Browser only works in safe mode

[strakats]

Already ran malwarebytes and winsock fix

Please help...thank you!

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:34:05 PM, on 10/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--

End of file - 7895 bytes

[screen317]

Hi and welcome to Malwarebytes.

Post the log from MBAM please.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
  

-screen317

[strakats]

ComboFix 09-10-03.01 - straka 10/04/2009 9:31.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.506 [GMT -5:00]

Running from: c:\documents and settings\straka\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\myce.reg

c:\documents and settings\All Users\Application Data\qekorovic.dll

c:\documents and settings\All Users\Documents\vifivi.sys

c:\documents and settings\straka\Application Data\vutusale.bat

c:\documents and settings\straka\Local Settings\Application Data\xawuxa.pif

c:\program files\Common Files\usotase.pif

c:\windows\subulynepo.exe

c:\windows\system32\afuwenoge.dll

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\riwyb.dl

c:\windows\Temp\tmp3.tmp

c:\windows\tenek.sys

c:\windows\yhimil.reg

Infected copy of c:\windows\system32\drivers\dtscsi.sys was found and disinfected

Kitty ate it

.

((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))

.

2009-10-04 01:21 . 2009-10-04 01:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-10-04 00:33 . 2009-10-04 00:33 -------- d-----w- c:\program files\Trend Micro

2009-10-03 22:34 . 2009-10-03 22:34 -------- d-----w- c:\documents and settings\straka\Local Settings\Application Data\Mozilla

2009-10-03 20:53 . 2009-10-03 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\WINDOWS

2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\V-ONE

2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\UserData

2009-10-03 05:33 . 2008-03-18 01:50 421544 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\UDLL.dll

2009-10-03 05:33 . 2006-11-25 18:41 25600 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermptxp.sys

2009-10-03 05:33 . 2006-11-25 18:41 22768 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermpt.sys

2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Saved Games

2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\PrivacIE

2009-10-03 05:32 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\pool.bin

2009-10-03 05:29 . 2006-11-25 18:41 9232 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdfl.sys

2009-10-03 05:29 . 2006-11-25 18:41 92064 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdm.sys

2009-10-03 05:29 . 2006-11-25 18:41 79328 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmserd.sys

2009-10-03 05:29 . 2006-11-25 18:41 5936 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmwhnt.sys

2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.MFC

2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.CRT

2009-10-03 05:29 . 2006-11-25 18:41 66656 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmbus.sys

2009-10-03 05:29 . 2006-11-25 18:41 6208 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcmnt.sys

2009-10-03 05:29 . 2006-11-25 18:41 4048 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcr.sys

2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Logitech

2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Incomplete

2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IETldCache

2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IECompatCache

2009-10-03 05:12 . 2009-10-04 14:30 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000

2009-10-03 03:12 . 2009-10-03 03:12 -------- d-----w- c:\windows\system32\wbem\Repository

2009-10-03 03:10 . 2009-10-03 03:10 -------- d-----w- c:\program files\Common Files\xing shared

2009-10-03 02:20 . 2009-10-03 02:20 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\browser - logitech

2009-10-03 01:19 . 2009-10-03 03:01 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\.magicfix

2009-10-03 01:18 . 2009-10-03 03:03 -------- d-s---w- c:\documents and settings\HelpAssistant.OFFICE

2009-10-02 19:28 . 2009-10-03 03:07 -------- d-----w- c:\documents and settings\HelpAssistant\UserData

2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\V-ONE

2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\Saved Games

2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE

2009-10-02 19:28 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant\pool.bin

2009-10-02 19:22 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\Logitech

2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache

2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache

2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\browser - logitech

2009-10-02 19:05 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\.magicfix

2009-10-02 19:04 . 2009-10-03 03:09 -------- d-s---w- c:\documents and settings\HelpAssistant

2009-09-13 01:29 . 2009-09-13 01:29 12934 ----a-w- c:\windows\system32\butegyny.dat

2009-09-13 01:29 . 2009-09-13 01:29 12887 ----a-w- c:\windows\alyh.com

2009-09-05 22:11 . 2009-09-05 22:11 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-05 22:10 . 2009-09-05 22:24 -------- d-----w- c:\documents and settings\straka\Application Data\VuzeStream

2009-09-05 22:08 . 2009-10-04 01:04 -------- d-----w- c:\program files\Xobni

2009-09-05 22:08 . 2009-09-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus

2009-09-05 22:07 . 2009-09-05 22:07 -------- d-----w- c:\program files\AskBarDis

2009-09-04 22:03 . 2009-09-04 22:03 8 --sh--r- c:\windows\system32\57D60DA5E8.sys

2009-09-04 18:41 . 2009-09-04 18:41 -------- d-----w- c:\program files\Runtime Software

2009-09-04 17:07 . 2009-09-11 23:22 -------- d-----w- c:\documents and settings\straka\Application Data\mjusbsp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-04 14:02 . 2006-07-27 03:26 -------- d-----w- c:\program files\DynDNS Updater

2009-10-03 20:53 . 2006-04-20 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Real

2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Common Files\Real

2009-09-28 03:19 . 2009-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks

2009-09-26 03:28 . 2006-04-05 00:47 -------- d-----w- c:\documents and settings\straka\Application Data\Azureus

2009-09-13 01:29 . 2009-09-13 01:29 14174 ----a-w- c:\documents and settings\straka\Application Data\aqyrora.dat

2009-09-13 01:29 . 2009-09-13 01:29 13353 ----a-w- c:\program files\Common Files\boteqygoki._sy

2009-09-13 01:25 . 2009-09-02 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-12 12:57 . 2009-08-07 01:46 -------- d-----w- c:\documents and settings\straka\Application Data\Juniper Networks

2009-09-11 23:41 . 2006-07-13 03:58 3662 -csha-w- c:\windows\system32\KGyGaAvL.sys

2009-09-10 19:54 . 2009-09-02 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2009-09-02 03:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-05 22:07 . 2006-04-05 00:47 -------- d-----w- c:\program files\Azureus

2009-08-23 00:13 . 2007-01-15 20:10 -------- d-----w- c:\documents and settings\straka\Application Data\CoreFTP

2009-08-21 13:32 . 2006-04-13 02:04 108056 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\MSBuild

2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\Reference Assemblies

2009-08-21 00:25 . 2009-08-21 00:25 16442 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\vikyr.dat

2009-08-16 23:26 . 2006-04-03 00:53 -------- d-----w- c:\program files\Java

2009-08-15 23:00 . 2008-08-28 22:52 -------- d-----w- c:\program files\SopCast

2009-08-15 22:55 . 2008-08-07 22:45 -------- d-----w- c:\program files\TVAnts

2009-08-07 15:13 . 2006-08-30 12:33 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-07 01:43 . 2009-08-07 01:43 -------- d-----w- c:\program files\Citrix

2009-08-05 09:01 . 2004-08-10 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:37 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:37 . 2004-08-10 20:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-25 10:23 . 2008-12-21 14:29 411368 -c--a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 15:08 . 2004-08-10 20:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll

2006-04-06 23:29 . 2006-04-06 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-09-03_03.11.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-10 20:00 . 2008-04-14 00:12 49152 c:\windows\system32\wdigest(2).dll

+ 2004-08-10 20:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32(2).dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll

- 2004-08-10 20:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll

+ 2004-08-10 20:00 . 2007-08-14 00:01 48128 c:\windows\system32\mshtmler.dll

- 2004-08-10 20:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe

+ 2004-08-10 20:00 . 2007-08-14 00:32 45568 c:\windows\system32\mshta.exe

+ 2007-08-14 00:36 . 2007-08-14 00:36 12288 c:\windows\system32\msfeedssync.exe

+ 2007-08-14 00:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll

+ 2004-08-10 20:00 . 2007-08-14 00:44 40960 c:\windows\system32\licmgr10.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll

+ 2005-07-03 02:11 . 2007-08-14 00:39 92672 c:\windows\system32\inseng.dll

+ 2004-08-10 20:00 . 2007-08-14 00:36 36352 c:\windows\system32\imgutil.dll

+ 2004-08-10 20:00 . 2007-08-14 00:39 55296 c:\windows\system32\iesetup.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll

+ 2009-08-23 16:17 . 2009-06-29 16:12 78336 c:\windows\system32\ieencode.dll

+ 2004-08-10 20:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe

+ 2007-08-14 00:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2004-08-10 20:00 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll

- 2004-08-10 20:00 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll

- 2004-08-10 20:00 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe

+ 2004-08-10 20:00 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe

+ 2007-11-20 03:19 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2004-08-10 20:00 . 2007-08-14 00:44 40960 c:\windows\system32\dllcache\licmgr10.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2005-07-03 02:11 . 2007-08-14 00:39 92672 c:\windows\system32\dllcache\inseng.dll

+ 2004-08-10 20:00 . 2007-08-14 00:36 36352 c:\windows\system32\dllcache\imgutil.dll

+ 2004-08-10 20:00 . 2007-08-14 00:39 55296 c:\windows\system32\dllcache\iesetup.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2009-08-23 16:17 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2004-08-10 20:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2007-11-20 03:19 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll

+ 2004-08-10 20:00 . 2007-08-14 00:18 60416 c:\windows\system32\dllcache\hmmapi.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll

+ 2004-08-10 20:00 . 2007-08-14 00:39 71680 c:\windows\system32\dllcache\admparse.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 17408 c:\windows\system32\corpol.dll

+ 2004-08-10 20:00 . 2007-08-14 00:39 71680 c:\windows\system32\admparse.dll

+ 2009-09-05 22:11 . 2009-09-05 22:11 49664 c:\windows\Installer\60294ff.msi

+ 2009-09-05 22:08 . 2009-09-05 22:08 87552 c:\windows\Installer\60294f1.msi

+ 2009-09-05 22:08 . 2009-09-05 22:08 87040 c:\windows\Installer\60294ea.msi

+ 2009-09-05 23:11 . 2009-09-05 23:11 43520 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d1a31e41fd2e4593b0f433f9c92e237b\stdole.ni.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 14848 c:\windows\assembly\GAC_MSIL\stdole\7.0.3300.0__6298d2d1fcfb5d85\stdole.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 57344 c:\windows\assembly\GAC_MSIL\Newtonsoft.Json\1.1.1.0__6298d2d1fcfb5d85\Newtonsoft.Json.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 57344 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Vbe.Interop.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 97792 c:\windows\assembly\GAC_32\XobniPluginAPI\1.7.3.7053__6298d2d1fcfb5d85\XobniPluginAPI.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 3072 c:\windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\extensibility.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 827392 c:\windows\system32\wininet.dll

+ 2007-08-14 00:45 . 2007-08-14 00:45 206336 c:\windows\system32\winfxdocobj.exe

+ 2004-08-10 20:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll

+ 2004-08-10 20:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll

- 2004-08-10 20:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll

+ 2005-03-10 07:49 . 2005-03-10 07:49 295424 c:\windows\system32\termsrv32.dll

+ 2005-03-10 07:49 . 2005-03-10 07:49 295424 c:\windows\system32\termsrv32(2)(2).dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll

+ 2004-08-10 20:00 . 2007-08-14 00:54 156160 c:\windows\system32\msls31.dll

- 2004-08-10 20:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll

+ 2007-08-14 00:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll

+ 2005-06-15 17:49 . 2008-04-14 00:11 299520 c:\windows\system32\kerberos(2).dll

+ 2004-08-10 20:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll

+ 2007-08-14 00:54 . 2007-08-14 00:54 180736 c:\windows\system32\ieui.dll

+ 2007-08-14 00:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll

+ 2005-07-03 02:11 . 2007-08-14 00:54 191488 c:\windows\system32\iepeers.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 18:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll

+ 2004-08-10 20:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2004-08-10 20:00 . 2007-07-12 23:31 765952 c:\windows\system32\dllcache\vgx.dll

+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll

- 2004-08-10 20:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll

- 2004-08-10 20:00 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll

+ 2004-08-10 20:00 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll

- 2004-08-10 20:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll

+ 2004-08-10 20:00 . 2007-08-14 00:54 156160 c:\windows\system32\dllcache\msls31.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2007-11-20 03:19 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll

+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll

+ 2004-08-10 20:00 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe

+ 2007-11-20 03:19 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2005-07-03 02:11 . 2007-08-14 00:54 191488 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-11-20 03:19 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2004-08-10 20:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll

+ 2004-08-10 20:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll

+ 2009-10-03 13:53 . 2009-03-08 22:39 177792 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

+ 2009-09-05 22:09 . 2009-09-05 22:09 109568 c:\windows\Installer\60294f8.msi

+ 2009-08-23 16:17 . 2006-09-06 23:43 213216 c:\windows\ie7\spuninst\spuninst.exe

+ 2004-08-10 12:11 . 2009-08-18 15:55 179712 c:\windows\ehome\ehkeyctl.dll

+ 2009-08-17 18:19 . 2009-08-17 18:19 398632 c:\windows\Downloaded Program Files\JuniperExt.exe

+ 2009-09-05 23:11 . 2009-09-05 23:11 746496 c:\windows\assembly\NativeImages_v2.0.50727_32\ZedGraph\1b3997c4a8d718ca47c4da342afb5411\ZedGraph.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 702464 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniStatistics\2c23021c84942be3a899e07e79b7dcc4\XobniStatistics.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 219648 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniPluginAPI\f39f4614f8c2880922736827f5fcb254\XobniPluginAPI.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\5ccc7c5edaa205df4ed326c90e7b501f\Xobni.XMapiAccessor.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 493568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\a6901f8c44f1b0b9f604c80d62f93874\System.Data.SQLite.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 506880 c:\windows\assembly\NativeImages_v2.0.50727_32\office\69b9dbe027cd56f0db4299b9173b55b2\office.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\143bd06fec0760ed6d45d945ce01ab94\Newtonsoft.Json.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\20d169afe411989dcee8fa00c897de97\Microsoft.Vbe.Interop.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 415232 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniSkype\b576e2c4c86f53194c5c9037ac4496d2\Interop.XobniSkype.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\fbac1a8d77ef94cfbd84e409d55f6219\Interop.shdocvw.ni.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 212992 c:\windows\assembly\GAC_MSIL\office\11.0.0.0__6298d2d1fcfb5d85\office.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Word.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 405504 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Outlook.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 180224 c:\windows\assembly\GAC_MSIL\Interop.XobniSkype\1.0.0.0__6298d2d1fcfb5d85\Interop.XobniSkype.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 589824 c:\windows\assembly\GAC_MSIL\Interop.XobniRdo\4.5.0.813__6298d2d1fcfb5d85\Interop.XobniRdo.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 131072 c:\windows\assembly\GAC_MSIL\Interop.shdocvw\1.1.0.0__6298d2d1fcfb5d85\Interop.shdocvw.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 216064 c:\windows\assembly\GAC_32\ZedGraph\4.3.4.0__02a83cbd123fcd60\ZedGraph.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 158208 c:\windows\assembly\GAC_32\XobniStatistics\1.7.3.7053__6298d2d1fcfb5d85\XobniStatistics.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 727040 c:\windows\assembly\GAC_32\XobniFeeds\1.7.3.7053__6298d2d1fcfb5d85\XobniFeeds.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 417792 c:\windows\assembly\GAC_32\Xobni.XMapiAccessor\1.0.3363.21656__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 839680 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 864256 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 864256 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll

- 2005-08-04 02:29 . 2008-06-18 11:03 2458112 c:\windows\system32\WMVCore.dll

+ 2005-08-04 02:29 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll

+ 2006-04-13 02:16 . 2009-10-03 03:13 9390984 c:\windows\system32\Restore\rstrlog.dat

+ 2005-07-20 03:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll

+ 2007-08-14 00:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll

+ 2007-02-12 22:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat

- 2005-08-04 02:29 . 2008-06-18 11:03 2458112 c:\windows\system32\dllcache\WMVCore.dll

+ 2005-08-04 02:29 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll

+ 2005-07-03 02:11 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll

+ 2005-07-20 03:00 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll

+ 2007-11-20 03:19 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll

+ 2007-11-20 03:19 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat

+ 2009-09-05 23:11 . 2009-09-05 23:11 2369024 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniFeeds\2f9a5319c4c11907b7303807d08411a7\XobniFeeds.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\cc910561ca082052db1e6eac3d5b9189\Microsoft.Office.Interop.Word.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 1028608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\accdae5050f4b0d7a95e9fb5673abc73\Microsoft.Office.Interop.Outlook.ni.dll

+ 2009-09-05 23:11 . 2009-09-05 23:11 1445888 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniRdo\a9efd7fb4d7b548ded62dc76f3553e18\Interop.XobniRdo.ni.dll

+ 2009-09-05 22:09 . 2009-09-05 22:09 4230656 c:\windows\assembly\GAC_32\XobniCommon\1.7.3.7053__6298d2d1fcfb5d85\XobniCommon.dll

+ 2009-09-11 23:21 . 2009-09-11 23:21 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll

- 2008-08-25 00:09 . 2008-08-25 00:09 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll

+ 2009-08-21 08:01 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe

+ 2009-09-05 22:11 . 2009-09-05 22:11 15705600 c:\windows\Installer\6029507.msp

+ 2009-09-05 23:11 . 2009-09-05 23:11 11715584 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniCommon\908d11bc5df8f49a97b6181d3628182a\XobniCommon.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\straka\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896]

"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"EPSON Stylus CX3800 Series on Office (from LENA-PC)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]

"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-03-09 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\straka\\Application Data\\VuzeStream\\VuzeStream.exe"=

"c:\\Documents and Settings\\straka\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"67:UDP"= 67:UDP:DHCP Discovery Service

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/5/2009 5:07 PM 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/5/2009 5:07 PM 234888]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/1/2009 10:32 PM 269648]

R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [12/27/2007 4:39 PM 51816]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/10/2008 8:15 PM 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/1/2009 10:32 PM 19160]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [12/18/2008 5:56 PM 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [12/18/2008 5:56 PM 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [12/18/2008 5:56 PM 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [12/18/2008 5:56 PM 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [12/18/2008 5:56 PM 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [12/18/2008 5:56 PM 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [12/18/2008 5:56 PM 115752]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL =

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk

Trusted Zone: turbotax.com

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://mydesktop.swacorp.com/dana-cached/sc/JuniperSetupClient.cab

FF - ProfilePath - c:\documents and settings\straka\Application Data\Mozilla\Firefox\Profiles\voeznei8.default\

FF - plugin: c:\documents and settings\straka\Application Data\VuzeStream\NetscapePlugin1.0.2.9\npVuzeStream.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\straka\Local Settings\Temporary Internet Files\Content.IE5\IATNAGEH\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-04 09:43

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4068441832-866955680-4070757987-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a9,2f,79,61,21,af,1f,bb,ca,65,43,e7,03,fc,f8,e0,5a,30,5b,76,39,a0,08,

43,fd,db,33,9b,70,b9,25,42,3e,87,aa,4f,35,77,9c,ce,cc,20,d1,7d,38,98,22,8a,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

.

Completion time: 2009-10-04 9:46

ComboFix-quarantined-files.txt 2009-10-04 14:45

ComboFix2.txt 2009-09-03 03:15

Pre-Run: 79,913,365,504 bytes free

Post-Run: 80,296,804,352 bytes free

430 --- E O F --- 2009-09-10 08:04

[strakats]

Malwarebytes' Anti-Malware 1.41

Database version: 2900

Windows 5.1.2600 Service Pack 3

10/4/2009 10:11:22 AM

mbam-log-2009-10-04 (10-11-22).txt

Scan type: Quick Scan

Objects scanned: 193999

Time elapsed: 19 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[strakats]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:37:09 AM, on 10/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\DynDNS Updater\DynDNS.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9649 bytes

[strakats]

The problem still exists

[screen317]

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://www.malwarebytes.org/forums/index.php?showtopic=26691
Collect::
c:\windows\system32\butegyny.dat
c:\program files\Common Files\boteqygoki._sy
c:\windows\alyh.com

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
  

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[strakats]

Chris,

Will do when I get home from work today. Not sure where you find time to do this but thank you very much.

Good luck with Fall semester!

[screen317]

Hehe... I ask myself the same thing.

Thanks for letting me know..

[strakats]

ComboFix 09-10-06.03 - straka 10/06/2009 20:19.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.512 [GMT -5:00]

Running from: c:\documents and settings\straka\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\straka\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Resident AV is active

file zipped: c:\program files\Common Files\boteqygoki._sy

file zipped: c:\windows\alyh.com

file zipped: c:\windows\system32\butegyny.dat

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\boteqygoki._sy

c:\windows\alyh.com

c:\windows\system32\butegyny.dat

Infected copy of c:\windows\system32\drivers\dtscsi.sys was found and disinfected

Kitty ate it

.

((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))

.

2009-10-04 16:02 . 2009-10-06 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-10-04 01:21 . 2009-10-04 01:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-10-04 00:33 . 2009-10-04 00:33 -------- d-----w- c:\program files\Trend Micro

2009-10-03 22:34 . 2009-10-03 22:34 -------- d-----w- c:\documents and settings\straka\Local Settings\Application Data\Mozilla

2009-10-03 20:53 . 2009-10-03 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\WINDOWS

2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\V-ONE

2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\UserData

2009-10-03 05:33 . 2008-03-18 01:50 421544 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\UDLL.dll

2009-10-03 05:33 . 2006-11-25 18:41 25600 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermptxp.sys

2009-10-03 05:33 . 2006-11-25 18:41 22768 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermpt.sys

2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Saved Games

2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\PrivacIE

2009-10-03 05:32 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\pool.bin

2009-10-03 05:29 . 2006-11-25 18:41 9232 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdfl.sys

2009-10-03 05:29 . 2006-11-25 18:41 92064 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdm.sys

2009-10-03 05:29 . 2006-11-25 18:41 79328 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmserd.sys

2009-10-03 05:29 . 2006-11-25 18:41 5936 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmwhnt.sys

2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.MFC

2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.CRT

2009-10-03 05:29 . 2006-11-25 18:41 66656 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmbus.sys

2009-10-03 05:29 . 2006-11-25 18:41 6208 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcmnt.sys

2009-10-03 05:29 . 2006-11-25 18:41 4048 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcr.sys

2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Logitech

2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Incomplete

2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IETldCache

2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IECompatCache

2009-10-03 05:12 . 2009-10-07 00:59 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000

2009-10-03 03:12 . 2009-10-03 03:12 -------- d-----w- c:\windows\system32\wbem\Repository

2009-10-03 03:10 . 2009-10-03 03:10 -------- d-----w- c:\program files\Common Files\xing shared

2009-10-03 02:20 . 2009-10-03 02:20 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\browser - logitech

2009-10-03 01:19 . 2009-10-03 03:01 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\.magicfix

2009-10-03 01:18 . 2009-10-03 03:03 -------- d-s---w- c:\documents and settings\HelpAssistant.OFFICE

2009-10-02 19:28 . 2009-10-03 03:07 -------- d-----w- c:\documents and settings\HelpAssistant\UserData

2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\V-ONE

2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\Saved Games

2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE

2009-10-02 19:28 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant\pool.bin

2009-10-02 19:22 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\Logitech

2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache

2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache

2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\browser - logitech

2009-10-02 19:05 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\.magicfix

2009-10-02 19:04 . 2009-10-03 03:09 -------- d-s---w- c:\documents and settings\HelpAssistant

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-07 00:48 . 2006-07-27 03:26 -------- d-----w- c:\program files\DynDNS Updater

2009-10-04 01:04 . 2009-09-05 22:08 -------- d-----w- c:\program files\Xobni

2009-10-03 20:53 . 2006-04-20 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Real

2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Common Files\Real

2009-09-28 03:19 . 2009-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks

2009-09-26 03:28 . 2006-04-05 00:47 -------- d-----w- c:\documents and settings\straka\Application Data\Azureus

2009-09-13 01:29 . 2009-09-13 01:29 14174 ----a-w- c:\documents and settings\straka\Application Data\aqyrora.dat

2009-09-13 01:25 . 2009-09-02 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-12 12:57 . 2009-08-07 01:46 -------- d-----w- c:\documents and settings\straka\Application Data\Juniper Networks

2009-09-11 23:41 . 2006-07-13 03:58 3662 -csha-w- c:\windows\system32\KGyGaAvL.sys

2009-09-11 23:22 . 2009-09-04 17:07 -------- d-----w- c:\documents and settings\straka\Application Data\mjusbsp

2009-09-10 19:54 . 2009-09-02 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2009-09-02 03:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-05 22:24 . 2009-09-05 22:10 -------- d-----w- c:\documents and settings\straka\Application Data\VuzeStream

2009-09-05 22:11 . 2009-09-05 22:11 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-05 22:08 . 2009-09-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus

2009-09-05 22:07 . 2006-04-05 00:47 -------- d-----w- c:\program files\Azureus

2009-09-05 22:07 . 2009-09-05 22:07 -------- d-----w- c:\program files\AskBarDis

2009-09-04 22:03 . 2009-09-04 22:03 8 --sh--r- c:\windows\system32\57D60DA5E8.sys

2009-09-04 18:41 . 2009-09-04 18:41 -------- d-----w- c:\program files\Runtime Software

2009-09-03 02:13 . 2006-04-03 00:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec

2009-08-23 00:13 . 2007-01-15 20:10 -------- d-----w- c:\documents and settings\straka\Application Data\CoreFTP

2009-08-21 13:32 . 2006-04-13 02:04 108056 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\MSBuild

2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\Reference Assemblies

2009-08-21 00:25 . 2009-08-21 00:25 16442 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\vikyr.dat

2009-08-16 23:26 . 2006-04-03 00:53 -------- d-----w- c:\program files\Java

2009-08-15 23:00 . 2008-08-28 22:52 -------- d-----w- c:\program files\SopCast

2009-08-15 22:55 . 2008-08-07 22:45 -------- d-----w- c:\program files\TVAnts

2009-08-07 15:13 . 2006-08-30 12:33 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-07 00:24 . 2004-08-10 20:00 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-07 00:24 . 2004-08-10 20:00 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-07 00:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-07 00:24 . 2004-08-10 20:00 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-07 00:24 . 2004-08-10 20:00 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-07 00:24 . 2004-08-10 20:00 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-07 00:23 . 2004-08-10 20:00 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-07 00:23 . 2004-08-10 20:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:01 . 2004-08-10 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:37 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:37 . 2004-08-10 20:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-25 10:23 . 2008-12-21 14:29 411368 -c--a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 15:08 . 2004-08-10 20:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll

2006-04-06 23:29 . 2006-04-06 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((( SnapShot_2009-10-04_14.43.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-06 02:52 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll

+ 2009-10-06 02:52 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll

+ 2009-10-04 16:02 . 2009-10-04 16:02 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2004-08-10 20:00 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll

+ 2004-08-10 20:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe

+ 2004-08-10 20:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll

+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2004-08-10 20:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll

+ 2004-08-10 20:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll

+ 2004-08-10 20:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll

+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2004-08-10 20:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\straka\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896]

"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"EPSON Stylus CX3800 Series on Office (from LENA-PC)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]

"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-03-09 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\straka\\Application Data\\VuzeStream\\VuzeStream.exe"=

"c:\\Documents and Settings\\straka\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"67:UDP"= 67:UDP:DHCP Discovery Service

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/5/2009 5:07 PM 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/5/2009 5:07 PM 234888]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/1/2009 10:32 PM 269648]

R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [12/27/2007 4:39 PM 51816]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/10/2008 8:15 PM 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/1/2009 10:32 PM 19160]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [12/18/2008 5:56 PM 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [12/18/2008 5:56 PM 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [12/18/2008 5:56 PM 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [12/18/2008 5:56 PM 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [12/18/2008 5:56 PM 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [12/18/2008 5:56 PM 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [12/18/2008 5:56 PM 115752]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL =

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk

Trusted Zone: turbotax.com

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://mydesktop.swacorp.com/dana-cached/sc/JuniperSetupClient.cab

FF - ProfilePath - c:\documents and settings\straka\Application Data\Mozilla\Firefox\Profiles\voeznei8.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - plugin: c:\documents and settings\straka\Application Data\VuzeStream\NetscapePlugin1.0.2.9\npVuzeStream.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-06 20:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4068441832-866955680-4070757987-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a9,2f,79,61,21,af,1f,bb,ca,65,43,e7,03,fc,f8,e0,5a,30,5b,76,39,a0,08,

43,fd,db,33,9b,70,b9,25,42,3e,87,aa,4f,35,77,9c,ce,cc,20,d1,7d,38,98,22,8a,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

.

Completion time: 2009-10-07 20:30

ComboFix-quarantined-files.txt 2009-10-07 01:29

ComboFix2.txt 2009-10-04 14:46

ComboFix3.txt 2009-09-03 03:15

Pre-Run: 79,858,987,008 bytes free

Post-Run: 79,832,088,576 bytes free

255 --- E O F --- 2009-09-10 08:04

Upload was successful

[strakats]

Scanning Report

Tuesday, October 6, 2009 20:56:58 - 21:48:34

Computer name: OFFICE

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\

17 malware found

TrackingCookie.Questionmarket (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

Gen:Trojan.Heur.GM (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Mediaplex (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

Exploit.PDF-JS.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted)

Trojan.SWF.Dropper.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted)

Gen:Trojan.Heur.GM.5044800000 (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMP\SHELL32.DLL (Not cleaned)

Exploit.PDF-JS.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted)

Trojan.SWF.Dropper.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted)

Gen:Trojan.Heur.GM.5044800000 (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMP\SHELL32.DLL (Renamed & Submitted)

Exploit.PDF-JS.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted)

Trojan.SWF.Dropper.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted)

Statistics

Scanned:

* Files: 98618

* System: 4114

* Not scanned: 10

Actions:

* Disinfected: 9

* Renamed: 7

* Deleted: 0

* Not cleaned: 1

* Submitted: 7

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS

* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS

* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD0797.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

[strakats]

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

McAfee VirusScan Enterprise

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

HijackThis 2.0.2

Java 6 Update 15

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 7.1.0

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe is disabled!

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[strakats]

Internet Explorer still hangs but Foxfire works. Hard drive appears to be continuously churning away.

[strakats]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:21:07 AM, on 10/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\DynDNS Updater\DynDNS.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dumprep.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9865 bytes

[strakats]

Also can't download updates from Malwarebytes application.

[screen317]

Hi,

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

• 
  
• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  

Let me know if you decided to uninstall it.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java™ 6 Update 15

Java™ SE Runtime Environment 6 Update 1

Java™ 6 Update 2

Java™ 6 Update 3

Java™ 6 Update 5

Java™ 6 Update 7

Adobe Reader 7.1.0

Restart your computer.

Get the latest version of Java and Adobe Reader.

Also can't download updates from Malwarebytes application.

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.

2. Restart your computer (very important).

3. Download and run this utility.

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version from here.

Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased it.

See if it will update now.

Also, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  zwebauth.dll

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

-screen317

[strakats]

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 21:22 on 07/10/2009 by straka (Administrator - Elevation successful)

========== filefind ==========

Searching for "zwebauth.dll"

C:\WINDOWS\system32\ZWebAuth.dll --a--c 16973 bytes [01:02 13/05/2006] [23:37 18/09/2001] A1CC9E1DB0840F4DB88AF99CB584971D

-=End Of File=-

[strakats]

Issues:

IE won't load web pages

Malware won't update

Java install won't run

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee VirusScan Enterprise

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Adobe Flash Player 10

``````````````````````````````

Process Check:

objlist.exe by Laurent

McAfee VirusScan Enterprise Mcshield.exe

McAfee VirusScan Enterprise VsTskMgr.exe

McAfee VirusScan Enterprise SHSTAT.EXE

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[strakats]

The pc also becomes unresponsive after sitting idle for while

[strakats]

Whatever's got the hard drive churning away, like its being scanned, has got to be the culprit.

[screen317]

Okay I'm going to need some more details here about the issues you're experiencing.

IE won't load web pages

Your version of IE is out of date anyway. Go to Microsoft Update, and download all updates, including IE8.

Malware won't update

What happens when you try to update it?

Java install won't run

What happens when you try to run the Java install?

Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

[strakats]

Pretty sure all the problems I'm encountering are interrelated.

Malwarebytes: When I Check for Updates the updating window opens but just sits there Connecting to malwarebyes.org. McAfee behaves the same way when trying to acquire updates.

Java Install: When I run the install (jxpiinstall.exe) you briefly get an hourglass and that's it. Windows Task Manager shows the executable as an active process but nothing ever happens.

[screen317]

How are you connected to the Internet? This seems like a connection issue more than anything.

[strakats]

That wouldn't explain why I can use IE and get Malwarebytes updates in Safe Mode

[screen317]

Ah okay.

Since it works in Safe Mode and not Normal Mode, it means that something running on startup it preventing it from functioning properly. This next task is going to be tedious, but it will identify the culprit.

Navigate to Start --> Run, type in MSConfig and press Enter.

Under the Startup tab, click Disable All. Press OK.

Restart your computer and see if the issues still remain in Normal Mode.

If so, it means one of the startup items is responsible, so now you'll need to enable each individually until you find the one which triggers the issue again.

Let me know how it goes.

-screen317