Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Watched emailed video now have all kind of hurt...


  • Please log in to reply
7 replies to this topic

#1 Rowman25

Rowman25

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 July 2009 - 09:21 AM

Hi. I could use some help! My computer has been not functioning properly since I clicked te link for an emailed video (I know that's a no no) so I think that's the cause. The computer is running dirt slow, takes about 25 minutes to start up and Norton keeps giving notification of blocking threats from unknown source, folders ake about a minute to open, and the hd has constant activity. There is also a bnch of notifications of Norton blocking processes who's targets are files in my norton program folder, my eudora folder, and my internet explorer folder.

I have run Norton Internet Securty, AVG 8.5, adaware, and Spybot Searchand Destroy (in both regular and safemode) and nothing is detected. I tried to use Nortons utility to upload my root kit for analisys bt everytime I do thetere is an error and the output length is 0 bytes.

Please help!~

Here is myDDS file and I have zipped andattached attach.txt

Thanks in advance!





DDS (Ver_09-06-26.01) - NTFSx86
Run by Kevin W at 0:47:03.20 on Wed 07/01/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.missionbayaquaticcenter.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRunOnce: [<NO NAME>] c:\program files\internet explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servlet/P...000100.00000315
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobe version cue cs3\server\bin\VersionCueCS3Tray.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: cnn.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/leads/cabs/as2stubie.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - hxxp://www.nanoscan.com/as/cabs/ascstubie.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146983067609
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187332329234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-29 19:21 0 a------- C:\BOOT.DAT
2009-06-29 19:20 14,439 a------- C:\all_boot.exe
2009-06-25 10:46 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-23 20:59 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-23 20:08 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-23 20:08 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-23 20:08 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 20:08 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-23 20:07 <DIR> --d----- c:\program files\AVG
2009-06-23 20:07 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\avg8
2009-06-23 17:44 15,088 a------- c:\windows\system32\drivers\vproeventmonitor.sys
2009-06-23 17:43 38,112 a------- c:\windows\system32\drivers\v2imount.sys
2009-06-23 17:43 138,080 a------- c:\windows\system32\drivers\symsnap.sys
2009-06-23 17:42 <DIR> --d----- c:\program files\Norton Ghost
2009-06-23 17:26 <DIR> a-d----- c:\program files\Norton Support
2009-06-23 17:21 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-23 17:21 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-23 17:21 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-23 17:21 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-23 17:20 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-06-23 17:20 <DIR> --d----- c:\program files\Norton Internet Security
2009-06-23 17:19 <DIR> --d----- c:\program files\NortonInstaller
2009-06-23 16:08 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-21 15:10 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-09 22:57 1,355 a------- c:\windows\imsins.BAK
2009-06-07 09:08 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SecTaskMan

==================== Find3M ====================

2009-06-30 23:48 2,644 a------- c:\windows\system32\d3d9caps.dat
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-01 12:00 186,960 ac------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-28 00:35 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-21 00:33 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-05-15 13:04 53,240 -------- c:\windows\system32\drivers\mozy.sys
2009-05-10 23:25 401,720 a------- C:\HiJackThis.exe
2009-05-07 08:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 21:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 21:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 21:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 21:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 21:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 21:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2003-11-10 21:26 271 ac-sh--- c:\program files\desktop.ini
2003-11-10 21:26 23,357 ac--h--- c:\program files\folder.htt
2002-07-26 17:02 153,088 a------- c:\program files\UNWISE.EXE

============= FINISH: 0:50:37.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,648 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:52 PM

Posted 05 July 2009 - 03:30 PM

hi Rowman25,

Sorry for delay, no shortage of posters. Your log is several days old, if you still need help with malware reply to my post.

How Can I Reduce My Risk to Malware?


#3 Rowman25

Rowman25
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 05 July 2009 - 04:12 PM

Yes please. It took 7 minutes to get iexplore open to see you post. Thnanks.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,648 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:52 PM

Posted 05 July 2009 - 06:45 PM

ok. Looks like you have tried Malwarebytes and Superantispyware also.
We will use Combofix. There is a guide to read first. Read through the guide, download combofix to your desktop, disable any Antivirus or anti-malware that may be running as expalined in the guide, double click the icon and follow the prompts. Post the combofix log in your reply. Might be helpful to actually read it on another machine if thats possible and then just do the downloading on the machine that has the malware on it.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#5 Rowman25

Rowman25
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 06 July 2009 - 01:08 AM

Here is the combofix log... Thanks.

ComboFix 09-07-05.01 - Kevin W 07/05/2009 22:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1242 [GMT -7:00]
Running from: c:\documents and settings\Kevin W\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\all_boot.exe
c:\recycled\NPROTECT
c:\windows\command
c:\windows\Installer\14f45086.msp
c:\windows\Installer\14f45088.msp
c:\windows\Installer\14f4508a.msp
c:\windows\Installer\28a38d9.msp
c:\windows\Installer\28a38db.msp
c:\windows\Installer\28a38dd.msp
c:\windows\Installer\2dbd0e8.msp
c:\windows\Installer\2dbd0ea.msp
c:\windows\Installer\2dbd0ec.msp
c:\windows\Installer\2dbd0ee.msp
c:\windows\Installer\2dbd0f0.msp
c:\windows\Installer\2dbd0f2.msp
c:\windows\Installer\4d09a.msp
c:\windows\Installer\4d09c.msp
c:\windows\Installer\4d09e.msp
c:\windows\Installer\5022a.msp
c:\windows\Installer\5022c.msp
c:\windows\Installer\5022e.msp
c:\windows\Installer\57635.msi
c:\windows\Installer\6317f83.msp
c:\windows\Installer\7c3ef58.msi
c:\windows\Installer\97785.msp
c:\windows\Installer\9c097.msp
c:\windows\Installer\a5e7a.msp
c:\windows\Installer\a5e7c.msp
c:\windows\Installer\a5e7e.msp
c:\windows\Installer\a86e83d.msp
c:\windows\Installer\a96d5b1.msp
c:\windows\Installer\a96d5b3.msp
c:\windows\Installer\a96d5b5.msp
c:\windows\Installer\be4e96f.msp
c:\windows\Installer\be4e971.msp
c:\windows\Installer\be4e973.msp
c:\windows\Installer\Norton_Ghost_14.0_SP4_Patch.msp
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\mdm.exe
c:\windows\system32\tmpPrst.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-05 23:12 . 2009-06-23 08:00 89104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVENG.SYS
2009-07-05 23:12 . 2009-06-23 08:00 876144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVEX15.SYS
2009-07-05 23:12 . 2009-06-23 08:00 177520 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVENG32.DLL
2009-07-05 23:12 . 2009-06-23 08:00 1181040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVEX32A.DLL
2009-07-05 23:12 . 2009-06-23 08:00 371248 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\EECTRL.SYS
2009-07-05 23:12 . 2009-06-23 08:00 259368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\ECMSVR32.DLL
2009-07-05 23:12 . 2009-06-23 08:00 2414128 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\CCERASER.DLL
2009-07-05 23:12 . 2009-06-23 08:00 101936 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\ERASER.SYS
2009-07-03 05:24 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-03 05:24 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-03 05:23 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2009-07-03 05:23 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-07-03 05:22 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-07-03 05:21 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-07-03 05:21 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-07-03 05:21 . 2008-04-14 00:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-07-03 05:21 . 2008-04-13 18:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2009-07-03 05:20 . 2008-04-13 18:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2009-07-03 05:20 . 2008-04-13 18:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys
2009-07-03 05:20 . 2008-04-13 18:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys
2009-07-03 05:19 . 2008-04-13 18:45 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-07-03 05:19 . 2008-04-13 18:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2009-07-03 05:19 . 2008-04-14 00:12 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2009-07-03 05:19 . 2008-04-14 00:12 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2009-07-03 05:18 . 2008-04-13 18:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2009-07-03 05:18 . 2008-04-13 18:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2009-07-03 05:18 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2009-07-03 05:18 . 2008-04-13 18:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2009-07-03 05:18 . 2008-04-13 18:40 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2009-07-03 05:17 . 2008-04-14 00:10 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
2009-07-03 05:17 . 2008-04-13 18:44 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys
2009-07-03 05:17 . 2008-04-14 00:10 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll
2009-07-03 05:17 . 2008-04-13 18:44 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys
2009-07-03 05:15 . 2008-04-13 18:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2009-07-03 05:14 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2009-07-03 05:14 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2009-07-03 05:13 . 2008-04-13 18:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2009-07-03 05:13 . 2008-04-13 18:40 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys
2009-07-03 05:13 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-07-03 05:12 . 2008-04-14 00:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2009-07-03 05:12 . 2008-04-14 00:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2009-07-03 05:12 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-07-03 05:12 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2009-07-03 05:12 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2009-07-03 05:12 . 2008-04-13 18:54 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2009-07-03 05:12 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\dllcache\intelide.sys
2009-07-03 05:10 . 2008-04-14 00:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2009-07-03 05:10 . 2008-04-13 18:41 18560 ----a-w- c:\windows\system32\dllcache\i2omp.sys
2009-07-03 05:10 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys
2009-07-03 05:10 . 2003-03-31 12:00 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-07-03 05:08 . 2003-03-31 12:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-07-03 05:07 . 2008-04-13 18:36 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys
2009-07-03 05:06 . 2008-04-13 18:40 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
2009-07-03 05:06 . 2008-04-13 18:45 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2009-07-03 05:06 . 2008-04-13 18:45 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys
2009-07-03 05:04 . 2009-07-03 06:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-07-03 05:04 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2009-07-03 05:03 . 2008-04-13 18:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys
2009-07-03 05:01 . 2008-04-14 00:11 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll
2009-07-03 05:01 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys
2009-07-03 05:01 . 2008-04-13 18:36 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys
2009-07-03 05:00 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2009-07-03 04:59 . 2008-04-14 00:11 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll
2009-07-03 04:56 . 2008-04-13 18:36 14208 ----a-w- c:\windows\system32\dllcache\battc.sys
2009-07-03 04:56 . 2008-04-13 18:46 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys
2009-07-03 04:53 . 2008-04-13 18:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2009-07-02 00:54 . 2009-07-02 00:54 -------- d-----w- C:\1fddc88ff0e18f49e1a727486f4cd90f
2009-07-01 06:48 . 2009-07-01 06:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Games
2009-06-30 21:35 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-30 21:35 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 21:35 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 21:35 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 21:35 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-30 02:21 . 2009-07-01 06:30 0 ----a-w- C:\BOOT.DAT
2009-06-25 17:46 . 2009-03-12 08:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-24 05:07 . 2009-06-24 05:07 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\Symantec_Corporation
2009-06-24 03:59 . 2009-07-05 19:59 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-24 03:27 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 03:27 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.sys
2009-06-24 03:27 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 03:27 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 03:27 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvia64.sys
2009-06-24 03:08 . 2009-06-24 03:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 03:08 . 2009-06-24 03:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-24 03:08 . 2009-06-24 03:08 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 03:08 . 2009-06-24 03:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 03:08 . 2009-07-06 01:44 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-24 03:07 . 2009-06-24 03:07 -------- d-----w- c:\program files\AVG
2009-06-24 03:07 . 2009-06-24 03:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-06-24 00:44 . 2009-06-24 00:44 1929 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan\icn_3475520BB5615DB4D88A73FD9B390041.dll
2009-06-24 00:44 . 2008-01-20 02:40 15088 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-06-24 00:43 . 2008-08-14 00:07 38112 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-06-24 00:43 . 2008-08-08 00:31 138080 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-06-24 00:42 . 2009-06-24 01:38 -------- d-----w- c:\program files\Norton Ghost
2009-06-24 00:26 . 2009-06-24 00:26 -------- d---a-w- c:\program files\Norton Support
2009-06-24 00:21 . 2009-06-24 05:42 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 00:21 . 2009-06-24 05:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-24 00:20 . 2009-06-24 00:20 1294680 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-24 00:20 . 2009-06-24 00:20 136840 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-24 00:20 . 2009-06-24 00:20 796016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-24 00:20 . 2009-06-27 01:32 -------- d-----w- c:\windows\system32\drivers\NIS
2009-06-24 00:20 . 2009-06-24 00:20 -------- d-----w- c:\program files\Norton Internet Security
2009-06-24 00:20 . 2009-06-24 00:20 -------- d-----w- c:\program files\Windows Sidebar
2009-06-24 00:19 . 2009-06-24 00:19 -------- d-----w- c:\program files\NortonInstaller
2009-06-23 23:08 . 2009-06-23 23:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-21 22:10 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-16 21:14 . 2009-06-16 21:15 3710 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan\icn_F6CAE87C37A7E2541843BD2B61C5A586.dll
2009-06-16 21:14 . 2009-06-16 21:14 1189 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan\icn_8C82BBDDAA2B1A54D8EC50A9975890BF.dll
2009-06-16 21:14 . 2009-06-16 21:14 2429 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan\icn_556106D545D648345BC271CE3558BFDB.dll
2009-06-16 21:14 . 2009-06-16 21:14 1260 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan\icn_079F5538D106D2447AB9D1D74B2FC4DA.dll
2009-06-14 02:23 . 2009-06-14 02:23 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 15:16 . 2009-06-10 15:16 152576 ----a-w- c:\documents and settings\Kevin W\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-07 16:10 . 2009-02-09 12:10 617472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan\_entreelist.dll
2009-06-07 16:10 . 2009-02-09 12:10 714752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan\_enviewlist.dll
2009-06-07 16:08 . 2009-07-01 06:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SecTaskMan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 21:58 . 2009-01-06 05:35 -------- d-----w- c:\documents and settings\Kevin W\Application Data\WTablet
2009-07-05 21:57 . 2009-05-11 02:31 -------- d-----w- c:\program files\LogMeIn
2009-07-05 00:27 . 2009-01-15 06:53 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2009-07-03 05:39 . 2008-01-02 03:07 -------- d-----w- c:\program files\iPod To Computer Transfer
2009-07-03 05:12 . 2006-05-07 06:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-07-03 05:04 . 2003-11-11 15:16 -------- d-----w- c:\program files\Yahoo!
2009-07-02 14:13 . 2009-03-04 05:21 -------- d-----w- c:\documents and settings\Michelle\Application Data\WTablet
2009-07-01 08:04 . 2009-06-18 07:35 2352968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-01 08:04 . 2009-06-18 07:35 629072 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-01 08:04 . 2009-06-18 07:35 520024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-01 08:04 . 2009-06-18 07:35 1029456 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-01 06:48 . 2006-07-19 14:46 2644 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-24 05:43 . 2006-05-07 08:26 -------- d-----w- c:\program files\Symantec
2009-06-24 05:42 . 2009-06-24 00:21 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-24 05:42 . 2009-06-24 00:21 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-24 04:52 . 2006-05-08 06:28 186960 -c--a-w- c:\documents and settings\Michelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 02:45 . 2006-05-07 07:40 -------- d-----w- c:\documents and settings\Kevin W\Application Data\Symantec
2009-06-24 01:38 . 2007-10-25 01:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-06-24 01:08 . 2008-08-27 06:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 01:08 . 2008-09-09 05:37 3561743 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-24 00:48 . 2003-11-11 04:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-24 00:20 . 2009-01-02 03:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2009-06-24 00:20 . 2009-01-02 03:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-06-23 23:51 . 2005-10-10 04:10 -------- d-----w- c:\program files\Security Task Manager
2009-06-17 18:27 . 2008-08-27 06:29 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 18:27 . 2008-08-27 06:29 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 02:35 . 2006-04-27 01:14 -------- d-----w- c:\program files\iTunes
2009-06-14 02:35 . 2007-07-06 18:33 -------- d-----w- c:\program files\Common Files\Apple
2009-06-14 02:35 . 2006-01-16 22:29 -------- d-----w- c:\program files\iPod
2009-06-14 02:31 . 2006-04-27 01:13 -------- d-----w- c:\program files\QuickTime
2009-06-10 15:21 . 2004-03-16 04:04 -------- d-----w- c:\program files\Java
2009-06-01 19:00 . 2007-07-11 14:04 186960 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-31 06:12 . 2008-07-18 07:35 -------- d-----w- c:\program files\BookSmart
2009-05-30 17:21 . 2006-07-30 20:16 -------- d-----w- c:\program files\InterActual
2009-05-30 17:16 . 2009-05-30 17:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Uninstall
2009-05-30 17:15 . 2009-05-30 16:47 -------- d-----w- c:\program files\Roxio
2009-05-30 17:15 . 2009-05-30 16:49 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-05-30 17:15 . 2009-05-30 16:48 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-05-30 17:14 . 2009-05-30 16:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Roxio
2009-05-30 16:57 . 2009-05-30 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sonic
2009-05-30 16:50 . 2006-04-13 00:26 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-05-30 16:46 . 2009-05-30 16:46 10134 ----a-r- c:\documents and settings\Kevin W\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-05-30 16:46 . 2009-05-30 16:46 10134 ----a-r- c:\documents and settings\Kevin W\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2009-05-28 07:35 . 2009-05-28 07:35 15688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-28 07:35 . 2009-05-21 14:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 04:26 . 2009-05-28 04:26 -------- d-----w- c:\program files\PC Wizard 2008
2009-05-21 18:33 . 2008-08-27 06:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 07:33 . 2009-05-21 07:34 64160 ------w- c:\windows\system32\drivers\Lbd.sys
2009-05-21 07:33 . 2009-05-21 07:33 64160 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-21 07:31 . 2005-05-10 15:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-21 07:29 . 2009-05-21 07:29 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-21 07:28 . 2004-04-06 04:49 -------- d-----w- c:\program files\Lavasoft
2009-05-21 07:27 . 2005-01-14 21:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-21 03:19 . 2009-05-21 03:19 152576 ----a-w- c:\documents and settings\Kevin W\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-21 02:20 . 2009-05-21 02:20 -------- d-----w- c:\program files\Microsoft
2009-05-18 23:14 . 2009-05-18 23:14 -------- d-----w- c:\program files\MozyHome
2009-05-15 20:04 . 2009-05-18 23:14 53240 ------w- c:\windows\system32\drivers\mozy.sys
2009-05-12 01:02 . 2009-05-12 00:59 -------- d-----w- c:\documents and settings\Kevin W\Application Data\ICAClient
2009-05-12 00:53 . 2009-05-12 00:53 -------- d-----w- c:\program files\Citrix
2009-05-11 06:25 . 2009-04-09 03:42 401720 ----a-w- C:\HiJackThis.exe
2009-05-11 05:37 . 2003-11-11 16:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-11 05:36 . 2009-01-06 04:54 -------- d-----w- c:\program files\Maxtor
2009-05-07 15:32 . 2003-03-31 19:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-02-24 21:26 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2003-03-31 19:00 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2003-11-11 04:26 . 2003-11-11 04:26 23357 -c-ha-w- c:\program files\folder.htt
2002-07-27 00:02 . 2008-06-18 03:38 153088 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 20:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 20:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-04-25 636088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-27 162328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-11-09 409600]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe" [2007-03-20 1884160]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-22 169312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2008-07-07 113136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-12-11 2245992]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]

c:\documents and settings\Boatshow\Start Menu\Programs\Startup\
CaptureWiz.lnk - c:\program files\CaptureWiz\Pro\CaptureWiz.exe [2005-12-30 1931264]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
CaptureWiz.lnk - c:\program files\CaptureWiz\Pro\CaptureWiz.exe [2005-12-30 1931264]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-7 110592]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-5-7 135680]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2006-01-09 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 03:08 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ------w- c:\windows\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\D:\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Gnoozle\\Gnoozle.exe"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Airlink101\\IPCamera\\AirLink101 IP Camera Setup Wizard.exe"=
"c:\\Program Files\\Airlink101\\IPView Pro\\IPView Pro.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7570:TCP"= 7570:TCP:BitComet 7570 TCP
"7570:UDP"= 7570:UDP:BitComet 7570 UDP
"54925:UDP"= 54925:UDP:Printer
"54926:TCP"= 54926:TCP:Printer 2
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"2222:UDP"= 2222:UDP:WEbsite Control panel
"81:TCP"= 81:TCP:Webcam
"81:UDP"= 81:UDP:Webcam2
"41952:TCP"= 41952:TCP:Tversity Port
"41952:UDP"= 41952:UDP:Tversity UDP

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/21/2009 12:34 AM 64160]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [6/21/2009 3:10 PM 28544]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\SymEFA.sys [6/23/2009 10:42 PM 310320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/23/2009 8:08 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/23/2009 8:08 PM 108552]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\BHDrvx86.sys [6/23/2009 10:42 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\cchpx86.sys [6/23/2009 10:40 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [6/30/2009 2:35 PM 276344]
R1 mozyFilter;mozyFilter;c:\windows\SYSTEM32\DRIVERS\mozy.sys [5/18/2009 4:14 PM 53240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/19/2008 11:34 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/19/2008 11:34 PM 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/23/2009 8:07 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [12/31/2008 12:59 PM 47640]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [6/23/2009 10:41 PM 115560]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\SYSTEM32\dllhost.exe [3/31/2003 12:00 PM 5120]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\SYSTEM32\Wacom_Tablet.exe [1/5/2009 10:35 PM 2749224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/4/2009 10:03 AM 101936]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1558000]
S3 .ne1394;.ne1394;c:\windows\SYSTEM32\DRIVERS\wadv09nt.sys [8/3/2004 10:29 PM 11871]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\SYSTEM32\DRIVERS\AtiHdmi.sys [8/23/2008 8:53 AM 93696]
S3 EraserUtilDrv10821;EraserUtilDrv10821;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\ndisprot.sys [11/22/2008 12:37 AM 27904]
S3 Nlasacrsndel;Nlasacrsndel; [x]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\SYSTEM32\DRIVERS\MarvinAVS.sys [6/17/2008 8:38 PM 434176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/19/2008 11:34 PM 7408]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\SYSTEM32\DRIVERS\wacmoumonitor.sys [1/5/2009 10:35 PM 15656]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Secddeerp;Secddeerp;c:\windows\SYSTEM32\DRIVERS\atinttxx.sys [8/3/2004 10:29 PM 13824]
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:05]

2009-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-07-06 c:\windows\Tasks\User_Feed_Synchronization-{0468998D-733D-4A66-AC31-A989C96DEB60}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.missionbayaquaticcenter.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cnn.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 22:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-562591055-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,82,30,95,8d,c2,
49,dd,bd,e2,63,26,f1,3f,c8,ff,68,22,44,2e,06,6b,1a,61,fd,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8c,9c,bc,3d,9a,
86,3c,79,6a,9c,d6,61,af,45,84,18,98,7e,7e,52,37,26,fc,17,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,02,27,4a,f5,e6,
1b,92,09,ff,7c,85,e0,43,d4,0e,fe,28,b4,32,3e,b0,72,6b,2d,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,21,08,1f,06,9b,
af,5e,c0,86,8c,21,01,be,91,eb,e7,96,aa,91,94,da,27,6c,33,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d9,62,94,38,d0,
90,d6,fb,f5,1d,4d,73,a8,13,5c,05,ba,c0,65,74,09,34,a6,93,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7c,95,2f,e8,92,
9e,23,6f,df,20,58,62,78,6b,cf,c8,ff,01,f0,86,10,31,67,db,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,81,0e,58,5b,da,
c1,9e,eb,fb,a7,78,e6,12,2f,9a,ea,a7,b6,97,7b,c9,bc,48,46,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f8,14,5f,20,db,b7,18,15,fb,e9,82,a8,25,d1,0c,d3,0c,92,4f,b7,6a,
f2,ce,2b,2a,d7,88,0e,26,c0,a7,06,1c,44,4d,80,10,3e,c4,4e,86,af,a0,07,4a,f0,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,6b,7b,4f,ea,e0,
c4,be,d8,01,3a,48,fc,e8,04,4a,f1,db,f6,15,07,b1,bd,39,2c,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,9b,b4,db,60,15,
e6,98,e0,f6,0f,4e,58,98,5b,89,c9,74,f8,9f,50,25,fa,a5,d3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,86,a6,0e,cd,4d,
7c,45,08,3d,ce,ea,26,2d,45,aa,78,cc,0f,8c,16,47,26,9a,5c,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,51,a6,93,69,42,
22,f7,a8,2a,b7,cc,b5,b9,7f,41,e7,1f,14,37,83,bf,a3,5d,0e,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,24,9a,04,a7,9a,
fb,4a,c3,6c,43,2d,1e,aa,22,2f,9c,f8,3a,38,1d,a2,1d,00,20,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f8,14,5f,20,db,b7,18,15,fb,e9,82,a8,25,d1,0c,d3,0c,92,4f,b7,6a,
f2,ce,2b,2a,d7,88,0e,26,c0,a7,06,1c,44,4d,80,10,3e,c4,4e,86,af,a0,07,4a,f0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-07-06 22:59
ComboFix-quarantined-files.txt 2009-07-06 05:59
ComboFix2.txt 2008-08-27 06:59

Pre-Run: 366,567,942,144 bytes free
Post-Run: 367,365,266,944 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7
505 --- E O F --- 2009-07-03 02:11

#6 shelf life

shelf life

  • Malware Response Team
  • 2,648 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:52 PM

Posted 06 July 2009 - 05:01 PM

ok thanks for the log. the good news is I dont see any malware in the combofix log. Please check MBAM for any updates, do a full scan and post its log

How Can I Reduce My Risk to Malware?


#7 Rowman25

Rowman25
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 14 July 2009 - 01:55 AM

I did what you said and nothing was found. I am on the mindset that I am having hardware failure on the MB. I had a couple of kernal_stack_errors that were leading to BSOD. The computer has the slowing prior to windows login and even in safemode. Other times, it works just fine. I'm just going to wait for a mb/cpu combo to be advertised at a good price and change it out. Hopefully that will resolve my issues. Thanks for your help.

#8 shelf life

shelf life

  • Malware Response Team
  • 2,648 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:52 PM

Posted 14 July 2009 - 07:18 PM

ok. good luck with it. I get my combo's from mwave.com:
they have free ground shipping and testing right now.

http://www.mwave.com/mwave/motherboard.hmx?

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users