75C055099112} [HKLM] -> %SystemRoot%\system32\ljJDSLDV.dll [Reg Error: Value  does not exist or could not be read.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "4c45f0db" -> %SystemRoot%\system32\uijfkaou.dll [rundll32.exe "C:\WINDOWS\system32\uijfkaou.dll",b]
YY -> "xsjfn83jkemfofght" -> %UserProfile%\Local Settings\Temp\winloggn.exe [C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "GetPack26" -> %ProgramFiles%\GetPack\GetPack26.exe ["C:\Program Files\GetPack\GetPack26.exe"]
YY -> "VnrBlock21" -> %ProgramFiles%\VnrBlock\VnrBlock21.exe ["C:\Program Files\VnrBlock\VnrBlock21.exe"]
YY -> "xsjfn83jkemfofght" -> %UserProfile%\Local Settings\Temp\winloggn.exe [C:\DOCUME~1\THEDOD~1\LOCALS~1\Temp\winloggn.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\System32\d3d832.dll esboff.dll -> %SystemRoot%\System32\d3d832.dll esboff.dll
YY -> C:\WINDOWS\System32\d3d832.dll nlalhr.dll -> %SystemRoot%\System32\d3d832.dll nlalhr.dll
YY -> C:\WINDOWS\System32\d3d832.dll exaipo.dll -> %SystemRoot%\System32\d3d832.dll exaipo.dll
YY -> C:\WINDOWS\System32\d3d832.dll bchzmt.dll -> %SystemRoot%\System32\d3d832.dll bchzmt.dll
YY -> C:\WINDOWS\System32\d3d832.dll clqhrl.dll -> %SystemRoot%\System32\d3d832.dll clqhrl.dll
YY -> C:\WINDOWS\System32\d3d832.dll -> %SystemRoot%\system32\d3d832.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> 4c45f074502 -> 
YY -> 4c45f074511 -> %SystemRoot%\system32\d3d832.dll
YY -> hgGaxwuu -> %SystemRoot%\system32\hgGaxwuu.dll
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{D5BF49A2-94F1-42BD-F434-3604812C807D}" [HKLM] -> %SystemRoot%\system32\jsdf768wude.dll [KJhaiufhw3nrih7wefywjfsdfd]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\hgGaxwuu.dll []
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YN -> C:\WINDOWS\system32\ljJDSLDV -> %SystemRoot%\system32\ljJDSLDV.dll
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
[Files/Folders - Created Within 30 Days]
NY -> uoakfjiu.ini -> %SystemRoot%\System32\uoakfjiu.ini
NY -> uijfkaou.dll -> %SystemRoot%\System32\uijfkaou.dll
NY -> clqhrl.dll -> %SystemRoot%\System32\clqhrl.dll
NY -> iyjebmcp.dll -> %SystemRoot%\System32\iyjebmcp.dll
NY -> ufhdargg.ini -> %SystemRoot%\System32\ufhdargg.ini
NY -> ggradhfu.dll -> %SystemRoot%\System32\ggradhfu.dll
NY -> ocgejdfw.dll -> %SystemRoot%\System32\ocgejdfw.dll
NY -> bchzmt.dll -> %SystemRoot%\System32\bchzmt.dll
NY -> exaipo.dll -> %SystemRoot%\System32\exaipo.dll
NY -> fwhyuqfq.dll -> %SystemRoot%\System32\fwhyuqfq.dll
NY -> aswrvpru.ini -> %SystemRoot%\System32\aswrvpru.ini
NY -> oadjvm.dll -> %SystemRoot%\System32\oadjvm.dll
NY -> uaqefhge.dll -> %SystemRoot%\System32\uaqefhge.dll
NY -> skebtics.ini -> %SystemRoot%\System32\skebtics.ini
NY -> scitbeks.dll -> %SystemRoot%\System32\scitbeks.dll
NY -> GetPack -> %ProgramFiles%\GetPack
NY -> oydsxatc.dll -> %SystemRoot%\System32\oydsxatc.dll
NY -> nlalhr.dll -> %SystemRoot%\System32\nlalhr.dll
NY -> xinrcwes.ini -> %SystemRoot%\System32\xinrcwes.ini
NY -> esboff.dll -> %SystemRoot%\System32\esboff.dll
NY -> juarorwv.dll -> %SystemRoot%\System32\juarorwv.dll
NY -> idvgcaqn.ini -> %SystemRoot%\System32\idvgcaqn.ini
NY -> nqacgvdi.dll -> %SystemRoot%\System32\nqacgvdi.dll
NY -> VDLSDJjl.ini2 -> %SystemRoot%\System32\VDLSDJjl.ini2
NY -> VDLSDJjl.ini -> %SystemRoot%\System32\VDLSDJjl.ini
NY -> ljJDSLDV.dll -> %SystemRoot%\System32\ljJDSLDV.dll
NY -> d3d832.dll -> %SystemRoot%\System32\d3d832.dll
NY -> VnrBlock -> %ProgramFiles%\VnrBlock
NY -> iCheck -> %ProgramFiles%\iCheck
NY -> pn8.exe -> %SystemRoot%\pn8.exe
NY -> fjpcarri.job -> %SystemRoot%\tasks\fjpcarri.job
NY -> ssqOGaaX.dll -> %SystemRoot%\System32\ssqOGaaX.dll
NY -> hgGaxwuu.dll -> %SystemRoot%\System32\hgGaxwuu.dll
NY -> IEToolbar -> %ProgramFiles%\IEToolbar
NY -> ykgee3362.exe -> %SystemRoot%\ykgee3362.exe
NY -> cont_adsoftinc-remove.exe -> %SystemRoot%\System32\cont_adsoftinc-remove.exe
NY -> c20232.exe -> %SystemRoot%\c20232.exe
NY -> gncyq5.exe -> %SystemRoot%\gncyq5.exe
NY -> jsdf768wude.dll -> %SystemRoot%\System32\jsdf768wude.dll
NY -> vtj708346.exe -> %SystemRoot%\vtj708346.exe
NY -> nohh06760.exe -> %SystemRoot%\nohh06760.exe
[Files/Folders - Modified Within 30 Days]
NY -> VDLSDJjl.ini -> %SystemRoot%\System32\VDLSDJjl.ini
NY -> fjpcarri.job -> %SystemRoot%\tasks\fjpcarri.job
NY -> VDLSDJjl.ini2 -> %SystemRoot%\System32\VDLSDJjl.ini2
NY -> uoakfjiu.ini -> %SystemRoot%\System32\uoakfjiu.ini
NY -> uijfkaou.dll -> %SystemRoot%\System32\uijfkaou.dll
NY -> ufhdargg.ini -> %SystemRoot%\System32\ufhdargg.ini
NY -> iyjebmcp.dll -> %SystemRoot%\System32\iyjebmcp.dll
NY -> clqhrl.dll -> %SystemRoot%\System32\clqhrl.dll
NY -> ggradhfu.dll -> %SystemRoot%\System32\ggradhfu.dll
NY -> ocgejdfw.dll -> %SystemRoot%\System32\ocgejdfw.dll
NY -> bchzmt.dll -> %SystemRoot%\System32\bchzmt.dll
NY -> fwhyuqfq.dll -> %SystemRoot%\System32\fwhyuqfq.dll
NY -> exaipo.dll -> %SystemRoot%\System32\exaipo.dll
NY -> uaqefhge.dll -> %SystemRoot%\System32\uaqefhge.dll
NY -> oadjvm.dll -> %SystemRoot%\System32\oadjvm.dll
NY -> skebtics.ini -> %SystemRoot%\System32\skebtics.ini
NY -> scitbeks.dll -> %SystemRoot%\System32\scitbeks.dll
NY -> oydsxatc.dll -> %SystemRoot%\System32\oydsxatc.dll
NY -> nlalhr.dll -> %SystemRoot%\System32\nlalhr.dll
NY -> xinrcwes.ini -> %SystemRoot%\System32\xinrcwes.ini
NY -> idvgcaqn.ini -> %SystemRoot%\System32\idvgcaqn.ini
NY -> juarorwv.dll -> %SystemRoot%\System32\juarorwv.dll
NY -> esboff.dll -> %SystemRoot%\System32\esboff.dll
NY -> nqacgvdi.dll -> %SystemRoot%\System32\nqacgvdi.dll
NY -> ljJDSLDV.dll -> %SystemRoot%\System32\ljJDSLDV.dll
NY -> d3d832.dll -> %SystemRoot%\System32\d3d832.dll
NY -> pn8.exe -> %SystemRoot%\pn8.exe
NY -> ssqOGaaX.dll -> %SystemRoot%\System32\ssqOGaaX.dll
NY -> hgGaxwuu.dll -> %SystemRoot%\System32\hgGaxwuu.dll
NY -> ykgee3362.exe -> %SystemRoot%\ykgee3362.exe
NY -> cont_adsoftinc-remove.exe -> %SystemRoot%\System32\cont_adsoftinc-remove.exe
NY -> c20232.exe -> %SystemRoot%\c20232.exe
NY -> gncyq5.exe -> %SystemRoot%\gncyq5.exe
NY -> jsdf768wude.dll -> %SystemRoot%\System32\jsdf768wude.dll
NY -> vtj708346.exe -> %SystemRoot%\vtj708346.exe
NY -> nohh06760.exe -> %SystemRoot%\nohh06760.exe
[File - Lop Check]
NY -> fjpcarri.job -> C:\WINDOWS\Tasks\fjpcarri.job
[Custom Items]
:zipfilestoupload
%SystemRoot%\pn8.exe
%SystemRoot%\ykgee3362.exe
%SystemRoot%\c20232.exe
%SystemRoot%\gncyq5.exe
%SystemRoot%\nohh06760.exe
%SystemRoot%\vtj708346.exe
:SENDTOMRC
channel=44
link=http://www.bleepingcomputer.com/forums/t/186322/i-have-a-wicked-bad-virusmalware-problem-help-please/
:end
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
===================================
ALso Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 firefightertom

firefightertom
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springfield Illinois
  • Local time:06:33 PM

Posted 14 December 2008 - 02:54 PM

Am having trouble running OTScanIT Fix. It starts and then freezes when it gets to the line saying downloaded in the past 30 day. tried to restart and run it 3 times but no success. Any ideas?

#6 firefightertom

firefightertom
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springfield Illinois
  • Local time:06:33 PM

Posted 14 December 2008 - 04:22 PM

Finally got the OTScanit to run completely, and the results are posted below. still seem to be having the same problems. IE opens by itself and goes to ad sites, and some of the web sites, including bleeping computer cannot be opened.

Process Explorer.EXE killed successfully!
[Processes - Safe List]
No active process named vnrblock21.exe was found!
File C:\Program Files\VnrBlock\VnrBlock21.exe not found.
No active process named winloggn.exe was found!
File C:\Documents and Settings\The Dodd Family\Local Settings\Temp\winloggn.exe not found.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGaxwuu.dll
C:\WINDOWS\system32\hgGaxwuu.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGaxwuu.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5BF49A2-94F1-42BD-F434-3604812C807D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\ not found.
File C:\WINDOWS\system32\jsdf768wude.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F792D87A-EA34-494C-A188-75C055099112}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F792D87A-EA34-494C-A188-75C055099112}\ not found.
File C:\WINDOWS\system32\ljJDSLDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4c45f0db not found.
File C:\WINDOWS\system32\uijfkaou.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\xsjfn83jkemfofght not found.
File C:\Documents and Settings\The Dodd Family\Local Settings\Temp\winloggn.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GetPack26 deleted successfully.
File C:\Program Files\GetPack\GetPack26.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VnrBlock21 deleted successfully.
File C:\Program Files\VnrBlock\VnrBlock21.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\xsjfn83jkemfofght deleted successfully.
File C:\Documents and Settings\The Dodd Family\Local Settings\Temp\winloggn.exe not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll esboff.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\d3d832.dll esboff.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll nlalhr.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\d3d832.dll nlalhr.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll exaipo.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\d3d832.dll exaipo.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll bchzmt.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\d3d832.dll bchzmt.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll clqhrl.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\d3d832.dll clqhrl.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\d3d832.dll
C:\WINDOWS\system32\d3d832.dll NOT unregistered.
C:\WINDOWS\system32\d3d832.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\4c45f074502\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\4c45f074511\ deleted successfully.
File C:\WINDOWS\system32\d3d832.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGaxwuu\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGaxwuu.dll
C:\WINDOWS\system32\hgGaxwuu.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGaxwuu.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{D5BF49A2-94F1-42BD-F434-3604812C807D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\ not found.
File C:\WINDOWS\system32\jsdf768wude.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGaxwuu.dll
C:\WINDOWS\system32\hgGaxwuu.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\hgGaxwuu.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\ljJDSLDV scheduled to be deleted on reboot.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\uoakfjiu.ini moved successfully.
File C:\WINDOWS\System32\uijfkaou.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\clqhrl.dll
C:\WINDOWS\System32\clqhrl.dll NOT unregistered.
C:\WINDOWS\System32\clqhrl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\iyjebmcp.dll
C:\WINDOWS\System32\iyjebmcp.dll NOT unregistered.
C:\WINDOWS\System32\iyjebmcp.dll moved successfully.
C:\WINDOWS\System32\ufhdargg.ini moved successfully.
File C:\WINDOWS\System32\ggradhfu.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ocgejdfw.dll
C:\WINDOWS\System32\ocgejdfw.dll NOT unregistered.
C:\WINDOWS\System32\ocgejdfw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bchzmt.dll
C:\WINDOWS\System32\bchzmt.dll NOT unregistered.
C:\WINDOWS\System32\bchzmt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\exaipo.dll
C:\WINDOWS\System32\exaipo.dll NOT unregistered.
C:\WINDOWS\System32\exaipo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fwhyuqfq.dll
C:\WINDOWS\System32\fwhyuqfq.dll NOT unregistered.
C:\WINDOWS\System32\fwhyuqfq.dll moved successfully.
C:\WINDOWS\System32\aswrvpru.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\oadjvm.dll
C:\WINDOWS\System32\oadjvm.dll NOT unregistered.
C:\WINDOWS\System32\oadjvm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\uaqefhge.dll
C:\WINDOWS\System32\uaqefhge.dll NOT unregistered.
C:\WINDOWS\System32\uaqefhge.dll moved successfully.
C:\WINDOWS\System32\skebtics.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\scitbeks.dll
C:\WINDOWS\System32\scitbeks.dll NOT unregistered.
C:\WINDOWS\System32\scitbeks.dll moved successfully.
C:\Program Files\GetPack folder moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\oydsxatc.dll
C:\WINDOWS\System32\oydsxatc.dll NOT unregistered.
C:\WINDOWS\System32\oydsxatc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nlalhr.dll
C:\WINDOWS\System32\nlalhr.dll NOT unregistered.
C:\WINDOWS\System32\nlalhr.dll moved successfully.
C:\WINDOWS\System32\xinrcwes.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\esboff.dll
C:\WINDOWS\System32\esboff.dll NOT unregistered.
C:\WINDOWS\System32\esboff.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\juarorwv.dll
C:\WINDOWS\System32\juarorwv.dll NOT unregistered.
C:\WINDOWS\System32\juarorwv.dll moved successfully.
C:\WINDOWS\System32\idvgcaqn.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nqacgvdi.dll
C:\WINDOWS\System32\nqacgvdi.dll NOT unregistered.
C:\WINDOWS\System32\nqacgvdi.dll moved successfully.
C:\WINDOWS\System32\VDLSDJjl.ini2 moved successfully.
C:\WINDOWS\System32\VDLSDJjl.ini moved successfully.
File C:\WINDOWS\System32\ljJDSLDV.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\d3d832.dll
C:\WINDOWS\System32\d3d832.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\d3d832.dll scheduled to be moved on reboot.
C:\Program Files\VnrBlock folder moved successfully.
C:\Program Files\iCheck folder moved successfully.
C:\WINDOWS\pn8.exe moved successfully.
C:\WINDOWS\tasks\fjpcarri.job moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ssqOGaaX.dll
C:\WINDOWS\System32\ssqOGaaX.dll NOT unregistered.
C:\WINDOWS\System32\ssqOGaaX.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hgGaxwuu.dll
C:\WINDOWS\System32\hgGaxwuu.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\hgGaxwuu.dll scheduled to be moved on reboot.
C:\Program Files\IEToolbar\ECO Bar folder moved successfully.
C:\Program Files\IEToolbar folder moved successfully.
C:\WINDOWS\ykgee3362.exe moved successfully.
C:\WINDOWS\System32\cont_adsoftinc-remove.exe moved successfully.
C:\WINDOWS\c20232.exe moved successfully.
C:\WINDOWS\gncyq5.exe moved successfully.
File C:\WINDOWS\System32\jsdf768wude.dll not found!
C:\WINDOWS\vtj708346.exe moved successfully.
C:\WINDOWS\nohh06760.exe moved successfully.
[Files/Folders - Modified Within 30 Days]
File C:\WINDOWS\System32\VDLSDJjl.ini not found!
File C:\WINDOWS\tasks\fjpcarri.job not found!
File C:\WINDOWS\System32\VDLSDJjl.ini2 not found!
File C:\WINDOWS\System32\uoakfjiu.ini not found!
File C:\WINDOWS\System32\uijfkaou.dll not found!
File C:\WINDOWS\System32\ufhdargg.ini not found!
File C:\WINDOWS\System32\iyjebmcp.dll not found!
File C:\WINDOWS\System32\clqhrl.dll not found!
File C:\WINDOWS\System32\ggradhfu.dll not found!
File C:\WINDOWS\System32\ocgejdfw.dll not found!
File C:\WINDOWS\System32\bchzmt.dll not found!
File C:\WINDOWS\System32\fwhyuqfq.dll not found!
File C:\WINDOWS\System32\exaipo.dll not found!
File C:\WINDOWS\System32\uaqefhge.dll not found!
File C:\WINDOWS\System32\oadjvm.dll not found!
File C:\WINDOWS\System32\skebtics.ini not found!
File C:\WINDOWS\System32\scitbeks.dll not found!
File C:\WINDOWS\System32\oydsxatc.dll not found!
File C:\WINDOWS\System32\nlalhr.dll not found!
File C:\WINDOWS\System32\xinrcwes.ini not found!
File C:\WINDOWS\System32\idvgcaqn.ini not found!
File C:\WINDOWS\System32\juarorwv.dll not found!
File C:\WINDOWS\System32\esboff.dll not found!
File C:\WINDOWS\System32\nqacgvdi.dll not found!
File C:\WINDOWS\System32\ljJDSLDV.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\d3d832.dll
C:\WINDOWS\System32\d3d832.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\d3d832.dll scheduled to be moved on reboot.
File C:\WINDOWS\pn8.exe not found!
File C:\WINDOWS\System32\ssqOGaaX.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hgGaxwuu.dll
C:\WINDOWS\System32\hgGaxwuu.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\hgGaxwuu.dll scheduled to be moved on reboot.
File C:\WINDOWS\ykgee3362.exe not found!
File C:\WINDOWS\System32\cont_adsoftinc-remove.exe not found!
File C:\WINDOWS\c20232.exe not found!
File C:\WINDOWS\gncyq5.exe not found!
File C:\WINDOWS\System32\jsdf768wude.dll not found!
File C:\WINDOWS\vtj708346.exe not found!
File C:\WINDOWS\nohh06760.exe not found!
[File - Lop Check]
File C:\WINDOWS\Tasks\fjpcarri.job not found!
[Custom Items]
Zip file C:\Documents and Settings\The Dodd Family\Desktop\12142008_134856.zip created
File: C:\_OTScanIt\MovedFiles\12142008_134856\%SystemRoot%\pn8.exe not found
File: C:\_OTScanIt\MovedFiles\12142008_134856\%SystemRoot%\ykgee3362.exe not found
File: C:\_OTScanIt\MovedFiles\12142008_134856\%SystemRoot%\c20232.exe not found
File: C:\_OTScanIt\MovedFiles\12142008_134856\%SystemRoot%\gncyq5.exe not found
File: C:\_OTScanIt\MovedFiles\12142008_134856\%SystemRoot%\nohh06760.exe not found
File: C:\_OTScanIt\MovedFiles\12142008_134856\%SystemRoot%\vtj708346.exe not found
File: C:\Documents and Settings\The Dodd Family\Desktop\12142008_134856.zip uploaded successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\The Dodd Family\Local Settings\Temp\IadHide3.dll scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.3.1 fix logfile created on 12142008_134856

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\hgGaxwuu.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\d3d832.dll moved successfully.
C:\Documents and Settings\The Dodd Family\Local Settings\Temp\IadHide3.dll moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_a0.dat not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll esboff.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll nlalhr.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll exaipo.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll bchzmt.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\d3d832.dll clqhrl.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\ljJDSLDV scheduled to be deleted on reboot.

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:33 PM

Posted 14 December 2008 - 06:37 PM

See if you can run this :

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 firefightertom

firefightertom
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springfield Illinois
  • Local time:06:33 PM

Posted 15 December 2008 - 06:09 PM

Here is the combo fix and hi jack logs. sorry it took so long to get back to you but we lost intenet service do to ice storm.
Thanks, Tom

ComboFix 08-12-15.01 - The Dodd Family 2008-12-15 16:27:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.434 [GMT -6:00]
Running from: c:\documents and settings\The Dodd Family\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\3.tmp
c:\windows\system32\BJkTvyay.ini
c:\windows\system32\BJkTvyay.ini2
c:\windows\system32\cmxeaveg.dll
c:\windows\system32\cqtzrn.dll
c:\windows\system32\drivers\TDSSqavb.sys
c:\windows\system32\frmjuktl.ini
c:\windows\system32\gevaexmc.ini
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\2CB.tmp
c:\windows\system32\hgGaxwuu.dll
c:\windows\system32\jetaydyu.dll
c:\windows\system32\ltkujmrf.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\ogleuv.dll
c:\windows\system32\TDSSkfjw.dll
c:\windows\system32\TDSSkhwj.log
c:\windows\system32\TDSSkrat.dat
c:\windows\system32\TDSSkrij.dll
c:\windows\system32\TDSSkwie.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoowh.dll
c:\windows\system32\TDSSpdye.dll
c:\windows\system32\TDSStmrp.log
c:\windows\system32\TDSSulhc.dll
c:\windows\system32\vedafhsu.dll
c:\windows\system32\yayvTkJB.dll

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2011-04-21 11:05 . 1999-05-07 12:24 645,616 --a------ c:\windows\system32\MSCOMCT2.OCX
2011-04-21 11:05 . 2000-03-23 11:50 446,464 -ra------ c:\windows\system32\hhactivex.dll
2011-04-21 11:05 . 1999-05-07 12:24 414,944 --a------ c:\windows\system32\COMCT332.OCX
2011-04-21 11:05 . 1998-11-10 09:46 328,480 --a------ c:\windows\system32\ssa3d30.ocx
2011-04-21 11:05 . 2002-01-08 16:00 176,128 --a------ c:\windows\system32\RcdScan.dll
2011-04-21 11:05 . 1998-09-24 11:03 171,967 --a------ c:\windows\system32\Odbcjet.hlp
2011-04-21 11:05 . 1998-06-17 22:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2011-04-21 11:05 . 2001-08-22 07:42 13,632 --a------ c:\windows\system32\drivers\omci.sys
2011-04-21 11:05 . 1998-09-24 11:03 7,348 --a------ c:\windows\system32\Odbcjet.cnt
2011-04-21 08:38 . 2008-11-14 13:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2011-04-21 08:37 . 2008-11-14 14:00 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2011-04-20 19:50 . 2011-04-20 19:50 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Logitech
2011-04-20 19:48 . 2005-08-04 02:42 1,060,864 --a------ c:\windows\system32\MFC71.dll
2011-04-20 19:48 . 2005-08-04 02:42 1,047,552 --a------ c:\windows\system32\MFC71u.dll
2011-04-20 19:48 . 2005-08-04 02:42 499,712 --a------ c:\windows\system32\msvcp71.dll
2011-04-20 19:48 . 2005-08-04 02:42 348,160 --a------ c:\windows\system32\msvcr71.dll
2011-04-20 19:48 . 2005-08-04 02:42 258,352 --a------ c:\windows\system32\unicows.dll
2011-04-20 19:48 . 2005-08-04 02:42 89,088 --a------ c:\windows\system32\atl71.dll
2011-04-20 17:21 . 2011-04-20 17:21 <DIR> d-------- c:\program files\Common Files\Voyetra
2011-04-20 17:21 . 2008-04-13 12:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2011-04-20 17:21 . 2008-04-13 13:19 146,048 --a------ c:\windows\system32\drivers\portcls.sys
2011-04-20 17:21 . 2008-04-13 10:39 142,592 --a------ c:\windows\system32\drivers\aec.sys
2011-04-20 17:21 . 2008-04-13 13:17 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2011-04-20 17:21 . 2008-04-13 13:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2011-04-20 17:21 . 2008-04-13 12:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2011-04-20 17:21 . 2008-04-13 12:45 56,576 --a------ c:\windows\system32\drivers\swmidi.sys
2011-04-20 17:21 . 2008-04-13 12:45 52,864 --a------ c:\windows\system32\drivers\dmusic.sys
2011-04-20 17:21 . 2008-04-13 12:45 10,624 --a------ c:\windows\system32\drivers\gameenum.sys
2011-04-20 17:21 . 2008-04-13 12:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2011-04-20 17:21 . 2008-04-13 12:45 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2011-04-20 17:20 . 2011-04-20 17:21 <DIR> d-------- c:\windows\tbcdata
2011-04-20 17:20 . 2011-04-20 17:20 <DIR> d-------- c:\program files\Turtle Beach
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a--c--- c:\windows\system32\dllcache\a3d.dll
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a------ c:\windows\system32\Audio3D.dll
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a------ c:\windows\system32\a3d.dll
2011-04-20 17:20 . 2002-04-03 10:51 545,088 --a------ c:\windows\system32\drivers\tbcwdm.sys
2011-04-20 17:20 . 2002-04-03 10:51 425,472 --a------ c:\windows\system32\tbclang.dll
2011-04-20 17:20 . 2002-04-03 10:47 290,816 --a------ c:\windows\system32\tbctray.exe
2011-04-20 17:20 . 2002-04-03 10:47 155,648 --a------ c:\windows\system32\tbccpnl.cpl
2011-04-20 17:20 . 2002-04-03 10:51 144,768 --a------ c:\windows\system32\drivers\tbcspud.sys
2011-04-20 17:20 . 2002-04-03 10:48 4,224 --a------ c:\windows\system32\drivers\tbcos.sys
2011-04-20 17:20 . 2011-04-20 17:20 12 --a------ c:\windows\WinInit.INI
2011-04-20 15:47 . 2008-12-09 23:09 116 --a------ c:\windows\NeroDigital.ini
2011-04-20 15:40 . 2001-08-17 12:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2011-04-20 15:40 . 2001-08-17 12:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2011-04-20 15:40 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2011-04-19 15:25 . 2011-04-19 15:25 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\AltrixSoft
2008-12-14 13:22 . 2008-12-14 13:22 <DIR> d-------- C:\_OTScanIt
2008-12-11 14:19 . 2008-04-23 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-11 14:19 . 2008-12-11 14:19 <DIR> d-------- c:\documents and settings\Administrator
2008-12-11 12:55 . 2008-12-11 12:57 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-11 12:55 . 2008-12-14 08:28 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 23:02 . 2008-12-09 23:02 373,760 --ahs---- c:\windows\system32\4432.tmp
2008-12-09 23:02 . 2008-12-14 18:35 135,168 --a------ c:\windows\system32\d3d832.dll
2008-12-09 22:57 . 2008-12-09 22:57 <DIR> d-------- c:\program files\p2pmax
2008-12-09 22:52 . 2008-12-09 22:52 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\CyberLink
2008-12-09 22:52 . 2008-12-09 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-09 20:49 . 2008-12-09 21:22 <DIR> d-------- c:\program files\PFConfig
2008-12-09 20:40 . 2008-12-11 08:45 <DIR> d-------- c:\program files\uTorrent
2008-12-09 20:40 . 2008-12-10 00:19 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\uTorrent
2008-12-09 18:43 . 2008-12-09 18:43 <DIR> d-------- c:\program files\Usability Sciences
2008-12-09 18:43 . 2008-04-15 05:58 91,520 --a------ c:\windows\system32\WebIQEngineSetup.exe
2008-12-02 10:11 . 2008-12-02 10:11 673,280 --a------ c:\windows\system32\nsk4428.dll
2008-11-29 13:39 . 2008-11-29 13:39 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Windows Search
2008-11-29 13:36 . 2008-11-29 13:36 <DIR> d-------- c:\program files\CONEXANT
2008-11-29 13:22 . 2008-11-29 13:22 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Windows Desktop Search
2008-11-29 13:21 . 2008-11-29 13:21 <DIR> d-------- c:\program files\Windows Desktop Search
2008-11-29 13:20 . 2008-11-29 13:20 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-11-29 13:19 . 2008-03-07 11:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-11-29 13:19 . 2008-03-07 11:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-11-29 13:19 . 2008-03-07 11:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-11-29 13:18 . 2008-11-29 13:18 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-29 13:14 . 2008-12-09 23:02 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-29 13:14 . 2008-11-29 13:16 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-29 13:12 . 2008-11-29 13:12 <DIR> d-------- c:\windows\system32\URTTEMP
2008-11-17 14:05 . 2005-07-22 23:40 13,440 --a------ c:\windows\system32\drivers\L8042Kbd.SYS
2008-11-17 14:03 . 2008-11-17 14:03 <DIR> d-------- c:\program files\Common Files\Logitech
2008-11-17 14:02 . 2008-11-17 14:02 <DIR> d-------- c:\program files\Logitech
2008-11-17 14:02 . 2005-07-22 23:41 68,864 --a------ c:\windows\system32\drivers\LMouKE.Sys
2008-11-17 14:02 . 2005-07-22 23:41 55,040 --a------ c:\windows\system32\drivers\L8042mou.Sys
2008-11-15 20:44 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-11-15 20:44 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-11-15 06:17 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 14:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 02:37 --------- d-----w c:\program files\BitTorrent
2008-11-15 16:31 --------- d-----w c:\program files\PhoneTools
2008-11-14 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-14 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 20:14 164 ----a-w C:\install.dat
2008-11-14 19:43 --------- d-----w c:\program files\Norton Internet Security
2008-11-14 19:43 --------- d-----w c:\documents and settings\The Dodd Family\Application Data\Symantec
2008-11-14 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2008-11-14 17:42 --------- d-----w c:\program files\Trend Micro
2008-11-14 17:12 --------- d-----w c:\program files\Java
2008-11-14 16:19 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 15:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-12 19:57 103,360 ----a-w c:\windows\system32\drivers\AnyDVD.sys
2008-11-12 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-12 05:39 --------- d-----w c:\program files\Lavasoft
2008-11-12 05:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-05 20:00 --------- d-----w c:\documents and settings\The Dodd Family\Application Data\ClickFreeBackup
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 22:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2008-11-17 89024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="c:\windows\system32\nwiz.exe" [2003-10-06 741376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 50688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-14 136600]
"Trend Micro AntiVirus 2007"="c:\program files\Trend Micro\AntiVirus 2007\tavui.exe" [2008-05-08 4613384]

c:\documents and settings\The Dodd Family\Start Menu\Programs\Startup\
p2pmax.lnk - c:\program files\p2pmax\p2pmax.exe [2008-12-01 10240]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-22 344064]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-04-18 157008]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-22 113664]
KODAK Picture Transfer Software.lnk - c:\program files\Kodak\KODAK Picture Transfer Software\pts.exe [2008-07-31 737280]
KODAK Software Updater.lnk - c:\program files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2008-07-31 16384]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-17 528384]
Quicken Scheduled Updates.lnk - d:\quickenw\bagent.exe [2003-07-29 57344]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-22 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\4c45f074511]
2008-12-14 18:35 135168 c:\windows\system32\d3d832.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-14 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe [2007-01-10 566872]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2011-04-20 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2011-04-20 545088]
S2 mrtRate;mrtRate; []
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1C9EAFA1-ABF3-41DB-B37E-4ADD3366F51F} - (no file)
BHO-{2082d9d3-16b8-4499-a5b1-06a775efe1f4} - c:\windows\system32\ogleuv.dll
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\hgGaxwuu.dll
BHO-{8F1617C7-9477-49DD-B58B-D9483AB5759F} - c:\windows\system32\yayvTkJB.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\hgGaxwuu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\tmlsp.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 16:42:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\windows\System32\d3d832.dll

- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\tmlsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\system32\drivers\dcfssvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Trend Micro\AntiVirus 2007\tavsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-12-15 16:45:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-15 22:45:13
ComboFix2.txt 2008-11-14 15:11:30

Pre-Run: 112,796,184,576 bytes free
Post-Run: 112,672,563,200 bytes free

277 --- E O F --- 2008-11-13 09:03:45








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:23, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\QUICKENW\bagent.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208558859556
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O17 - HKLM\System\CS1\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O20 - Winlogon Notify: 4c45f074511 - C:\WINDOWS\System32\d3d832.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)

--
End of file - 8031 bytes

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:33 PM

Posted 16 December 2008 - 08:03 AM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====================================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 firefightertom

firefightertom
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springfield Illinois
  • Local time:06:33 PM

Posted 18 December 2008 - 05:15 PM

Here are the logs you requested. a quick scan by Malawarebytes revealed 2 infected registry key, but a full scan revealed even more infected stuff. I attached both. I also attached the Kaspersky scan which found infections as well. Thank you for devoting time to my problem. Tom



Malwarebytes' Anti-Malware 1.31
Database version: 1511
Windows 5.1.2600 Service Pack 3

12/17/2008 10:15:00 AM
mbam-log-2008-12-17 (10-15-00).txt

Scan type: Quick Scan
Objects scanned: 55884
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







Malwarebytes' Anti-Malware 1.31
Database version: 1511
Windows 5.1.2600 Service Pack 3

12/17/2008 4:58:32 PM
mbam-log-2008-12-17 (16-58-32).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 199510
Time elapsed: 1 hour(s), 54 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\cmxeaveg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cqtzrn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jetaydyu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ltkujmrf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ogleuv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vedafhsu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayvTkJB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP319\A0059966.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP319\A0059967.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP319\A0059971.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP319\A0059972.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP319\A0059973.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP319\A0059974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP319\A0059975.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP322\A0061989.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP322\A0061990.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP322\A0061991.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP322\A0061992.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP322\A0061994.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{12969860-E9A3-417F-A662-8046A0C34E1A}\RP322\A0061996.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\12142008_133218\C_WINDOWS\system32\ljJDSLDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\12142008_134856\C_WINDOWS\system32\exaipo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\12142008_134856\C_WINDOWS\system32\fwhyuqfq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\12142008_134856\C_WINDOWS\system32\oadjvm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\12142008_134856\C_WINDOWS\system32\scitbeks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\12142008_134856\C_WINDOWS\system32\uaqefhge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.







KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 17, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 17, 2008 20:42:06
Records in database: 1472279


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\The Dodd Family\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 42546
Threat name 21
Infected objects 72
Suspicious objects 0
Duration of the scan 00:58:13

File name Threat name Threats count
C:\WINDOWS\System32\d3d832.dll/C:\WINDOWS\System32\d3d832.dll Infected: Trojan-Downloader.Win32.Agent.atko 17

C:\Program Files\p2pmax\p2pmax.exe Infected: P2P-Worm.Win32.Small.au 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\12.tmp Infected: Backdoor.Win32.Agent.vpo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\13.tmp Infected: Backdoor.Win32.Agent.vpo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\14.tmp Infected: Backdoor.Win32.Agent.vpo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\15.tmp Infected: Trojan.Win32.Monder.abuk 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\17.tmp Infected: Backdoor.Win32.Agent.vpo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\18.tmp Infected: Trojan.Win32.Agent.attb 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1A.tmp Infected: Backdoor.Win32.Agent.vpo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1B.tmp Infected: Backdoor.Win32.Agent.vpo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1B62.tmp Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1B63.tmp Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1C.tmp Infected: Backdoor.Win32.Agent.vpo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1C7.tmp Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1D.tmp Infected: Trojan.Win32.Monder.abuk 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1E64.tmp Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\1F.tmp Infected: Backdoor.Win32.Agent.vpo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\20.tmp Infected: Trojan.Win32.Agent.attb 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\2E8.tmp Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\2E9.tmp Infected: Backdoor.Win32.TDSS.bkw 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\2FA.tmp Infected: Backdoor.Win32.TDSS.blh 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\2FC.tmp Infected: Backdoor.Win32.TDSS.asz 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\2FD.tmp Infected: Backdoor.Win32.TDSS.atb 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\2FE.tmp Infected: Trojan.Win32.Agent.arvz 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\3.tmp Infected: Backdoor.Win32.TDSS.asz 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\4.tmp Infected: Backdoor.Win32.TDSS.blh 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\440B.tmp Infected: Trojan-Downloader.Win32.VB.dck 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\4440.tmp Infected: Trojan.JS.Agent.fs 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\4441.tmp Infected: Trojan-Clicker.HTML.IFrame.aau 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\4442.tmp Infected: Trojan-Clicker.HTML.IFrame.aav 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\4E.tmp Infected: Trojan-Downloader.Win32.Agent.aocd 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\5.tmp Infected: Trojan.Win32.Agent.arvz 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\6.tmp Infected: Backdoor.Win32.TDSS.atb 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\609.tmp Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\60A.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\60B.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\60C.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\60D.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\60E.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\60F.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\610.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\611.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\612.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\613.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\614.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\615.tmp Infected: Trojan-Dropper.Win32.Agent.zto 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\7.tmp Infected: Backdoor.Win32.TDSS.bkw 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\8.tmp Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\A.tmp Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\C.tmp Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\E.tmp Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\F.tmp Infected: Trojan-Downloader.Win32.Agent.aseo 1

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\TDSSa83a.tmp Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080425-153001-984.dll Infected: not-a-virus:AdWare.Win32.Agent.bra 1

C:\WINDOWS\system32\d3d832.dll Infected: Trojan-Downloader.Win32.Agent.atko 1

C:\WINDOWS\system32\GroupPolicyManifest\9.remix.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

The selected area was scanned.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:33 PM

Posted 18 December 2008 - 10:53 PM

Hi the files it found on a full scan are not more infections they are ones we have deleted already and are in quarantine.

Please delete all of the files from the QUarantine from your antivirus program.
=============
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\d3d832.dll 
C:\WINDOWS\system32\GroupPolicyManifest\9.remix.mp3 
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080425-153001-984.dll 

Folder::
C:\Program Files\p2pmax


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 firefightertom

firefightertom
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springfield Illinois
  • Local time:06:33 PM

Posted 20 December 2008 - 01:55 PM

Here are the ComboFix and and HiJackThis logs



ComboFix 08-12-15.01 - The Dodd Family 2008-12-20 8:02:01.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.255 [GMT -6:00]
Running from: c:\documents and settings\The Dodd Family\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\GroupPolicyManifest

.
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2011-04-21 11:05 . 1999-05-07 12:24 645,616 --a------ c:\windows\system32\MSCOMCT2.OCX
2011-04-21 11:05 . 2000-03-23 11:50 446,464 -ra------ c:\windows\system32\hhactivex.dll
2011-04-21 11:05 . 1999-05-07 12:24 414,944 --a------ c:\windows\system32\COMCT332.OCX
2011-04-21 11:05 . 1998-11-10 09:46 328,480 --a------ c:\windows\system32\ssa3d30.ocx
2011-04-21 11:05 . 2002-01-08 16:00 176,128 --a------ c:\windows\system32\RcdScan.dll
2011-04-21 11:05 . 1998-09-24 11:03 171,967 --a------ c:\windows\system32\Odbcjet.hlp
2011-04-21 11:05 . 1998-06-17 22:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2011-04-21 11:05 . 2001-08-22 07:42 13,632 --a------ c:\windows\system32\drivers\omci.sys
2011-04-21 11:05 . 1998-09-24 11:03 7,348 --a------ c:\windows\system32\Odbcjet.cnt
2011-04-21 08:38 . 2008-11-14 13:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2011-04-20 19:50 . 2011-04-20 19:50 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Logitech
2011-04-20 19:48 . 2005-08-04 02:42 1,060,864 --a------ c:\windows\system32\MFC71.dll
2011-04-20 19:48 . 2005-08-04 02:42 1,047,552 --a------ c:\windows\system32\MFC71u.dll
2011-04-20 19:48 . 2005-08-04 02:42 499,712 --a------ c:\windows\system32\msvcp71.dll
2011-04-20 19:48 . 2005-08-04 02:42 348,160 --a------ c:\windows\system32\msvcr71.dll
2011-04-20 19:48 . 2005-08-04 02:42 258,352 --a------ c:\windows\system32\unicows.dll
2011-04-20 19:48 . 2005-08-04 02:42 89,088 --a------ c:\windows\system32\atl71.dll
2011-04-20 17:21 . 2008-04-13 12:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2011-04-20 17:21 . 2008-04-13 13:19 146,048 --a------ c:\windows\system32\drivers\portcls.sys
2011-04-20 17:21 . 2008-04-13 10:39 142,592 --a------ c:\windows\system32\drivers\aec.sys
2011-04-20 17:21 . 2008-04-13 13:17 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2011-04-20 17:21 . 2008-04-13 13:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2011-04-20 17:21 . 2008-04-13 12:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2011-04-20 17:21 . 2008-04-13 12:45 56,576 --a------ c:\windows\system32\drivers\swmidi.sys
2011-04-20 17:21 . 2008-04-13 12:45 52,864 --a------ c:\windows\system32\drivers\dmusic.sys
2011-04-20 17:21 . 2008-04-13 12:45 10,624 --a------ c:\windows\system32\drivers\gameenum.sys
2011-04-20 17:21 . 2008-04-13 12:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2011-04-20 17:21 . 2008-04-13 12:45 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2011-04-20 17:20 . 2011-04-20 17:21 <DIR> d-------- c:\windows\tbcdata
2011-04-20 17:20 . 2011-04-20 17:20 <DIR> d-------- c:\program files\Turtle Beach
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a--c--- c:\windows\system32\dllcache\a3d.dll
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a------ c:\windows\system32\Audio3D.dll
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a------ c:\windows\system32\a3d.dll
2011-04-20 17:20 . 2002-04-03 10:51 545,088 --a------ c:\windows\system32\drivers\tbcwdm.sys
2011-04-20 17:20 . 2002-04-03 10:51 425,472 --a------ c:\windows\system32\tbclang.dll
2011-04-20 17:20 . 2002-04-03 10:47 290,816 --a------ c:\windows\system32\tbctray.exe
2011-04-20 17:20 . 2002-04-03 10:47 155,648 --a------ c:\windows\system32\tbccpnl.cpl
2011-04-20 17:20 . 2002-04-03 10:51 144,768 --a------ c:\windows\system32\drivers\tbcspud.sys
2011-04-20 17:20 . 2002-04-03 10:48 4,224 --a------ c:\windows\system32\drivers\tbcos.sys
2011-04-20 17:20 . 2011-04-20 17:20 12 --a------ c:\windows\WinInit.INI
2011-04-20 15:47 . 2008-12-09 23:09 116 --a------ c:\windows\NeroDigital.ini
2011-04-20 15:40 . 2001-08-17 12:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2011-04-20 15:40 . 2001-08-17 12:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2011-04-20 15:40 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2011-04-19 15:25 . 2011-04-19 15:25 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\AltrixSoft
2008-12-20 08:00 . 2008-12-20 08:01 <DIR> d-------- C:\32788R22FWJFW
2008-12-20 03:34 . 2008-12-20 03:34 373,760 --ahs---- c:\windows\system32\41.tmp
2008-12-18 06:23 . 2008-12-18 06:23 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-12-18 01:26 . 2008-12-18 01:26 775,168 --a------ c:\windows\isRS-000.tmp
2008-12-18 01:25 . 2008-12-18 01:25 <DIR> d-------- c:\program files\Webroot
2008-12-18 01:25 . 2008-12-18 01:25 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Webroot
2008-12-18 01:25 . 2008-12-18 06:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-12-17 10:03 . 2008-12-17 10:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 10:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 10:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-16 03:00 . 2008-12-18 03:01 1,393 --a------ c:\windows\imsins.BAK
2008-12-14 13:22 . 2008-12-14 13:22 <DIR> d-------- C:\_OTScanIt
2008-12-11 14:19 . 2008-04-23 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-11 14:19 . 2008-12-18 06:44 <DIR> d-------- c:\documents and settings\Administrator
2008-12-11 12:55 . 2008-12-11 12:57 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-11 12:55 . 2008-12-15 17:37 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 23:02 . 2008-12-09 23:02 373,760 --ahs---- c:\windows\system32\4432.tmp
2008-12-09 23:02 . 2008-12-14 18:35 135,168 --a------ c:\windows\system32\d3d832.dll
2008-12-09 22:57 . 2008-12-09 22:57 <DIR> d-------- c:\program files\p2pmax
2008-12-09 22:52 . 2008-12-09 22:52 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\CyberLink
2008-12-09 22:52 . 2008-12-09 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-09 20:49 . 2008-12-09 21:22 <DIR> d-------- c:\program files\PFConfig
2008-12-09 20:40 . 2008-12-11 08:45 <DIR> d-------- c:\program files\uTorrent
2008-12-09 20:40 . 2008-12-10 00:19 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\uTorrent
2008-12-09 18:43 . 2008-12-09 18:43 <DIR> d-------- c:\program files\Usability Sciences
2008-12-09 18:43 . 2008-04-15 05:58 91,520 --a------ c:\windows\system32\WebIQEngineSetup.exe
2008-12-02 10:11 . 2008-12-02 10:11 673,280 --a------ c:\windows\system32\nsk4428.dll
2008-11-29 13:39 . 2008-11-29 13:39 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Windows Search
2008-11-29 13:36 . 2008-11-29 13:36 <DIR> d-------- c:\program files\CONEXANT
2008-11-29 13:22 . 2008-11-29 13:22 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Windows Desktop Search
2008-11-29 13:21 . 2008-11-29 13:21 <DIR> d-------- c:\program files\Windows Desktop Search
2008-11-29 13:20 . 2008-11-29 13:20 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-11-29 13:19 . 2008-03-07 11:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-11-29 13:19 . 2008-03-07 11:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-11-29 13:19 . 2008-03-07 11:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-11-29 13:18 . 2008-11-29 13:18 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-29 13:14 . 2008-12-09 23:02 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-29 13:14 . 2008-11-29 13:16 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-29 13:12 . 2008-11-29 13:12 <DIR> d-------- c:\windows\system32\URTTEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 23:21 --------- d-----w c:\program files\Common Files\Voyetra
2008-12-18 12:42 --------- d-----w c:\program files\PhoneTools
2008-12-18 07:25 164 ----a-w C:\install.dat
2008-12-18 05:13 --------- d-----w c:\program files\Java
2008-12-11 14:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 02:37 --------- d-----w c:\program files\BitTorrent
2008-11-19 17:21 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll
2008-11-17 20:03 --------- d-----w c:\program files\Common Files\Logitech
2008-11-17 20:02 --------- d-----w c:\program files\Logitech
2008-11-14 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-14 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 20:00 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-14 19:43 --------- d-----w c:\program files\Norton Internet Security
2008-11-14 19:43 --------- d-----w c:\documents and settings\The Dodd Family\Application Data\Symantec
2008-11-14 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2008-11-14 17:42 --------- d-----w c:\program files\Trend Micro
2008-11-14 16:19 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 05:13 318,976 --sha-w c:\windows\system32\81.tmp
2008-11-12 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-12 05:39 --------- d-----w c:\program files\Lavasoft
2008-11-12 05:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-11 23:32 318,976 --sha-w c:\windows\system32\22.tmp
2008-11-11 00:09 318,976 --sha-w c:\windows\system32\6CB.tmp
2008-11-10 11:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-10 01:47 318,976 --sha-w c:\windows\system32\E2.tmp
2008-11-09 03:29 318,976 --sha-w c:\windows\system32\4E.tmp
2008-11-05 20:00 --------- d-----w c:\documents and settings\The Dodd Family\Application Data\ClickFreeBackup
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-15_16.44.09.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-12-13 06:26:56 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 08:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-12-15 00:33:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-18 09:07:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-15 00:33:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-18 09:07:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-15 00:33:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-18 09:07:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-18 05:16:47 1,576,960 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
- 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 02:03:58 100,864 -c----w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 07:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 08:56:46 151,552 -c--a-w c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53:40 172,032 -c--a-w c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 00:12:07 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 03:47:20 937,984 -c----w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 03:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-12-15 22:06:50 1,559 --sha-w c:\windows\system32\GroupPolicy000.dat
+ 2008-12-20 13:53:56 1,531 --sha-w c:\windows\system32\GroupPolicy000.dat
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-11-14 17:12:58 144,792 ----a-w c:\windows\system32\java.exe
+ 2008-11-10 11:43:37 144,792 ----a-w c:\windows\system32\java.exe
- 2008-11-14 17:12:58 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-10 11:43:38 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-11-14 17:12:58 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-10 11:43:39 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 02:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 07:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-18 12:44:57 617,996 ----a-w c:\windows\system32\Restore\rstrlog.dat
- 2004-08-04 08:56:46 151,552 ----a-w c:\windows\system32\scrrun.dll
+ 2008-05-09 10:53:40 172,032 ----a-w c:\windows\system32\scrrun.dll
- 2007-07-27 16:41:40 16,760 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:38 60,416 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-19 03:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-19 09:08:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7ac.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-18 2304960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="c:\windows\system32\nwiz.exe" [2003-10-06 741376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 50688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Trend Micro AntiVirus 2007"="c:\program files\Trend Micro\AntiVirus 2007\tavui.exe" [2008-05-08 4613384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

c:\documents and settings\The Dodd Family\Start Menu\Programs\Startup\
p2pmax.lnk - c:\program files\p2pmax\p2pmax.exe [2008-12-01 10240]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-22 344064]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-04-18 157008]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-22 113664]
KODAK Picture Transfer Software.lnk - c:\program files\Kodak\KODAK Picture Transfer Software\pts.exe [2008-07-31 737280]
KODAK Software Updater.lnk - c:\program files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2008-07-31 16384]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-17 528384]
Quicken Scheduled Updates.lnk - d:\quickenw\bagent.exe [2003-07-29 57344]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-22 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\4c45f074511]
2008-12-14 18:35 135168 c:\windows\system32\d3d832.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-14 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe [2007-01-10 566872]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2011-04-20 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2011-04-20 545088]
S2 mrtRate;mrtRate; []
.
Contents of the 'Scheduled Tasks' folder

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\tmlsp.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 08:04:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\windows\System32\d3d832.dll

- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\tmlsp.dll
.
Completion time: 2008-12-20 8:05:51
ComboFix-quarantined-files.txt 2008-12-20 14:05:38
ComboFix2.txt 2008-12-15 22:45:24
ComboFix3.txt 2008-11-14 15:11:30

Pre-Run: 112,611,393,536 bytes free
Post-Run: 112,739,880,960 bytes free

449 --- E O F --- 2008-12-19 09:01:38






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:21:25, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\QUICKENW\bagent.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208558859556
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O17 - HKLM\System\CS1\Services\Tcpip\..\{213496DF-AB0D-46D2-87F7-E717062B344D}: NameServer = 68.87.72.130,68.87.77.130
O20 - Winlogon Notify: 4c45f074511 - C:\WINDOWS\System32\d3d832.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)

--
End of file - 9285 bytes

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:33 PM

Posted 20 December 2008 - 04:22 PM

Hi please follow the instructions in my last post. http://www.bleepingcomputer.com/forums/ind...t&p=1052340
Make sure to create the CF script text file and then drag it onto the Combofix icon.
Post the Combofix log that appears please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 firefightertom

firefightertom
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Springfield Illinois
  • Local time:06:33 PM

Posted 21 December 2008 - 12:05 AM

Here is the combofix log I wasnt sure if you wanted a hijack log also.



ComboFix 08-12-15.01 - The Dodd Family 2008-12-20 21:07:25.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.388 [GMT -6:00]
Running from: c:\documents and settings\The Dodd Family\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\The Dodd Family\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\program files\Trend Micro\HijackThis\backups\backup-20080425-153001-984.dll
c:\windows\system32\d3d832.dll
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\p2pmax
c:\program files\p2pmax\p2pmax.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20080425-153001-984.dll
c:\windows\system32\__c007FE79.dat
c:\windows\system32\d3d832.dll
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

.
((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2011-04-21 11:05 . 1999-05-07 12:24 645,616 --a------ c:\windows\system32\MSCOMCT2.OCX
2011-04-21 11:05 . 2000-03-23 11:50 446,464 -ra------ c:\windows\system32\hhactivex.dll
2011-04-21 11:05 . 1999-05-07 12:24 414,944 --a------ c:\windows\system32\COMCT332.OCX
2011-04-21 11:05 . 1998-11-10 09:46 328,480 --a------ c:\windows\system32\ssa3d30.ocx
2011-04-21 11:05 . 2002-01-08 16:00 176,128 --a------ c:\windows\system32\RcdScan.dll
2011-04-21 11:05 . 1998-09-24 11:03 171,967 --a------ c:\windows\system32\Odbcjet.hlp
2011-04-21 11:05 . 1998-06-17 22:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2011-04-21 11:05 . 2001-08-22 07:42 13,632 --a------ c:\windows\system32\drivers\omci.sys
2011-04-21 11:05 . 1998-09-24 11:03 7,348 --a------ c:\windows\system32\Odbcjet.cnt
2011-04-21 08:38 . 2008-11-14 13:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2011-04-20 19:50 . 2011-04-20 19:50 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Logitech
2011-04-20 19:48 . 2005-08-04 02:42 1,060,864 --a------ c:\windows\system32\MFC71.dll
2011-04-20 19:48 . 2005-08-04 02:42 1,047,552 --a------ c:\windows\system32\MFC71u.dll
2011-04-20 19:48 . 2005-08-04 02:42 499,712 --a------ c:\windows\system32\msvcp71.dll
2011-04-20 19:48 . 2005-08-04 02:42 348,160 --a------ c:\windows\system32\msvcr71.dll
2011-04-20 19:48 . 2005-08-04 02:42 258,352 --a------ c:\windows\system32\unicows.dll
2011-04-20 19:48 . 2005-08-04 02:42 89,088 --a------ c:\windows\system32\atl71.dll
2011-04-20 17:21 . 2008-04-13 12:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2011-04-20 17:21 . 2008-04-13 13:19 146,048 --a------ c:\windows\system32\drivers\portcls.sys
2011-04-20 17:21 . 2008-04-13 10:39 142,592 --a------ c:\windows\system32\drivers\aec.sys
2011-04-20 17:21 . 2008-04-13 13:17 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2011-04-20 17:21 . 2008-04-13 13:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2011-04-20 17:21 . 2008-04-13 12:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2011-04-20 17:21 . 2008-04-13 12:45 56,576 --a------ c:\windows\system32\drivers\swmidi.sys
2011-04-20 17:21 . 2008-04-13 12:45 52,864 --a------ c:\windows\system32\drivers\dmusic.sys
2011-04-20 17:21 . 2008-04-13 12:45 10,624 --a------ c:\windows\system32\drivers\gameenum.sys
2011-04-20 17:21 . 2008-04-13 12:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2011-04-20 17:21 . 2008-04-13 12:45 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2011-04-20 17:20 . 2011-04-20 17:21 <DIR> d-------- c:\windows\tbcdata
2011-04-20 17:20 . 2011-04-20 17:20 <DIR> d-------- c:\program files\Turtle Beach
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a--c--- c:\windows\system32\dllcache\a3d.dll
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a------ c:\windows\system32\Audio3D.dll
2011-04-20 17:20 . 2002-04-03 10:42 720,896 --a------ c:\windows\system32\a3d.dll
2011-04-20 17:20 . 2002-04-03 10:51 545,088 --a------ c:\windows\system32\drivers\tbcwdm.sys
2011-04-20 17:20 . 2002-04-03 10:51 425,472 --a------ c:\windows\system32\tbclang.dll
2011-04-20 17:20 . 2002-04-03 10:47 290,816 --a------ c:\windows\system32\tbctray.exe
2011-04-20 17:20 . 2002-04-03 10:47 155,648 --a------ c:\windows\system32\tbccpnl.cpl
2011-04-20 17:20 . 2002-04-03 10:51 144,768 --a------ c:\windows\system32\drivers\tbcspud.sys
2011-04-20 17:20 . 2002-04-03 10:48 4,224 --a------ c:\windows\system32\drivers\tbcos.sys
2011-04-20 17:20 . 2011-04-20 17:20 12 --a------ c:\windows\WinInit.INI
2011-04-20 15:47 . 2008-12-09 23:09 116 --a------ c:\windows\NeroDigital.ini
2011-04-20 15:40 . 2001-08-17 12:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2011-04-20 15:40 . 2001-08-17 12:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2011-04-20 15:40 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2011-04-19 15:25 . 2011-04-19 15:25 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\AltrixSoft
2008-12-20 22:55 . 2008-12-20 22:55 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-20 22:55 . 2008-12-20 22:55 1,409 --a------ c:\windows\QTFont.for
2008-12-20 08:50 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-12-20 03:34 . 2008-12-20 03:34 373,760 --ahs---- c:\windows\system32\41.tmp
2008-12-18 06:23 . 2008-12-18 06:23 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-12-18 01:26 . 2008-12-20 08:51 775,168 --a------ c:\windows\isRS-000.tmp
2008-12-18 01:25 . 2008-12-18 01:25 <DIR> d-------- c:\program files\Webroot
2008-12-18 01:25 . 2008-12-18 01:25 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Webroot
2008-12-18 01:25 . 2008-12-20 08:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-12-17 10:03 . 2008-12-17 10:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 10:03 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 10:03 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-16 03:00 . 2008-12-18 03:01 1,393 --a------ c:\windows\imsins.BAK
2008-12-14 13:22 . 2008-12-14 13:22 <DIR> d-------- C:\_OTScanIt
2008-12-11 14:19 . 2008-04-23 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-11 14:19 . 2008-12-20 09:57 <DIR> d-------- c:\documents and settings\Administrator
2008-12-11 12:55 . 2008-12-11 12:57 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-11 12:55 . 2008-12-15 17:37 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 23:02 . 2008-12-09 23:02 373,760 --ahs---- c:\windows\system32\4432.tmp
2008-12-09 22:52 . 2008-12-09 22:52 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\CyberLink
2008-12-09 22:52 . 2008-12-09 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-09 20:49 . 2008-12-09 21:22 <DIR> d-------- c:\program files\PFConfig
2008-12-09 20:40 . 2008-12-10 00:19 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\uTorrent
2008-12-09 18:43 . 2008-12-09 18:43 <DIR> d-------- c:\program files\Usability Sciences
2008-12-09 18:43 . 2008-04-15 05:58 91,520 --a------ c:\windows\system32\WebIQEngineSetup.exe
2008-12-02 10:11 . 2008-12-02 10:11 673,280 --a------ c:\windows\system32\nsk4428.dll
2008-11-29 13:39 . 2008-11-29 13:39 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Windows Search
2008-11-29 13:36 . 2008-11-29 13:36 <DIR> d-------- c:\program files\CONEXANT
2008-11-29 13:22 . 2008-11-29 13:22 <DIR> d-------- c:\documents and settings\The Dodd Family\Application Data\Windows Desktop Search
2008-11-29 13:21 . 2008-11-29 13:21 <DIR> d-------- c:\program files\Windows Desktop Search
2008-11-29 13:20 . 2008-11-29 13:20 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-11-29 13:19 . 2008-03-07 11:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-11-29 13:19 . 2008-03-07 11:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-11-29 13:19 . 2008-03-07 11:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-11-29 13:18 . 2008-11-29 13:18 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-29 13:14 . 2008-12-09 23:02 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-29 13:14 . 2008-11-29 13:16 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-29 13:12 . 2008-11-29 13:12 <DIR> d-------- c:\windows\system32\URTTEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 23:21 --------- d-----w c:\program files\Common Files\Voyetra
2008-12-21 02:48 --------- d-----w c:\program files\Trend Micro
2008-12-21 02:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2008-12-20 14:49 164 ----a-w C:\install.dat
2008-12-18 12:42 --------- d-----w c:\program files\PhoneTools
2008-12-18 05:13 --------- d-----w c:\program files\Java
2008-12-11 14:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 17:21 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll
2008-11-17 20:03 --------- d-----w c:\program files\Common Files\Logitech
2008-11-17 20:02 --------- d-----w c:\program files\Logitech
2008-11-14 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-14 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 20:00 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-14 19:43 --------- d-----w c:\program files\Norton Internet Security
2008-11-14 19:43 --------- d-----w c:\documents and settings\The Dodd Family\Application Data\Symantec
2008-11-14 16:19 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 05:13 318,976 --sha-w c:\windows\system32\81.tmp
2008-11-12 22:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 22:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 22:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-11-12 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-12 05:39 --------- d-----w c:\program files\Lavasoft
2008-11-12 05:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-11 23:32 318,976 --sha-w c:\windows\system32\22.tmp
2008-11-11 00:09 318,976 --sha-w c:\windows\system32\6CB.tmp
2008-11-10 11:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-10 01:47 318,976 --sha-w c:\windows\system32\E2.tmp
2008-11-09 03:29 318,976 --sha-w c:\windows\system32\4E.tmp
2008-11-05 20:00 --------- d-----w c:\documents and settings\The Dodd Family\Application Data\ClickFreeBackup
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( snapshot_2008-12-20_ 8.04.57.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-20 14:50:57 10,134 ----a-r c:\windows\Installer\{32343DB6-9A52-40C9-87E4-5E7C79791C87}\ARPPRODUCTICON.exe
+ 2008-12-20 14:50:42 10,134 ----a-r c:\windows\Installer\{3F5B6210-0903-4DC6-8034-8F488AA3A782}\ARPPRODUCTICON.exe
- 2008-12-18 09:07:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-21 02:50:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-18 09:07:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-21 02:50:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-18 09:07:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-21 02:50:01 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-20 13:53:56 1,531 --sha-w c:\windows\system32\GroupPolicy000.dat
+ 2008-12-21 02:51:29 1,584 --sha-w c:\windows\system32\GroupPolicy000.dat
+ 2003-04-18 22:46:22 1,233,920 ----a-w c:\windows\system32\msxml4.dll
+ 2003-04-18 22:29:26 82,432 ----a-w c:\windows\system32\msxml4r.dll
+ 2008-11-12 22:02:12 16,240 ----a-w c:\windows\system32\SsiEfr.exe
+ 2008-11-12 22:02:20 31,088 ----a-w c:\windows\system32\wrLZMA.dll
+ 2008-12-21 03:12:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7b8.dat
+ 2008-12-21 04:55:15 3,746 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
+ 2008-12-21 04:55:15 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
+ 2008-12-21 04:55:15 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
+ 2008-12-21 04:55:15 4,858 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-1343024091-484763869-725345543-1004.dat
+ 2008-12-21 04:55:15 4,460 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-1343024091-484763869-725345543-500.dat
+ 2008-12-20 14:50:54 1,233,920 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-12-20 14:50:54 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-18 2304960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="c:\windows\system32\nwiz.exe" [2003-10-06 741376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 50688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

c:\documents and settings\The Dodd Family\Start Menu\Programs\Startup\
p2pmax.lnk - c:\qoobox\Quarantine\C\Program Files\p2pmax\p2pmax.exe.vir [2008-12-01 10240]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-22 344064]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-04-18 157008]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-22 113664]
KODAK Picture Transfer Software.lnk - c:\program files\Kodak\KODAK Picture Transfer Software\pts.exe [2008-07-31 737280]
KODAK Software Updater.lnk - c:\program files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2008-07-31 16384]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-17 528384]
Quicken Scheduled Updates.lnk - d:\quickenw\bagent.exe [2003-07-29 57344]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-22 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-11-12 29808]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-12-20 1086840]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2011-04-20 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2011-04-20 545088]
S2 mrtRate;mrtRate; []
.
Contents of the 'Scheduled Tasks' folder

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-20 c:\windows\Tasks\wrSpySweeper_L8ACAA3766AD44E2D99F63E50AA4A5FDE.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2008-12-20 c:\windows\Tasks\wrSpySweeper_L8ACAA3766AD44E2D99F63E50AA4A5FDE.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2008-12-20 c:\windows\Tasks\wrSpySweeper_L8ACAA3766AD44E2D99F63E50AA4A5FDE.job
- a:\","c:\","d:\","e:\","f:\","h:\" []
.
- - - - ORPHANS REMOVED - - - -

Notify-4c45f074511 - c:\windows\system32\d3d832.dll
Notify-__c007FE79 - c:\windows\system32\__c007FE79.dat


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 22:55:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\system32\drivers\dcfssvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\progra~1\Webshots\Webshots.scr
c:\program files\Webroot\WebrootSecurity\SSU.exe
.
**************************************************************************
.
Completion time: 2008-12-20 22:58:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-21 04:58:33
ComboFix2.txt 2008-12-20 14:05:54
ComboFix3.txt 2008-12-15 22:45:24
ComboFix4.txt 2008-11-14 15:11:30

Pre-Run: 112,736,387,072 bytes free
Post-Run: 112,806,961,152 bytes free

317 --- E O F --- 2008-12-19 09:01:38

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:33 PM

Posted 21 December 2008 - 08:17 AM

Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe


Now click on Fix Checked and then close Hijackthis.
============================
After that let me knoow how it is running?
And also post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users