strakats

The saga continues... I found out this desktop has a way to restore to the original factory default image. So I did that and all the problems went away except one. The OS continues to randomly freeze up which requires you to power down to reboot. When it freezes the cursor still moves but nothing responds to it, CTL+ALT+DEL does nothing, and if you click around enough you'll eventually get an endless beeeeeeep until you kill the power. It always chokes when downloading from Vuze or doing a Spybot S&D scan. But on the otherhand, you could be running nothing at all, leave the computer on over night and by morning it will be locked up. I though it was hardware releated so I dusted off the motherboard, verified the CPU fan was working, replaced the power supply, ran memory & CPU tests. I've run out of ideas. Let me know if you can think of anything else to try and if not, that's ok. I would just like to say, thank you very much for your time.

I think it's time to bite the bullet and fomat ye-ol-harddrive. I wouldn't mind so much but I don't think this PC came with a windows cd. Why don't they include the cd anymore. It's installed so I own a licence and shouldn't have to pay for another one...right?

This is really getting interesting now...followed your suggestion of disabling all startup processes and the problems still exist.

That wouldn't explain why I can use IE and get Malwarebytes updates in Safe Mode

Pretty sure all the problems I'm encountering are interrelated. Malwarebytes: When I Check for Updates the updating window opens but just sits there Connecting to malwarebyes.org. McAfee behaves the same way when trying to acquire updates. Java Install: When I run the install (jxpiinstall.exe) you briefly get an hourglass and that's it. Windows Task Manager shows the executable as an active process but nothing ever happens.

Whatever's got the hard drive churning away, like its being scanned, has got to be the culprit.

The pc also becomes unresponsive after sitting idle for while

Issues: IE won't load web pages Malware won't update Java install won't run Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee VirusScan Enterprise Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: HijackThis 2.0.2 Adobe Flash Player 10 `````````````````````````````` Process Check: objlist.exe by Laurent McAfee VirusScan Enterprise Mcshield.exe McAfee VirusScan Enterprise VsTskMgr.exe McAfee VirusScan Enterprise SHSTAT.EXE `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````

SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 21:22 on 07/10/2009 by straka (Administrator - Elevation successful) ========== filefind ========== Searching for "zwebauth.dll" C:\WINDOWS\system32\ZWebAuth.dll --a--c 16973 bytes [01:02 13/05/2006] [23:37 18/09/2001] A1CC9E1DB0840F4DB88AF99CB584971D -=End Of File=-

Also can't download updates from Malwarebytes application.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:21:07 AM, on 10/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9865 bytes

Internet Explorer still hangs but Foxfire works. Hard drive appears to be continuously churning away.

Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! McAfee VirusScan Enterprise Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware HijackThis 2.0.2 Java 6 Update 15 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.1.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````

Scanning Report Tuesday, October 6, 2009 20:56:58 - 21:48:34 Computer name: OFFICE Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ 17 malware found TrackingCookie.Questionmarket (spyware) * System (Disinfected) TrackingCookie.Advertising (spyware) * System (Disinfected) TrackingCookie.Atdmt (spyware) * System (Disinfected) TrackingCookie.Doubleclick (spyware) * System (Disinfected) Gen:Trojan.Heur.GM (spyware) * System (Disinfected) TrackingCookie.Revsci (spyware) * System (Disinfected) TrackingCookie.Mediaplex (spyware) * System (Disinfected) TrackingCookie.Atwola (spyware) * System (Disinfected) TrackingCookie.Yieldmanager (spyware) * System (Disinfected) Exploit.PDF-JS.Gen (virus) * C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted) Trojan.SWF.Dropper.Gen (virus) * C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted) Gen:Trojan.Heur.GM.5044800000 (virus) * C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMP\SHELL32.DLL (Not cleaned) Exploit.PDF-JS.Gen (virus) * C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted) Trojan.SWF.Dropper.Gen (virus) * C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted) Gen:Trojan.Heur.GM.5044800000 (virus) * C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMP\SHELL32.DLL (Renamed & Submitted) Exploit.PDF-JS.Gen (virus) * C:\DOCUMENTS AND SETTINGS\HELPASSISTANT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted) Trojan.SWF.Dropper.Gen (virus) * C:\DOCUMENTS AND SETTINGS\HELPASSISTANT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted) Statistics Scanned: * Files: 98618 * System: 4114 * Not scanned: 10 Actions: * Disinfected: 9 * Renamed: 7 * Deleted: 0 * Not cleaned: 1 * Submitted: 7 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD0797.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE Options Scanning engines: Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use advanced heuristics

ComboFix 09-10-06.03 - straka 10/06/2009 20:19.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.512 [GMT -5:00] Running from: c:\documents and settings\straka\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\straka\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Resident AV is active file zipped: c:\program files\Common Files\boteqygoki._sy file zipped: c:\windows\alyh.com file zipped: c:\windows\system32\butegyny.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\boteqygoki._sy c:\windows\alyh.com c:\windows\system32\butegyny.dat Infected copy of c:\windows\system32\drivers\dtscsi.sys was found and disinfected Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 ))))))))))))))))))))))))))))))) . 2009-10-04 16:02 . 2009-10-06 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-10-04 01:21 . 2009-10-04 01:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-10-04 00:33 . 2009-10-04 00:33 -------- d-----w- c:\program files\Trend Micro 2009-10-03 22:34 . 2009-10-03 22:34 -------- d-----w- c:\documents and settings\straka\Local Settings\Application Data\Mozilla 2009-10-03 20:53 . 2009-10-03 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\WINDOWS 2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\V-ONE 2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\UserData 2009-10-03 05:33 . 2008-03-18 01:50 421544 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\UDLL.dll 2009-10-03 05:33 . 2006-11-25 18:41 25600 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermptxp.sys 2009-10-03 05:33 . 2006-11-25 18:41 22768 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermpt.sys 2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Saved Games 2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\PrivacIE 2009-10-03 05:32 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\pool.bin 2009-10-03 05:29 . 2006-11-25 18:41 9232 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdfl.sys 2009-10-03 05:29 . 2006-11-25 18:41 92064 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdm.sys 2009-10-03 05:29 . 2006-11-25 18:41 79328 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmserd.sys 2009-10-03 05:29 . 2006-11-25 18:41 5936 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmwhnt.sys 2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.MFC 2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.CRT 2009-10-03 05:29 . 2006-11-25 18:41 66656 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmbus.sys 2009-10-03 05:29 . 2006-11-25 18:41 6208 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcmnt.sys 2009-10-03 05:29 . 2006-11-25 18:41 4048 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcr.sys 2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Logitech 2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Incomplete 2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IETldCache 2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IECompatCache 2009-10-03 05:12 . 2009-10-07 00:59 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000 2009-10-03 03:12 . 2009-10-03 03:12 -------- d-----w- c:\windows\system32\wbem\Repository 2009-10-03 03:10 . 2009-10-03 03:10 -------- d-----w- c:\program files\Common Files\xing shared 2009-10-03 02:20 . 2009-10-03 02:20 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\browser - logitech 2009-10-03 01:19 . 2009-10-03 03:01 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\.magicfix 2009-10-03 01:18 . 2009-10-03 03:03 -------- d-s---w- c:\documents and settings\HelpAssistant.OFFICE 2009-10-02 19:28 . 2009-10-03 03:07 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\V-ONE 2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\Saved Games 2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2009-10-02 19:28 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant\pool.bin 2009-10-02 19:22 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\Logitech 2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache 2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\browser - logitech 2009-10-02 19:05 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\.magicfix 2009-10-02 19:04 . 2009-10-03 03:09 -------- d-s---w- c:\documents and settings\HelpAssistant . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-07 00:48 . 2006-07-27 03:26 -------- d-----w- c:\program files\DynDNS Updater 2009-10-04 01:04 . 2009-09-05 22:08 -------- d-----w- c:\program files\Xobni 2009-10-03 20:53 . 2006-04-20 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Real 2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Common Files\Real 2009-09-28 03:19 . 2009-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks 2009-09-26 03:28 . 2006-04-05 00:47 -------- d-----w- c:\documents and settings\straka\Application Data\Azureus 2009-09-13 01:29 . 2009-09-13 01:29 14174 ----a-w- c:\documents and settings\straka\Application Data\aqyrora.dat 2009-09-13 01:25 . 2009-09-02 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 12:57 . 2009-08-07 01:46 -------- d-----w- c:\documents and settings\straka\Application Data\Juniper Networks 2009-09-11 23:41 . 2006-07-13 03:58 3662 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-09-11 23:22 . 2009-09-04 17:07 -------- d-----w- c:\documents and settings\straka\Application Data\mjusbsp 2009-09-10 19:54 . 2009-09-02 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 19:53 . 2009-09-02 03:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 22:24 . 2009-09-05 22:10 -------- d-----w- c:\documents and settings\straka\Application Data\VuzeStream 2009-09-05 22:11 . 2009-09-05 22:11 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-05 22:08 . 2009-09-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-09-05 22:07 . 2006-04-05 00:47 -------- d-----w- c:\program files\Azureus 2009-09-05 22:07 . 2009-09-05 22:07 -------- d-----w- c:\program files\AskBarDis 2009-09-04 22:03 . 2009-09-04 22:03 8 --sh--r- c:\windows\system32\57D60DA5E8.sys 2009-09-04 18:41 . 2009-09-04 18:41 -------- d-----w- c:\program files\Runtime Software 2009-09-03 02:13 . 2006-04-03 00:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-08-23 00:13 . 2007-01-15 20:10 -------- d-----w- c:\documents and settings\straka\Application Data\CoreFTP 2009-08-21 13:32 . 2006-04-13 02:04 108056 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\MSBuild 2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\Reference Assemblies 2009-08-21 00:25 . 2009-08-21 00:25 16442 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\vikyr.dat 2009-08-16 23:26 . 2006-04-03 00:53 -------- d-----w- c:\program files\Java 2009-08-15 23:00 . 2008-08-28 22:52 -------- d-----w- c:\program files\SopCast 2009-08-15 22:55 . 2008-08-07 22:45 -------- d-----w- c:\program files\TVAnts 2009-08-07 15:13 . 2006-08-30 12:33 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-07 00:24 . 2004-08-10 20:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-08-10 20:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2004-08-10 20:00 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-08-10 20:00 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-08-10 20:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-08-10 20:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-08-10 20:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-10 20:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-25 10:23 . 2008-12-21 14:29 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-10 20:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2006-04-06 23:29 . 2006-04-06 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot_2009-10-04_14.43.20 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-06 02:52 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2009-10-06 02:52 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2009-10-04 16:02 . 2009-10-04 16:02 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2004-08-10 20:00 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll + 2004-08-10 20:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-10 20:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll + 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2004-08-10 20:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2004-08-10 20:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2004-08-10 20:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2004-08-10 20:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\straka\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896] "FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "EPSON Stylus CX3800 Series on Office (from LENA-PC)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616] "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-03-09 86016] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "<NO NAME>"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\straka\\Application Data\\VuzeStream\\VuzeStream.exe"= "c:\\Documents and Settings\\straka\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "67:UDP"= 67:UDP:DHCP Discovery Service R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/5/2009 5:07 PM 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/5/2009 5:07 PM 234888] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/1/2009 10:32 PM 269648] R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [12/27/2007 4:39 PM 51816] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/10/2008 8:15 PM 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/1/2009 10:32 PM 19160] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [12/18/2008 5:56 PM 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [12/18/2008 5:56 PM 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [12/18/2008 5:56 PM 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [12/18/2008 5:56 PM 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [12/18/2008 5:56 PM 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [12/18/2008 5:56 PM 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [12/18/2008 5:56 PM 115752] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk Trusted Zone: turbotax.com Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://mydesktop.swacorp.com/dana-cached/sc/JuniperSetupClient.cab FF - ProfilePath - c:\documents and settings\straka\Application Data\Mozilla\Firefox\Profiles\voeznei8.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - plugin: c:\documents and settings\straka\Application Data\VuzeStream\NetscapePlugin1.0.2.9\npVuzeStream.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-06 20:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4068441832-866955680-4070757987-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a9,2f,79,61,21,af,1f,bb,ca,65,43,e7,03,fc,f8,e0,5a,30,5b,76,39,a0,08, 43,fd,db,33,9b,70,b9,25,42,3e,87,aa,4f,35,77,9c,ce,cc,20,d1,7d,38,98,22,8a,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . Completion time: 2009-10-07 20:30 ComboFix-quarantined-files.txt 2009-10-07 01:29 ComboFix2.txt 2009-10-04 14:46 ComboFix3.txt 2009-09-03 03:15 Pre-Run: 79,858,987,008 bytes free Post-Run: 79,832,088,576 bytes free 255 --- E O F --- 2009-09-10 08:04 Upload was successful

Chris, Will do when I get home from work today. Not sure where you find time to do this but thank you very much. Good luck with Fall semester!

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:37:09 AM, on 10/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9649 bytes

The problem still exists

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:37:09 AM, on 10/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9649 bytes

Malwarebytes' Anti-Malware 1.41 Database version: 2900 Windows 5.1.2600 Service Pack 3 10/4/2009 10:11:22 AM mbam-log-2009-10-04 (10-11-22).txt Scan type: Quick Scan Objects scanned: 193999 Time elapsed: 19 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

ComboFix 09-10-03.01 - straka 10/04/2009 9:31.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.506 [GMT -5:00] Running from: c:\documents and settings\straka\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\myce.reg c:\documents and settings\All Users\Application Data\qekorovic.dll c:\documents and settings\All Users\Documents\vifivi.sys c:\documents and settings\straka\Application Data\vutusale.bat c:\documents and settings\straka\Local Settings\Application Data\xawuxa.pif c:\program files\Common Files\usotase.pif c:\windows\subulynepo.exe c:\windows\system32\afuwenoge.dll c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\riwyb.dl c:\windows\Temp\tmp3.tmp c:\windows\tenek.sys c:\windows\yhimil.reg Infected copy of c:\windows\system32\drivers\dtscsi.sys was found and disinfected Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 ))))))))))))))))))))))))))))))) . 2009-10-04 01:21 . 2009-10-04 01:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-10-04 00:33 . 2009-10-04 00:33 -------- d-----w- c:\program files\Trend Micro 2009-10-03 22:34 . 2009-10-03 22:34 -------- d-----w- c:\documents and settings\straka\Local Settings\Application Data\Mozilla 2009-10-03 20:53 . 2009-10-03 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\WINDOWS 2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\V-ONE 2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\UserData 2009-10-03 05:33 . 2008-03-18 01:50 421544 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\UDLL.dll 2009-10-03 05:33 . 2006-11-25 18:41 25600 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermptxp.sys 2009-10-03 05:33 . 2006-11-25 18:41 22768 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermpt.sys 2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Saved Games 2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\PrivacIE 2009-10-03 05:32 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\pool.bin 2009-10-03 05:29 . 2006-11-25 18:41 9232 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdfl.sys 2009-10-03 05:29 . 2006-11-25 18:41 92064 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdm.sys 2009-10-03 05:29 . 2006-11-25 18:41 79328 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmserd.sys 2009-10-03 05:29 . 2006-11-25 18:41 5936 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmwhnt.sys 2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.MFC 2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.CRT 2009-10-03 05:29 . 2006-11-25 18:41 66656 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmbus.sys 2009-10-03 05:29 . 2006-11-25 18:41 6208 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcmnt.sys 2009-10-03 05:29 . 2006-11-25 18:41 4048 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcr.sys 2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Logitech 2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Incomplete 2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IETldCache 2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IECompatCache 2009-10-03 05:12 . 2009-10-04 14:30 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000 2009-10-03 03:12 . 2009-10-03 03:12 -------- d-----w- c:\windows\system32\wbem\Repository 2009-10-03 03:10 . 2009-10-03 03:10 -------- d-----w- c:\program files\Common Files\xing shared 2009-10-03 02:20 . 2009-10-03 02:20 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\browser - logitech 2009-10-03 01:19 . 2009-10-03 03:01 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\.magicfix 2009-10-03 01:18 . 2009-10-03 03:03 -------- d-s---w- c:\documents and settings\HelpAssistant.OFFICE 2009-10-02 19:28 . 2009-10-03 03:07 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\V-ONE 2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\Saved Games 2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2009-10-02 19:28 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant\pool.bin 2009-10-02 19:22 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\Logitech 2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache 2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\browser - logitech 2009-10-02 19:05 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\.magicfix 2009-10-02 19:04 . 2009-10-03 03:09 -------- d-s---w- c:\documents and settings\HelpAssistant 2009-09-13 01:29 . 2009-09-13 01:29 12934 ----a-w- c:\windows\system32\butegyny.dat 2009-09-13 01:29 . 2009-09-13 01:29 12887 ----a-w- c:\windows\alyh.com 2009-09-05 22:11 . 2009-09-05 22:11 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-05 22:10 . 2009-09-05 22:24 -------- d-----w- c:\documents and settings\straka\Application Data\VuzeStream 2009-09-05 22:08 . 2009-10-04 01:04 -------- d-----w- c:\program files\Xobni 2009-09-05 22:08 . 2009-09-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-09-05 22:07 . 2009-09-05 22:07 -------- d-----w- c:\program files\AskBarDis 2009-09-04 22:03 . 2009-09-04 22:03 8 --sh--r- c:\windows\system32\57D60DA5E8.sys 2009-09-04 18:41 . 2009-09-04 18:41 -------- d-----w- c:\program files\Runtime Software 2009-09-04 17:07 . 2009-09-11 23:22 -------- d-----w- c:\documents and settings\straka\Application Data\mjusbsp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-04 14:02 . 2006-07-27 03:26 -------- d-----w- c:\program files\DynDNS Updater 2009-10-03 20:53 . 2006-04-20 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Real 2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Common Files\Real 2009-09-28 03:19 . 2009-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks 2009-09-26 03:28 . 2006-04-05 00:47 -------- d-----w- c:\documents and settings\straka\Application Data\Azureus 2009-09-13 01:29 . 2009-09-13 01:29 14174 ----a-w- c:\documents and settings\straka\Application Data\aqyrora.dat 2009-09-13 01:29 . 2009-09-13 01:29 13353 ----a-w- c:\program files\Common Files\boteqygoki._sy 2009-09-13 01:25 . 2009-09-02 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 12:57 . 2009-08-07 01:46 -------- d-----w- c:\documents and settings\straka\Application Data\Juniper Networks 2009-09-11 23:41 . 2006-07-13 03:58 3662 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-09-10 19:54 . 2009-09-02 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 19:53 . 2009-09-02 03:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 22:07 . 2006-04-05 00:47 -------- d-----w- c:\program files\Azureus 2009-08-23 00:13 . 2007-01-15 20:10 -------- d-----w- c:\documents and settings\straka\Application Data\CoreFTP 2009-08-21 13:32 . 2006-04-13 02:04 108056 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\MSBuild 2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\Reference Assemblies 2009-08-21 00:25 . 2009-08-21 00:25 16442 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\vikyr.dat 2009-08-16 23:26 . 2006-04-03 00:53 -------- d-----w- c:\program files\Java 2009-08-15 23:00 . 2008-08-28 22:52 -------- d-----w- c:\program files\SopCast 2009-08-15 22:55 . 2008-08-07 22:45 -------- d-----w- c:\program files\TVAnts 2009-08-07 15:13 . 2006-08-30 12:33 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-07 01:43 . 2009-08-07 01:43 -------- d-----w- c:\program files\Citrix 2009-08-05 09:01 . 2004-08-10 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-10 20:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-25 10:23 . 2008-12-21 14:29 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-10 20:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2006-04-06 23:29 . 2006-04-06 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-03_03.11.55 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-10 20:00 . 2008-04-14 00:12 49152 c:\windows\system32\wdigest(2).dll + 2004-08-10 20:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32(2).dll + 2005-07-03 02:11 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll - 2004-08-10 20:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll + 2004-08-10 20:00 . 2007-08-14 00:01 48128 c:\windows\system32\mshtmler.dll - 2004-08-10 20:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe + 2004-08-10 20:00 . 2007-08-14 00:32 45568 c:\windows\system32\mshta.exe + 2007-08-14 00:36 . 2007-08-14 00:36 12288 c:\windows\system32\msfeedssync.exe + 2007-08-14 00:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll + 2004-08-10 20:00 . 2007-08-14 00:44 40960 c:\windows\system32\licmgr10.dll + 2004-08-10 20:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll + 2005-07-03 02:11 . 2007-08-14 00:39 92672 c:\windows\system32\inseng.dll + 2004-08-10 20:00 . 2007-08-14 00:36 36352 c:\windows\system32\imgutil.dll + 2004-08-10 20:00 . 2007-08-14 00:39 55296 c:\windows\system32\iesetup.dll + 2004-08-10 20:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll + 2009-08-23 16:17 . 2009-06-29 16:12 78336 c:\windows\system32\ieencode.dll + 2004-08-10 20:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe + 2007-08-14 00:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll + 2005-07-03 02:11 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll + 2004-08-10 20:00 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll - 2004-08-10 20:00 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll - 2004-08-10 20:00 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe + 2004-08-10 20:00 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe + 2007-11-20 03:19 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2004-08-10 20:00 . 2007-08-14 00:44 40960 c:\windows\system32\dllcache\licmgr10.dll + 2004-08-10 20:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll + 2005-07-03 02:11 . 2007-08-14 00:39 92672 c:\windows\system32\dllcache\inseng.dll + 2004-08-10 20:00 . 2007-08-14 00:36 36352 c:\windows\system32\dllcache\imgutil.dll + 2004-08-10 20:00 . 2007-08-14 00:39 55296 c:\windows\system32\dllcache\iesetup.dll + 2004-08-10 20:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll + 2009-08-23 16:17 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll + 2004-08-10 20:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2007-11-20 03:19 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll + 2004-08-10 20:00 . 2007-08-14 00:18 60416 c:\windows\system32\dllcache\hmmapi.dll + 2004-08-10 20:00 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll + 2004-08-10 20:00 . 2007-08-14 00:39 71680 c:\windows\system32\dllcache\admparse.dll + 2004-08-10 20:00 . 2009-06-29 16:12 17408 c:\windows\system32\corpol.dll + 2004-08-10 20:00 . 2007-08-14 00:39 71680 c:\windows\system32\admparse.dll + 2009-09-05 22:11 . 2009-09-05 22:11 49664 c:\windows\Installer\60294ff.msi + 2009-09-05 22:08 . 2009-09-05 22:08 87552 c:\windows\Installer\60294f1.msi + 2009-09-05 22:08 . 2009-09-05 22:08 87040 c:\windows\Installer\60294ea.msi + 2009-09-05 23:11 . 2009-09-05 23:11 43520 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d1a31e41fd2e4593b0f433f9c92e237b\stdole.ni.dll + 2009-09-05 22:09 . 2009-09-05 22:09 14848 c:\windows\assembly\GAC_MSIL\stdole\7.0.3300.0__6298d2d1fcfb5d85\stdole.dll + 2009-09-05 22:09 . 2009-09-05 22:09 57344 c:\windows\assembly\GAC_MSIL\Newtonsoft.Json\1.1.1.0__6298d2d1fcfb5d85\Newtonsoft.Json.dll + 2009-09-05 22:09 . 2009-09-05 22:09 57344 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Vbe.Interop.dll + 2009-09-05 22:09 . 2009-09-05 22:09 97792 c:\windows\assembly\GAC_32\XobniPluginAPI\1.7.3.7053__6298d2d1fcfb5d85\XobniPluginAPI.dll + 2009-09-11 23:21 . 2009-09-11 23:21 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll - 2008-08-25 00:09 . 2008-08-25 00:09 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll - 2008-08-25 00:09 . 2008-08-25 00:09 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll + 2009-09-11 23:21 . 2009-09-11 23:21 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll + 2009-09-11 23:21 . 2009-09-11 23:21 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll - 2008-08-25 00:09 . 2008-08-25 00:09 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll + 2009-09-11 23:21 . 2009-09-11 23:21 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll - 2008-08-25 00:09 . 2008-08-25 00:09 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll + 2009-09-11 23:21 . 2009-09-11 23:21 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll - 2008-08-25 00:09 . 2008-08-25 00:09 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll + 2009-09-05 22:09 . 2009-09-05 22:09 3072 c:\windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\extensibility.dll - 2008-08-25 00:09 . 2008-08-25 00:09 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll + 2009-09-11 23:21 . 2009-09-11 23:21 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll + 2005-07-03 02:11 . 2009-06-29 16:12 827392 c:\windows\system32\wininet.dll + 2007-08-14 00:45 . 2007-08-14 00:45 206336 c:\windows\system32\winfxdocobj.exe + 2004-08-10 20:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll + 2004-08-10 20:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll + 2004-08-10 20:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll - 2004-08-10 20:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll + 2005-03-10 07:49 . 2005-03-10 07:49 295424 c:\windows\system32\termsrv32.dll + 2005-03-10 07:49 . 2005-03-10 07:49 295424 c:\windows\system32\termsrv32(2)(2).dll + 2004-08-10 20:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll + 2004-08-10 20:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll + 2005-07-03 02:11 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll + 2004-08-10 20:00 . 2007-08-14 00:54 156160 c:\windows\system32\msls31.dll - 2004-08-10 20:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll + 2005-07-03 02:11 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll + 2007-08-14 00:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll + 2005-06-15 17:49 . 2008-04-14 00:11 299520 c:\windows\system32\kerberos(2).dll + 2004-08-10 20:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll + 2007-08-14 00:54 . 2007-08-14 00:54 180736 c:\windows\system32\ieui.dll + 2007-08-14 00:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll + 2005-07-03 02:11 . 2007-08-14 00:54 191488 c:\windows\system32\iepeers.dll + 2004-08-10 20:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll + 2007-07-11 18:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll + 2004-08-10 20:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll + 2004-08-10 20:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll + 2004-08-10 20:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll + 2004-08-10 20:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll + 2004-08-10 20:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll + 2005-07-03 02:11 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll + 2004-08-10 20:00 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll + 2004-08-10 20:00 . 2007-07-12 23:31 765952 c:\windows\system32\dllcache\vgx.dll + 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll + 2004-08-10 20:00 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll - 2004-08-10 20:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll - 2004-08-10 20:00 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll + 2004-08-10 20:00 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll + 2004-08-10 20:00 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll + 2004-08-10 20:00 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll + 2005-07-03 02:11 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll - 2004-08-10 20:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll + 2004-08-10 20:00 . 2007-08-14 00:54 156160 c:\windows\system32\dllcache\msls31.dll + 2005-07-03 02:11 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll + 2007-11-20 03:19 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll + 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll + 2004-08-10 20:00 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe + 2007-11-20 03:19 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll + 2005-07-03 02:11 . 2007-08-14 00:54 191488 c:\windows\system32\dllcache\iepeers.dll + 2004-08-10 20:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll + 2007-11-20 03:19 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2004-08-10 20:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-10 20:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll + 2004-08-10 20:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-10 20:00 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll + 2004-08-10 20:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2004-08-10 20:00 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-10 20:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll + 2009-10-03 13:53 . 2009-03-08 22:39 177792 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat + 2009-09-05 22:09 . 2009-09-05 22:09 109568 c:\windows\Installer\60294f8.msi + 2009-08-23 16:17 . 2006-09-06 23:43 213216 c:\windows\ie7\spuninst\spuninst.exe + 2004-08-10 12:11 . 2009-08-18 15:55 179712 c:\windows\ehome\ehkeyctl.dll + 2009-08-17 18:19 . 2009-08-17 18:19 398632 c:\windows\Downloaded Program Files\JuniperExt.exe + 2009-09-05 23:11 . 2009-09-05 23:11 746496 c:\windows\assembly\NativeImages_v2.0.50727_32\ZedGraph\1b3997c4a8d718ca47c4da342afb5411\ZedGraph.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 702464 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniStatistics\2c23021c84942be3a899e07e79b7dcc4\XobniStatistics.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 219648 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniPluginAPI\f39f4614f8c2880922736827f5fcb254\XobniPluginAPI.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\5ccc7c5edaa205df4ed326c90e7b501f\Xobni.XMapiAccessor.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 493568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\a6901f8c44f1b0b9f604c80d62f93874\System.Data.SQLite.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 506880 c:\windows\assembly\NativeImages_v2.0.50727_32\office\69b9dbe027cd56f0db4299b9173b55b2\office.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\143bd06fec0760ed6d45d945ce01ab94\Newtonsoft.Json.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\20d169afe411989dcee8fa00c897de97\Microsoft.Vbe.Interop.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 415232 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniSkype\b576e2c4c86f53194c5c9037ac4496d2\Interop.XobniSkype.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\fbac1a8d77ef94cfbd84e409d55f6219\Interop.shdocvw.ni.dll + 2009-09-05 22:09 . 2009-09-05 22:09 212992 c:\windows\assembly\GAC_MSIL\office\11.0.0.0__6298d2d1fcfb5d85\office.dll + 2009-09-05 22:09 . 2009-09-05 22:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Word.dll + 2009-09-05 22:09 . 2009-09-05 22:09 405504 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Outlook.dll + 2009-09-05 22:09 . 2009-09-05 22:09 180224 c:\windows\assembly\GAC_MSIL\Interop.XobniSkype\1.0.0.0__6298d2d1fcfb5d85\Interop.XobniSkype.dll + 2009-09-05 22:09 . 2009-09-05 22:09 589824 c:\windows\assembly\GAC_MSIL\Interop.XobniRdo\4.5.0.813__6298d2d1fcfb5d85\Interop.XobniRdo.dll + 2009-09-05 22:09 . 2009-09-05 22:09 131072 c:\windows\assembly\GAC_MSIL\Interop.shdocvw\1.1.0.0__6298d2d1fcfb5d85\Interop.shdocvw.dll + 2009-09-05 22:09 . 2009-09-05 22:09 216064 c:\windows\assembly\GAC_32\ZedGraph\4.3.4.0__02a83cbd123fcd60\ZedGraph.dll + 2009-09-05 22:09 . 2009-09-05 22:09 158208 c:\windows\assembly\GAC_32\XobniStatistics\1.7.3.7053__6298d2d1fcfb5d85\XobniStatistics.dll + 2009-09-05 22:09 . 2009-09-05 22:09 727040 c:\windows\assembly\GAC_32\XobniFeeds\1.7.3.7053__6298d2d1fcfb5d85\XobniFeeds.dll + 2009-09-05 22:09 . 2009-09-05 22:09 417792 c:\windows\assembly\GAC_32\Xobni.XMapiAccessor\1.0.3363.21656__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll + 2009-09-05 22:09 . 2009-09-05 22:09 839680 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll - 2008-08-25 00:09 . 2008-08-25 00:09 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll + 2009-09-11 23:21 . 2009-09-11 23:21 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll - 2008-08-25 00:09 . 2008-08-25 00:09 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll + 2009-09-11 23:21 . 2009-09-11 23:21 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll + 2009-09-11 23:21 . 2009-09-11 23:21 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll - 2008-08-25 00:09 . 2008-08-25 00:09 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll - 2008-08-25 00:09 . 2008-08-25 00:09 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll + 2009-09-11 23:21 . 2009-09-11 23:21 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll + 2009-09-11 23:21 . 2009-09-11 23:21 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll - 2008-08-25 00:09 . 2008-08-25 00:09 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll + 2009-09-11 23:21 . 2009-09-11 23:21 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll - 2008-08-25 00:09 . 2008-08-25 00:09 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll - 2008-08-25 00:09 . 2008-08-25 00:09 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll + 2009-09-11 23:21 . 2009-09-11 23:21 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll + 2009-09-11 23:21 . 2009-09-11 23:21 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll - 2008-08-25 00:09 . 2008-08-25 00:09 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll - 2008-08-25 00:09 . 2008-08-25 00:09 864256 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll + 2009-09-11 23:21 . 2009-09-11 23:21 864256 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll - 2008-08-25 00:09 . 2008-08-25 00:09 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll + 2009-09-11 23:21 . 2009-09-11 23:21 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll - 2008-08-25 00:09 . 2008-08-25 00:09 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll + 2009-09-11 23:21 . 2009-09-11 23:21 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll - 2008-08-25 00:09 . 2008-08-25 00:09 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll + 2009-09-11 23:21 . 2009-09-11 23:21 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll - 2005-08-04 02:29 . 2008-06-18 11:03 2458112 c:\windows\system32\WMVCore.dll + 2005-08-04 02:29 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll + 2005-07-03 02:11 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll + 2006-04-13 02:16 . 2009-10-03 03:13 9390984 c:\windows\system32\Restore\rstrlog.dat + 2005-07-20 03:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll + 2007-08-14 00:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll + 2007-02-12 22:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat - 2005-08-04 02:29 . 2008-06-18 11:03 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2005-08-04 02:29 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2005-07-03 02:11 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll + 2005-07-20 03:00 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll + 2007-11-20 03:19 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll + 2007-11-20 03:19 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat + 2009-09-05 23:11 . 2009-09-05 23:11 2369024 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniFeeds\2f9a5319c4c11907b7303807d08411a7\XobniFeeds.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\cc910561ca082052db1e6eac3d5b9189\Microsoft.Office.Interop.Word.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 1028608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\accdae5050f4b0d7a95e9fb5673abc73\Microsoft.Office.Interop.Outlook.ni.dll + 2009-09-05 23:11 . 2009-09-05 23:11 1445888 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniRdo\a9efd7fb4d7b548ded62dc76f3553e18\Interop.XobniRdo.ni.dll + 2009-09-05 22:09 . 2009-09-05 22:09 4230656 c:\windows\assembly\GAC_32\XobniCommon\1.7.3.7053__6298d2d1fcfb5d85\XobniCommon.dll + 2009-09-11 23:21 . 2009-09-11 23:21 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll - 2008-08-25 00:09 . 2008-08-25 00:09 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll + 2009-08-21 08:01 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe + 2009-09-05 22:11 . 2009-09-05 22:11 15705600 c:\windows\Installer\6029507.msp + 2009-09-05 23:11 . 2009-09-05 23:11 11715584 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniCommon\908d11bc5df8f49a97b6181d3628182a\XobniCommon.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\straka\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896] "FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "EPSON Stylus CX3800 Series on Office (from LENA-PC)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616] "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-03-09 86016] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "<NO NAME>"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\straka\\Application Data\\VuzeStream\\VuzeStream.exe"= "c:\\Documents and Settings\\straka\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "67:UDP"= 67:UDP:DHCP Discovery Service R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/5/2009 5:07 PM 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/5/2009 5:07 PM 234888] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/1/2009 10:32 PM 269648] R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [12/27/2007 4:39 PM 51816] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/10/2008 8:15 PM 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/1/2009 10:32 PM 19160] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [12/18/2008 5:56 PM 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [12/18/2008 5:56 PM 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [12/18/2008 5:56 PM 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [12/18/2008 5:56 PM 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [12/18/2008 5:56 PM 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [12/18/2008 5:56 PM 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [12/18/2008 5:56 PM 115752] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk Trusted Zone: turbotax.com Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://mydesktop.swacorp.com/dana-cached/sc/JuniperSetupClient.cab FF - ProfilePath - c:\documents and settings\straka\Application Data\Mozilla\Firefox\Profiles\voeznei8.default\ FF - plugin: c:\documents and settings\straka\Application Data\VuzeStream\NetscapePlugin1.0.2.9\npVuzeStream.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - c:\documents and settings\straka\Local Settings\Temporary Internet Files\Content.IE5\IATNAGEH\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-04 09:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4068441832-866955680-4070757987-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a9,2f,79,61,21,af,1f,bb,ca,65,43,e7,03,fc,f8,e0,5a,30,5b,76,39,a0,08, 43,fd,db,33,9b,70,b9,25,42,3e,87,aa,4f,35,77,9c,ce,cc,20,d1,7d,38,98,22,8a,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . Completion time: 2009-10-04 9:46 ComboFix-quarantined-files.txt 2009-10-04 14:45 ComboFix2.txt 2009-09-03 03:15 Pre-Run: 79,913,365,504 bytes free Post-Run: 80,296,804,352 bytes free 430 --- E O F --- 2009-09-10 08:04

Already ran malwarebytes and winsock fix Please help...thank you! hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:34:05 PM, on 10/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe -- End of file - 7895 bytes

ComboFix 09-09-02.02 - straka 09/02/2009 22:05.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.606 [GMT -5:00] Running from: c:\documents and settings\straka\Desktop\Combo-Fix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documents\rijujucer.bin c:\documents and settings\All Users\Documents\yqonyduly.dl c:\documents and settings\straka\Application Data\nosomogu.bin c:\documents and settings\straka\Application Data\ocese.pif c:\documents and settings\straka\Application Data\odamus.pif c:\documents and settings\straka\Local Settings\Application Data\nakeqo.reg c:\documents and settings\straka\Local Settings\Application Data\wawagito.reg c:\documents and settings\straka\Local Settings\Temporary Internet Files\hahorub.sys c:\documents and settings\straka\Local Settings\Temporary Internet Files\uxecaripoj.sys c:\program files\Common Files\egegogyb.com c:\program files\Common Files\renezekuwa.vbs c:\program files\Common Files\ypytax.dll c:\windows\ahisadopa.vbs c:\windows\asembl~1 c:\windows\dobe~1 c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\Fonts\acrsec.fon c:\windows\ibejed.sys c:\windows\install.exe c:\windows\Installer\1a003021.msp c:\windows\Installer\1d88d73.msp c:\windows\Installer\1e409b2.msp c:\windows\Installer\309e4.msi c:\windows\Installer\560b5.msp c:\windows\Installer\a49aa.msi c:\windows\Installer\d686165.msi c:\windows\Installer\da9e722.msp c:\windows\Installer\db5a4.msi c:\windows\kb913800.exe c:\windows\sofafo.dll c:\windows\system32\bayuvada.dll c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\iwaf.bin c:\windows\system32\NTSVc.ocx c:\windows\system32\sibatoyu.dll c:\windows\system32\sizemite.dll c:\windows\system32\yjut.dll c:\windows\wamobove.exe c:\windows\yjaq.reg c:\windows\ysatahaz.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 ))))))))))))))))))))))))))))))) . 2009-09-02 03:32 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-02 03:32 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 03:32 . 2009-09-03 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-01 00:50 . 2009-09-01 00:50 -------- d-sh--w- c:\documents and settings\straka\IECompatCache 2009-08-23 16:47 . 2009-08-23 16:47 -------- d-sh--w- c:\documents and settings\straka\PrivacIE 2009-08-23 16:42 . 2009-08-23 16:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-23 16:41 . 2009-08-23 16:41 -------- d-sh--w- c:\documents and settings\straka\IETldCache 2009-08-23 16:20 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-08-23 16:20 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-08-23 16:20 . 2009-08-23 16:20 -------- d-----w- c:\windows\ie8updates 2009-08-23 16:19 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-08-23 16:17 . 2009-08-23 16:18 -------- dc-h--w- c:\windows\ie8 2009-08-21 13:21 . 2009-09-02 02:56 -------- d-----w- c:\documents and settings\straka\Application Data\mjusbsp 2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\MSBuild 2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\Reference Assemblies 2009-08-21 08:10 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-21 08:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-21 08:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-21 08:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-21 08:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-21 08:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-21 08:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-21 00:45 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2009-08-21 00:45 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2009-08-21 00:45 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2009-08-21 00:45 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2009-08-21 00:45 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2009-08-21 00:45 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll 2009-08-21 00:45 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2009-08-21 00:45 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-08-21 00:45 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2009-08-21 00:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-08-21 00:44 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2009-08-21 00:25 . 2009-08-21 00:25 16442 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\vikyr.dat 2009-08-07 01:46 . 2009-08-23 20:05 -------- d-----w- c:\documents and settings\straka\Application Data\Juniper Networks 2009-08-07 01:43 . 2009-08-07 01:43 -------- d-----w- c:\program files\Citrix 2009-08-07 01:41 . 2009-08-24 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-03 02:13 . 2006-04-03 00:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-09-02 05:04 . 2006-07-27 03:26 -------- d-----w- c:\program files\DynDNS Updater 2009-09-01 00:52 . 2006-04-05 00:47 -------- d-----w- c:\documents and settings\straka\Application Data\Azureus 2009-08-26 19:01 . 2006-07-13 03:58 3662 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-23 00:13 . 2007-01-15 20:10 -------- d-----w- c:\documents and settings\straka\Application Data\CoreFTP 2009-08-21 13:32 . 2006-04-13 02:04 108056 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-16 23:26 . 2006-04-03 00:53 -------- d-----w- c:\program files\Java 2009-08-15 23:00 . 2008-08-28 22:52 -------- d-----w- c:\program files\SopCast 2009-08-15 22:55 . 2008-08-07 22:45 -------- d-----w- c:\program files\TVAnts 2009-08-07 15:13 . 2006-08-30 12:33 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-05 09:01 . 2004-08-10 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-10 20:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-28 04:39 . 2006-04-05 00:47 -------- d-----w- c:\program files\Azureus 2009-07-25 10:23 . 2008-12-21 14:29 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-10 20:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-12 22:43 . 2009-07-12 22:43 -------- d-----w- c:\program files\Virtual Earth 3D 2009-07-03 17:09 . 2005-07-03 02:11 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-12 12:31 . 2004-08-10 20:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2005-05-10 23:45 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:19 . 2004-08-10 20:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2004-08-10 20:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2004-08-10 20:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 16:42 . 2009-06-21 17:40 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-05 16:42 . 2009-06-21 17:40 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-04-06 23:29 . 2006-04-06 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rvzcivg"="c:\windows\?dobe\??rss.exe" [?] "cdloader"="c:\documents and settings\straka\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896] "FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "EPSON Stylus CX3800 Series on Office (from LENA-PC)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616] "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-03-09 86016] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "<NO NAME>"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\straka\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/1/2009 10:32 PM 232720] R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [12/27/2007 4:39 PM 51816] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/10/2008 8:15 PM 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/1/2009 10:32 PM 19096] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [12/18/2008 5:56 PM 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [12/18/2008 5:56 PM 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [12/18/2008 5:56 PM 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [12/18/2008 5:56 PM 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [12/18/2008 5:56 PM 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [12/18/2008 5:56 PM 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [12/18/2008 5:56 PM 115752] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{4AD6F8B8-1B7B-478B-2807-4FB67B6FA1E9} - c:\windows\system32\cjvkb.dll HKCU-Run-Aim6 - (no file) HKLM-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk LSP: VLsp.dll Trusted Zone: turbotax.com TCP: {D62D089B-2B79-43A1-AD6B-DE46BE006FEB} = 192.168.1.1 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-02 22:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4068441832-866955680-4070757987-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a9,2f,79,61,21,af,1f,bb,ca,65,43,e7,03,fc,f8,e0,5a,30,5b,76,39,a0,08, 43,fd,db,33,9b,70,b9,25,42,3e,87,aa,4f,35,77,9c,ce,cc,20,d1,7d,38,98,22,8a,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1036) c:\windows\system32\VLsp.dll c:\windows\system32\WININET.dll c:\windows\system32\VNSP.DLL - - - - - - - > 'explorer.exe'(2204) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\ehome\ehmsas.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PSIService.exe c:\windows\system32\UTSCSI.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\DynDNS Updater\DynDNS.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-03 22:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-03 03:15 Pre-Run: 85,418,491,904 bytes free Post-Run: 85,371,265,024 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 287 --- E O F --- 2009-09-02 08:01

Malwarebytes' Anti-Malware 1.40 Database version: 2734 Windows 5.1.2600 Service Pack 3 9/2/2009 9:46:58 PM mbam-log-2009-09-02 (21-46-58).txt Scan type: Quick Scan Objects scanned: 119145 Time elapsed: 9 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temp\UAC2d38.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temp\UAC906.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temporary Internet Files\Content.IE5\2C1YSZNF\qjxkoptg[1].htm (Spyware.Banker) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temporary Internet Files\Content.IE5\2C1YSZNF\clzqdervli[1].htm (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temporary Internet Files\Content.IE5\3ZJLVWJA\ekyymmqe[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temporary Internet Files\Content.IE5\KRHW0YIM\zwjkbb[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temporary Internet Files\Content.IE5\KRHW0YIM\agqqerbspt[1].htm (Spyware.Banker) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temp\tmpwr2 (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\straka\Local Settings\Temp\tmpwr3 (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACnhrkdseatb.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\UACairusaptvk.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate.