Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Help Me Please

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    9

    Exclamation Help Me Please

    I am having some serious problems with my computer. It always freezes up when I try to run scans with Spybot and any other programs and when it freezes up sometimes something inside my CPU (not my speakers) will give a loud continuous beep. Any ways.. here is my HJT log on a normal system start up please take a look and tell me if you see anything. Thanks


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:40:44 PM, on 7/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [WinVNC] "C:\Documents and Settings\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
    O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [FeatherSoft Windows Hider] "C:\Program Files\FeatherSoft Windows Hider\hideme.exe" /startMin
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143051743265
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

    --
    End of file - 12436 bytes

  2. #2
    Emeritus- Malware Team
    Join Date
    Oct 2008
    Location
    Cornwall, UK
    Posts
    592

    Default

    Hello and Welcome to forums!

    My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:


    • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine.
    • I f you don't know or understand something please don't hesitate to ask.
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Absence of symptoms does not mean that everything is clear.



    No Reply Within 5 Days Will Result In Your Topic Being Closed!!
    MRU Master of Malware Removal University

    Member of UNITE and ASAP

  3. #3
    Emeritus- Malware Team
    Join Date
    Oct 2008
    Location
    Cornwall, UK
    Posts
    592

    Default

    Use of P2P (Person to Person) file sharing programs

    I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitTorrent DNA

    Please read HERE the Safer Networking Forums policy on the use of P2P file sharing programs. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.

    NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
    STEP 1

    Download DDS

    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop from:

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply




    STEP 2


    RootRepeal - Rootkit Detector

    Download RootRepeal.zip and unzip it to your Desktop.


    • Double click RootRepeal.exe to start the program
    • Click on the Report tab at the bottom of the program window
    • Clickthe Scan button
    • In the Select Scan dialog, check:
      • Drivers
      • Files
      • Processes
      • SSDT
      • Stealth Objects
      • Hidden Services

    • Click the OK button
    • In the next dialog, select all drives showing
    • Click OK to start the scan

      The scan can take some time. DO NOT run any other programs while the scan is running
    • When the scan is complete, the Save Report button will become available
    • Click this and save the report to your Desktop as RootRepeal.txt
    • Go to File, then Exit to close the program




    Next Reply

    Please reply with:

    • DDS.txt
    • Attach.txt
    • RootRepeal.txt
    MRU Master of Malware Removal University

    Member of UNITE and ASAP

  4. #4
    Junior Member
    Join Date
    Dec 2008
    Posts
    9

    Arrow Reply 1

    Thank you for responding! I got rid of the DNA thing from Bittorrent like you said and here are those reports you asked for:

    DDS:


    DDS (Ver_09-06-26.01) - NTFSx86
    Run by MOM and DAD at 19:14:05.06 on Wed 07/08/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.536 [GMT -7:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\MOM and DAD\Desktop\Forum Stuff\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: turbotax.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143051743265
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\momand~1\applic~1\mozilla\firefox\profiles\oqlefedq.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-15 327688]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-15 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-15 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-15 298776]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-8 47640]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-6-21 1373480]
    R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2008-2-27 53307]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
    S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================

    2009-07-08 19:01 <DIR> --d----- c:\temp\cs630_XP
    2009-07-08 19:01 <DIR> --d----- C:\temp
    2009-07-06 20:40 <DIR> --d----- c:\program files\Trend Micro
    2009-07-06 16:23 <DIR> --d----- c:\windows\system32\dllcache\cache
    2009-07-06 16:16 155,136 a------- c:\windows\PEV.exe
    2009-07-06 16:16 <DIR> --ds---- C:\ComboFix
    2009-07-04 10:20 664 a------- c:\windows\system32\d3d9caps.dat
    2009-07-01 09:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2009-06-25 20:31 <DIR> --d----- c:\docume~1\momand~1\applic~1\WinFF
    2009-06-25 20:26 <DIR> --d----- c:\docume~1\momand~1\applic~1\MPEG Streamclip
    2009-06-25 20:20 <DIR> --d----- c:\program files\iPod
    2009-06-25 20:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-25 20:20 <DIR> --d----- c:\program files\iTunes
    2009-06-25 20:18 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
    2009-06-25 20:18 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
    2009-06-24 21:48 <DIR> --d----- c:\program files\Yahoo!
    2009-06-21 20:02 <DIR> --d----- c:\docume~1\momand~1\applic~1\ritePen
    2009-06-21 19:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Rosetta Stone
    2009-06-21 19:37 <DIR> --d----- c:\program files\Rosetta Stone
    2009-06-21 17:29 <DIR> --d----- c:\docume~1\momand~1\applic~1\WTablet
    2009-06-21 17:29 1,380,680 -------- c:\windows\system32\PenTablet.znc
    2009-06-21 17:29 2,684,200 -------- c:\windows\system32\PenTablet.cpl
    2009-06-21 17:27 11,440 a------- c:\windows\system32\drivers\WacomVKHid.sys
    2009-06-21 17:27 12,848 a------- c:\windows\system32\drivers\wacomvhid.sys
    2009-06-21 17:27 11,312 a------- c:\windows\system32\drivers\wacommousefilter.sys
    2009-06-21 17:27 <DIR> --d----- c:\windows\system32\WTablet
    2009-06-21 17:27 1,373,480 -------- c:\windows\system32\Pen_Tablet.exe
    2009-06-21 17:27 181,544 -------- c:\windows\system32\Wintab32.dll
    2009-06-21 17:27 128,296 -------- c:\windows\system32\Pen_Tablet.dll
    2009-06-21 17:27 <DIR> --d----- c:\program files\Tablet
    2009-06-16 17:38 <DIR> --d----- c:\program files\FeatherSoft Windows Hider
    2009-06-13 23:42 <DIR> --d----- c:\program files\Moffsoft FreeCalc
    2009-06-09 16:09 <DIR> --d----- c:\program files\Bonjour

    ==================== Find3M ====================

    2009-07-02 08:50 34 a------- c:\documents and settings\mom and dad\jagex_runescape_preferences.dat
    2009-07-01 09:42 11,952 a------- c:\windows\system32\avgrsstx.dll
    2009-07-01 09:42 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-06-08 18:26 685,816 a------- c:\windows\system32\drivers\sptd.sys
    2009-05-15 22:54 81,984 a------- c:\windows\system32\bdod.bin
    2009-05-15 22:53 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
    2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
    2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
    2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
    2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
    2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
    2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
    2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
    2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll
    2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
    2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
    2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
    2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
    2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
    2009-04-24 22:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
    2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
    2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
    2009-04-15 12:11 98,304 a------- c:\windows\system32\CmdLineExt.dll
    2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
    2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
    2008-11-08 23:08 56 ---shr-- c:\windows\system32\491A85F95E.sys
    2008-11-08 23:08 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2008-09-21 07:39 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat

    ============= FINISH: 19:14:54.95 ===============






    Attach:



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-06-26.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/16/2006 12:44:46 PM
    System Uptime: 7/8/2009 7:07:59 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0YC523
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 145 GiB total, 107.097 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP90: 4/8/2009 6:00:16 PM - Software Distribution Service 3.0
    RP91: 4/9/2009 6:00:16 PM - Software Distribution Service 3.0
    RP92: 4/10/2009 8:41:29 AM - Avg8 Update
    RP93: 4/10/2009 6:00:34 PM - Software Distribution Service 3.0
    RP94: 4/11/2009 12:29:35 PM - Removed Google SketchUp 7
    RP95: 4/11/2009 12:42:05 PM - Removed BumpTop
    RP96: 4/11/2009 12:44:21 PM - Removed Corel Photo Album 6
    RP97: 4/11/2009 12:45:36 PM - Removed LogMeIn
    RP98: 4/11/2009 12:46:22 PM - Removed Project64 1.6
    RP99: 4/11/2009 12:49:43 PM - Software Distribution Service 3.0
    RP100: 4/11/2009 6:00:16 PM - Software Distribution Service 3.0
    RP101: 4/12/2009 6:00:15 PM - Software Distribution Service 3.0
    RP102: 4/13/2009 6:00:18 PM - Software Distribution Service 3.0
    RP103: 4/14/2009 6:00:19 PM - Software Distribution Service 3.0
    RP104: 4/14/2009 9:01:42 PM - Installed Age of Empires III
    RP105: 4/15/2009 12:03:54 PM - Installed RollerCoaster Tycoon 2
    RP106: 4/15/2009 10:43:29 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP107: 4/15/2009 10:45:12 PM - Installed DirectX
    RP108: 4/16/2009 6:00:37 PM - Software Distribution Service 3.0
    RP109: 4/16/2009 6:13:23 PM - Avg8 Update
    RP110: 4/17/2009 6:00:36 PM - Software Distribution Service 3.0
    RP111: 4/18/2009 6:00:19 PM - Software Distribution Service 3.0
    RP112: 4/19/2009 6:00:18 PM - Software Distribution Service 3.0
    RP113: 4/19/2009 6:18:00 PM - Removed RollerCoaster Tycoon 2
    RP114: 4/19/2009 6:18:40 PM - Installed RollerCoaster Tycoon 2
    RP115: 4/20/2009 6:00:16 PM - Software Distribution Service 3.0
    RP116: 4/20/2009 9:18:50 PM - Software Distribution Service 3.0
    RP117: 4/21/2009 6:00:17 PM - Software Distribution Service 3.0
    RP118: 4/22/2009 6:00:15 PM - Software Distribution Service 3.0
    RP119: 4/22/2009 9:01:42 PM - Software Distribution Service 3.0
    RP120: 4/23/2009 7:13:17 PM - Software Distribution Service 3.0
    RP121: 4/24/2009 6:00:17 PM - Software Distribution Service 3.0
    RP122: 4/25/2009 10:13:34 PM - System Checkpoint
    RP123: 4/28/2009 9:41:43 PM - Installed Jitbit Macro Recorder LITE
    RP124: 4/28/2009 10:08:36 PM - Software Distribution Service 3.0
    RP125: 4/29/2009 11:02:47 PM - System Checkpoint
    RP126: 5/1/2009 6:27:56 PM - Avg8 Update
    RP127: 5/1/2009 6:29:07 PM - Avg8 Update
    RP128: 5/1/2009 10:43:49 PM - Installed Dragon NaturallySpeaking 9
    RP129: 5/2/2009 12:02:57 PM - Removed Dragon NaturallySpeaking 9
    RP130: 5/2/2009 4:20:42 PM - Installed Symantec pcAnywhere.
    RP131: 5/3/2009 6:02:36 PM - Installed Windows XP Wudf01007.
    RP132: 5/3/2009 6:03:36 PM - Installed Windows XP winusb0100.
    RP133: 5/3/2009 6:54:22 PM - Removed Age of Empires III
    RP134: 5/3/2009 7:05:11 PM - Removed RollerCoaster Tycoon 2
    RP135: 5/14/2009 8:45:40 PM - Avira AntiVir Personal - 5/14/2009 20:44
    RP136: 5/14/2009 8:49:55 PM - Installed BitDefender Free Edition v10
    RP137: 5/15/2009 10:53:01 PM - Installed AVG Free 8.5
    RP138: 5/15/2009 10:56:32 PM - Removed BitDefender Free Edition v10
    RP139: 5/17/2009 11:52:20 AM - Software Distribution Service 3.0
    RP140: 5/18/2009 3:24:09 PM - Avg8 Update
    RP141: 5/18/2009 3:25:22 PM - Avg8 Update
    RP142: 5/19/2009 9:32:04 PM - System Checkpoint
    RP143: 5/21/2009 4:59:44 PM - System Checkpoint
    RP144: 5/22/2009 5:40:17 PM - System Checkpoint
    RP145: 5/23/2009 10:16:18 PM - System Checkpoint
    RP146: 5/25/2009 12:35:13 AM - System Checkpoint
    RP147: 5/25/2009 12:56:59 PM - Installed Rosetta Stone Version 3
    RP148: 5/26/2009 9:21:52 PM - System Checkpoint
    RP149: 5/29/2009 6:24:28 PM - System Checkpoint
    RP150: 5/30/2009 4:34:34 PM - WS RESTORE POINT
    RP151: 5/31/2009 6:58:34 PM - System Checkpoint
    RP152: 6/1/2009 9:32:51 PM - Installed Brother MFL-Pro Suite
    RP153: 6/4/2009 5:14:18 PM - System Checkpoint
    RP154: 6/5/2009 5:24:23 PM - System Checkpoint
    RP155: 6/6/2009 4:18:16 PM - Installed BumpTop
    RP156: 6/7/2009 6:11:04 PM - System Checkpoint
    RP157: 6/8/2009 6:26:05 PM - SPTD setup V1.50
    RP158: 6/9/2009 5:11:48 PM - Installed QuickTime
    RP159: 6/10/2009 6:44:27 PM - System Checkpoint
    RP160: 6/11/2009 7:58:38 PM - System Checkpoint
    RP161: 6/12/2009 8:58:38 PM - System Checkpoint
    RP162: 6/13/2009 9:23:31 PM - System Checkpoint
    RP163: 6/15/2009 9:36:39 AM - System Checkpoint
    RP164: 6/16/2009 9:39:33 AM - System Checkpoint
    RP165: 6/17/2009 10:03:46 AM - System Checkpoint
    RP166: 6/18/2009 11:16:11 AM - Installed DirectX 9.0
    RP167: 6/18/2009 12:08:29 PM - Removed BumpTop
    RP168: 6/18/2009 12:15:09 PM - Removed Rosetta Stone Version 3
    RP169: 6/19/2009 2:24:19 PM - System Checkpoint
    RP170: 6/21/2009 7:03:15 PM - System Checkpoint
    RP171: 6/21/2009 7:37:39 PM - Installed Rosetta Stone Version 3
    RP172: 6/21/2009 8:01:54 PM - Installed ritePen
    RP173: 6/23/2009 12:06:43 PM - System Checkpoint
    RP174: 6/24/2009 6:53:03 PM - System Checkpoint
    RP175: 6/25/2009 8:20:33 PM - Installed iTunes
    RP176: 6/26/2009 9:02:56 PM - System Checkpoint
    RP177: 6/27/2009 9:26:56 PM - System Checkpoint
    RP178: 6/28/2009 10:14:56 PM - System Checkpoint
    RP179: 6/29/2009 10:50:56 PM - System Checkpoint
    RP180: 6/30/2009 11:26:56 PM - System Checkpoint
    RP181: 7/1/2009 9:41:15 AM - Avg8 Update
    RP182: 7/1/2009 9:42:34 AM - Avg8 Update
    RP183: 7/2/2009 10:41:22 AM - System Checkpoint
    RP184: 7/3/2009 12:58:59 PM - System Checkpoint
    RP185: 7/4/2009 12:19:36 PM - Removed ritePen
    RP186: 7/5/2009 7:55:25 PM - Installed Ad-Aware
    RP187: 7/6/2009 4:36:22 PM - Software Distribution Service 3.0
    RP188: 7/6/2009 4:44:45 PM - Removed Ad-Aware
    RP189: 7/8/2009 6:45:05 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    ĩTorrent
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Reader 8.1.4
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AnswerWorks 4.0 Runtime - English
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    AVG Free 8.5
    Bonjour
    Brother MFL-Pro Suite
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    Cheat Engine 5.5
    Clear Cache feature for Internet Explorer
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Support 3.1
    Dell System Restore
    Digital Content Portal
    GearDrvs
    Google
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Updater
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 3
    Jitbit Macro Recorder LITE
    LG USB Modem driver
    Linksys Wireless-N USB Network Adapter WUSB300N
    Macromedia Flash Player
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft MPEG-4 VKI Video Codec V1/V2/V3
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Office Small Business Accounting 2006
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft WinUsb 1.0
    Moffsoft FreeCalc
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.0.11)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    NVIDIA Drivers
    Pen Tablet
    PopCap Browser Plugin
    PowerISO
    Qualxserve Service Agreement
    QuickBooks Pro 2008
    QuickTime
    Rosetta Stone Version 3
    Roxio DLA
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    SBA
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Skins
    Sonic Activation Module
    Source Dedicated Server
    Spybot - Search & Destroy
    Steam
    SupportSoft Assisted Service
    Team Fortress 2 Dedicated Server
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    URL Assistant
    Viewpoint Media Player
    VLC media player 0.9.9
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Zune
    Zune Desktop Theme
    Zune Language Pack (ES)
    Zune Language Pack (FR)

    ==== Event Viewer Messages From Past Week ========

    7/6/2009 9:03:07 PM, error: Service Control Manager [7000] - The SDDMI2 service failed to start due to the following error: The system cannot find the file specified.
    7/6/2009 8:27:24 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    7/6/2009 4:45:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
    7/6/2009 4:45:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the aawservice service.
    7/6/2009 4:37:08 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
    7/6/2009 4:16:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
    7/6/2009 4:15:09 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    7/5/2009 6:41:01 PM, error: System Error [1003] - Error code 100000d1, parameter1 10040128, parameter2 00000002, parameter3 00000000, parameter4 85d0ba32.
    7/5/2009 5:14:02 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    7/4/2009 12:23:33 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    7/3/2009 4:21:56 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8D6BA4C5-4331-48FF-A8. The master browser is stopping or an election is being forced.
    7/3/2009 4:04:45 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0013720DA56B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/2/2009 3:03:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    ==== End Of File ===========================







    RootRepeal:


    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Time: 2009/07/08 19:18
    Program Version: Version 1.3.0.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: ati1r2k.sys
    Image Path: C:\WINDOWS\system32\drivers\ati1r2k.sys
    Address: 0xEB67B000 Size: 476672 File Visible: No Signed: -
    Status: -

    Name: cdfsex.sys
    Image Path: cdfsex.sys
    Address: 0xF78A2000 Size: 20480 File Visible: No Signed: -
    Status: -

    Name: dump_iastor.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
    Address: 0xEB5A6000 Size: 872448 File Visible: No Signed: -
    Status: -

    Name: PCI_NTPNP7634
    Image Path: \Driver\PCI_NTPNP7634
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xB78D9000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: usbnt.sys
    Image Path: C:\WINDOWS\system32\drivers\usbnt.sys
    Address: 0xF791A000 Size: 18944 File Visible: No Signed: -
    Status: -

    Hidden/Locked Files
    -------------------
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!

    Path: C:\WINDOWS\system32\locals32.dll
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\asr_svr.exe
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\sfccache.dll
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\iasx86.dll
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\drivers\cdfsex.sys
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\drivers\usbnt.sys
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\drivers\ati1r2k.sys
    Status: Invisible to the Windows API!

    Path: c:\documents and settings\mom and dad\local settings\temp\etilqs_aaqaifidzcp8phez6zco
    Status: Allocation size mismatch (API: 32768, Raw: 0)

    Path: c:\documents and settings\mom and dad\local settings\temp\etilqs_oyuhuzufhdmjydfkfyl6
    Status: Allocation size mismatch (API: 65536, Raw: 32768)

    SSDT
    -------------------
    #: 041 Function Name: NtCreateKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\ati1r2k.sys" at address 0xeb6890c4

    #: 071 Function Name: NtEnumerateKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\ati1r2k.sys" at address 0xeb6899f6

    #: 073 Function Name: NtEnumerateValueKey
    Status: Hooked by "sptd.sys" at address 0xf742e340

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\ati1r2k.sys" at address 0xeb689050

    #: 160 Function Name: NtQueryKey
    Status: Hooked by "sptd.sys" at address 0xf742e418

    #: 177 Function Name: NtQueryValueKey
    Status: Hooked by "sptd.sys" at address 0xf742e298

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "sptd.sys" at address 0xf742e4aa

    Stealth Objects
    -------------------
    Object: Hidden Handle [Index: 1388, Type: File]
    Process: svchost.exe (PID: 1284) Address: 0x85458b78 Size: -

    Object: Hidden Module [Name: CFScan.dll]
    Process: QBCFMonitorService.exe (PID: 2356) Address: 0x009e0000 Size: 45056

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
    Process: System Address: 0x871ce1e8 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
    Process: System Address: 0x866c9790 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
    Process: System Address: 0x871d01e8 Size: 121

    Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
    Process: System Address: 0x866ef790 Size: 121

    Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
    Process: System Address: 0x866ef790 Size: 121

    Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x866ef790 Size: 121

    Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x866ef790 Size: 121

    Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
    Process: System Address: 0x866ef790 Size: 121

    Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x866ef790 Size: 121

    Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
    Process: System Address: 0x866ef790 Size: 121

    Object: Hidden Code [Driver: iastor, IRP_MJ_CREATE]
    Process: System Address: 0x871cf1e8 Size: 121

    Object: Hidden Code [Driver: iastor, IRP_MJ_CLOSE]
    Process: System Address: 0x871cf1e8 Size: 121

    Object: Hidden Code [Driver: iastor, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x871cf1e8 Size: 121

    Object: Hidden Code [Driver: iastor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x85786190 Size: 3699

    Object: Hidden Code [Driver: iastor, IRP_MJ_POWER]
    Process: System Address: 0x871cf1e8 Size: 121

    Object: Hidden Code [Driver: iastor, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x871cf1e8 Size: 121

    Object: Hidden Code [Driver: iastor, IRP_MJ_PNP]
    Process: System Address: 0x871cf1e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
    Process: System Address: 0x871601e8 Size: 121

    Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
    Process: System Address: 0x85eb2790 Size: 121

    Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
    Process: System Address: 0x85eb2790 Size: 121

    Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x85eb2790 Size: 121

    Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x85eb2790 Size: 121

    Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
    Process: System Address: 0x85eb2790 Size: 121

    Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
    Process: System Address: 0x85eb2790 Size: 121

    Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
    Process: System Address: 0x866e4408 Size: 121

    Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
    Process: System Address: 0x866e4408 Size: 121

    Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x866e4408 Size: 121

    Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x866e4408 Size: 121

    Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
    Process: System Address: 0x866e4408 Size: 121

    Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x866e4408 Size: 121

    Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
    Process: System Address: 0x866e4408 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
    Process: System Address: 0x85ef4790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_CREATE]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_CLOSE]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_READ]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_QUERY_INFORMATION]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_SET_INFORMATION]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_QUERY_VOLUME_INFORMATION]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_DIRECTORY_CONTROL]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_LOCK_CONTROL]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_CLEANUP]
    Process: System Address: 0x86613790 Size: 121

    Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_PNP]
    Process: System Address: 0x86613790 Size: 121

    Hidden Services
    -------------------
    Service Name: ati1r2k
    Image Path: system32\drivers\ati1r2k.sys

    Service Name: cdfsex
    Image Path: C:\WINDOWS\system32\drivers\cdfsex.sys

    Service Name: usbnt
    Image Path: C:\WINDOWS\system32\drivers\usbnt.sys

    ==EOF==

  5. #5
    Emeritus- Malware Team
    Join Date
    Oct 2008
    Location
    Cornwall, UK
    Posts
    592

    Default

    Hello!

    Have you run Combofix on this machine?


    ATF-Cleaner

    Please download ATF Cleaner by Atribune.


    • Save it to your desktop
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

      If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords please click No at the prompt.
    • Click Exit on the Main menu to close the program.





    Malwarebytes' Anti-Malware

    Please download Malwarebytes Anti-Malware and save it to your desktop.




    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware

    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the Perform Full Scan option is selected.
      • Then click on the Scan button.

    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    Kaspersky Online Scan

    You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


    • Please go to Kaspersky website and perform an online antivirus scan.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives

    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply along with a fresh HijackThis log.





    Logs/Information to Post in Next Reply

    Please post the following logs/Information in your reply:

    • Answer to My question
    • Malwarebytes Antimalware log
    • Kaspersky Log
    • A fresh HijackThis Log ( after all the above has been done)
    • A description of how your computer is behaving
    MRU Master of Malware Removal University

    Member of UNITE and ASAP

  6. #6
    Junior Member
    Join Date
    Dec 2008
    Posts
    9

    Arrow Reply 2

    Answer to question:

    Yes, I have run combofix on this computer before. I used it when I had a virus earlier and was told to do so by a professional and once before on my own.



    Description of Computers Behavior:

    The biggest problem with my computer is it freezes. Whenever I'm working on something or browsing the internet, it randomly freezes. When it freezes, I cannot use ctrl-alt-delete because it it just completely frozen up. This forces me to just restart my system by holding down my CPU's power button for a few seconds. Sometimes my monitor will go blank for a second and come back on with the blue windows error screen and when I restart after that it says it has recovered from a serious error. Lastly, my computer is just running all around slow.

    Malwarebytes Log:

    Malwarebytes' Anti-Malware 1.38
    Database version: 2401
    Windows 5.1.2600 Service Pack 3

    7/9/2009 3:43:31 PM
    mbam-log-2009-07-09 (15-43-31).txt

    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 207399
    Time elapsed: 59 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\mom and dad\my documents\Elite\my pictures\ek_setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\documents and settings\mom and dad\my documents\Elite\my pictures\_logviewer\logs viewer.exe (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP154\A0037117.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP156\A0037207.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP156\A0037208.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP166\A0038048.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP128\A0029818.rbf (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP128\A0029903.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
    c:\windows\system32\locals32.dll (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
    c:\windows\system32\asr_svr.exe (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
    c:\windows\system32\iasx86.dll (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
    c:\windows\system32\drivers\cdfsex.sys (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
    c:\windows\system32\drivers\usbnt.sys (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
    c:\windows\system32\drivers\ati1r2k.sys (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.






    Kaspersky Log:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Thursday, July 9, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Friday, July 10, 2009 02:39:28
    Records in database: 2453139
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: no

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Files scanned: 88349
    Threat name: 2
    Infected objects: 2
    Suspicious objects: 0
    Duration of the scan: 02:11:03


    File name / Threat name / Threats count
    C:\Documents and Settings\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.l 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcecjbffmigojealcfemsjjfcwuaoctsak.dll.vir Infected: Trojan-Clicker.Win32.Small.aea 1

    The selected area was scanned.






    Fresh HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:57:51 PM, on 7/9/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143051743265
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

    --
    End of file - 9263 bytes

  7. #7
    Emeritus- Malware Team
    Join Date
    Oct 2008
    Location
    Cornwall, UK
    Posts
    592

    Default

    Hello!

    Thank you for your reply. As the Combofix has been run previously we need to uninstall it and the run it again.

    STEP 1

    Download ComboFix

    Download ComboFix from one of these locations on to your desktop:

    Link 1
    Link 2
    Link 3

    STEP 2


    • Delete ComboFix and Clean Up
      Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)

      Please advise if this step is missed for any reason as it performs some important actions.




    STEP 3

    Download and Run ComboFix

    Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX


    • You must download it to and run it from your Desktop
    • ComboFix SHOULD NOT be used unless requested by a forum helper.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE
    • Double click on ComboFix.exe and follow the prompts.
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    • Combofix should never take more that 20 minutes including the reboot if malware is detected.



    IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.


    Next Reply

    Please reply with:

    • ComboFix log (found at C:\Combofix.txt)
    • New HijackThis log
    MRU Master of Malware Removal University

    Member of UNITE and ASAP

  8. #8
    Junior Member
    Join Date
    Dec 2008
    Posts
    9

    Arrow Reply 3

    Thank you for all of your help so far! Here is what you asked for:



    Combofix Log:

    ComboFix 09-07-09.08 - MOM and DAD 07/10/2009 9:14.5.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.531 [GMT -7:00]
    Running from: c:\documents and settings\MOM and DAD\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\test.txt
    c:\windows\Downloaded Program Files\popcaploader.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
    .

    2009-07-10 04:37 . 2003-01-27 22:26 57856 ----a-w- c:\windows\Fce32.dll
    2009-07-10 04:37 . 2000-11-12 04:01 389120 ----a-w- c:\windows\system32\ImgX4.dll
    2009-07-10 04:37 . 2000-11-12 03:12 675840 ----a-w- c:\windows\system32\_ISource2.dll
    2009-07-10 04:37 . 2003-01-27 22:26 57856 ----a-w- c:\windows\system32\Fce32.dll
    2009-07-10 04:37 . 2002-01-01 17:45 92672 ----a-w- c:\windows\system32\See32.dll
    2009-07-10 04:37 . 2004-10-04 20:14 45056 ----a-w- c:\windows\system32\offer.exe
    2009-07-10 04:37 . 2009-07-10 16:04 -------- d-----w- c:\program files\Easy Web Cam
    2009-07-09 23:20 . 2009-07-09 23:20 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AskToolbar
    2009-07-09 23:06 . 2009-07-09 23:05 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-09 23:05 . 2009-07-09 23:05 152576 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
    2009-07-09 21:39 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-09 21:39 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-09 21:39 . 2009-07-09 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-09 03:08 . 2009-07-09 03:08 -------- d-----w- c:\program files\Ask.com
    2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\program files\ManyCam 2.4
    2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ManyCam
    2009-07-09 02:03 . 2001-10-05 23:02 102400 ----a-w- c:\windows\system32\icm10wui.dll
    2009-07-09 02:03 . 2001-10-05 23:02 94208 ----a-w- c:\windows\system32\icm10wia.dll
    2009-07-09 02:03 . 2001-10-05 23:01 14182 ----a-w- c:\windows\system32\drivers\icm10blk.sys
    2009-07-09 02:03 . 2001-10-05 22:57 282681 ----a-w- c:\windows\system32\icm10api.dll
    2009-07-09 02:03 . 2000-09-15 22:51 372736 ----a-w- c:\windows\system32\ijl15.dll
    2009-07-09 02:03 . 2001-10-05 23:02 65536 ----a-w- c:\windows\system32\ICM10reg.dll
    2009-07-09 02:03 . 2001-10-05 23:00 420870 ----a-w- c:\windows\system32\drivers\ICM10USB.sys
    2009-07-09 02:03 . 2001-10-05 22:56 266297 ----a-w- c:\windows\system32\ICM10EXT.dll
    2009-07-09 02:03 . 2001-10-05 22:56 110649 ----a-w- c:\windows\system32\ICM10com.dll
    2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2009-07-09 02:03 . 2001-10-05 23:00 3398 ----a-w- c:\windows\system32\drivers\icm10ply.sys
    2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- c:\temp\cs630_XP
    2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- C:\temp
    2009-07-07 06:04 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-07-07 04:03 . 2009-07-07 04:03 6041600 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\Release_01_3062.exe
    2009-07-07 04:03 . 2009-07-07 04:03 56320 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
    2009-07-07 04:03 . 2009-07-07 04:03 36864 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\DellSommelierFix.exe
    2009-07-07 04:03 . 2009-07-07 04:03 123138 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
    2009-07-07 03:40 . 2009-07-07 03:40 -------- d-----w- c:\program files\Trend Micro
    2009-07-04 17:20 . 2009-07-04 17:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-07-01 22:18 . 2009-07-01 22:18 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AVG Security Toolbar
    2009-07-01 16:42 . 2009-07-01 16:42 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
    2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
    2009-06-26 05:53 . 2009-06-26 05:53 637 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625225359.bat
    2009-06-26 03:32 . 2009-06-26 03:32 2278 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625203224.bat
    2009-06-26 03:31 . 2009-07-04 19:20 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WinFF
    2009-06-26 03:26 . 2009-06-26 03:26 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\MPEG Streamclip
    2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iPod
    2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iTunes
    2009-06-26 03:19 . 2009-06-26 03:19 -------- d-----w- c:\program files\QuickTime
    2009-06-26 03:18 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-06-26 03:18 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-26 03:17 . 2009-06-26 03:20 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-25 04:48 . 2009-07-04 19:20 -------- d-----w- c:\program files\Yahoo!
    2009-06-22 03:02 . 2009-06-22 03:02 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ritePen
    2009-06-22 02:37 . 2009-06-22 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
    2009-06-22 02:37 . 2009-06-22 02:37 -------- d-----w- c:\program files\Rosetta Stone
    2009-06-22 00:29 . 2009-07-10 16:01 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WTablet
    2009-06-22 00:27 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
    2009-06-22 00:27 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2009-06-22 00:27 . 2007-02-16 18:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\windows\system32\WTablet
    2009-06-22 00:27 . 2007-09-07 18:16 1373480 ------w- c:\windows\system32\Pen_Tablet.exe
    2009-06-22 00:27 . 2007-09-07 18:09 128296 ------w- c:\windows\system32\Pen_Tablet.dll
    2009-06-22 00:27 . 2007-09-07 17:55 181544 ------w- c:\windows\system32\Wintab32.dll
    2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\program files\Tablet
    2009-06-17 00:38 . 2009-07-06 00:15 -------- d-----w- c:\program files\FeatherSoft Windows Hider
    2009-06-14 06:42 . 2009-06-14 06:42 -------- d-----w- c:\program files\Moffsoft FreeCalc
    2009-06-11 22:03 . 2009-06-11 22:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-10 16:06 . 2009-05-05 04:21 -------- d-----w- c:\program files\Firefox
    2009-07-10 02:49 . 2008-05-29 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-07-09 23:05 . 2006-03-14 04:41 -------- d-----w- c:\program files\Java
    2009-07-09 22:45 . 2009-05-30 23:35 1090248 ----a-w- c:\windows\system32\sfccache.dll
    2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-06 03:03 . 2008-10-26 02:05 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\uTorrent
    2009-07-06 02:55 . 2009-05-03 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-07-02 15:50 . 2008-10-18 00:45 34 ----a-w- c:\documents and settings\MOM and DAD\jagex_runescape_preferences.dat
    2009-07-01 16:42 . 2009-05-16 05:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-07-01 16:42 . 2009-05-16 05:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-07-01 16:42 . 2009-05-16 05:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-26 03:21 . 2009-06-10 00:14 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Apple Computer
    2009-06-26 03:20 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-06-26 03:20 . 2009-06-09 23:09 -------- d-----w- c:\program files\Bonjour
    2009-06-22 18:26 . 2009-04-18 02:21 -------- d-----w- c:\program files\Cheat Engine
    2009-06-22 03:01 . 2006-03-14 04:45 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-22 02:38 . 2009-06-09 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-06-18 19:15 . 2008-10-01 04:55 -------- d-----w- c:\program files\Steam
    2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\program files\Apple Software Update
    2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-06-09 23:18 . 2007-09-06 03:29 33400 ----a-w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-09 23:09 . 2006-03-22 19:16 -------- d-----w- c:\program files\Common Files\Adobe
    2009-06-09 03:17 . 2009-04-01 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2009-06-09 01:26 . 2009-06-09 01:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-06-08 23:11 . 2009-06-02 04:31 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
    2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-03 00:50 . 2009-06-02 04:33 65 ----a-w- c:\windows\system32\BD8060.DAT
    2009-06-02 04:33 . 2009-06-02 04:32 -------- d-----w- c:\program files\Brother
    2009-06-02 04:32 . 2006-03-14 04:45 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-06-02 04:31 . 2009-06-02 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
    2009-05-30 23:47 . 2007-11-13 13:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-05-30 23:47 . 2009-05-30 23:38 91 ----a-w- c:\windows\system32\aticom.dat
    2009-05-27 04:59 . 2009-05-27 04:59 -------- d-----r- c:\documents and settings\MOM and DAD\Application Data\Brother
    2009-05-25 19:57 . 2009-05-25 19:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2009-05-23 03:10 . 2009-05-23 03:10 -------- d-----w- c:\program files\directx
    2009-05-23 03:04 . 2009-05-16 20:59 612 ----a-w- c:\windows\eReg.dat
    2009-05-23 02:38 . 2009-05-23 02:36 -------- d-----w- c:\program files\PowerISO
    2009-05-22 01:55 . 2009-05-16 05:53 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\AVGTOOLBAR
    2009-05-16 22:48 . 2009-05-16 22:44 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Any Video Converter
    2009-05-16 05:56 . 2009-05-15 03:49 -------- d-----w- c:\program files\Common Files\Softwin
    2009-05-16 05:54 . 2009-05-15 03:55 81984 ----a-w- c:\windows\system32\bdod.bin
    2009-05-16 05:53 . 2009-05-16 05:53 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-05-07 15:32 . 2004-08-11 23:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-05-03 00:34 . 2009-05-03 00:34 0 -c--a-w- c:\windows\system32\rn.tmp
    2009-04-29 04:56 . 2004-08-11 23:00 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:55 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_FE8D9346612A3FA1CA6C54.exe
    2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_8558C8A0BCDE26BB5381A1.exe
    2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_6FEFF9B68218417F98F549.exe
    2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_375698F2AAFD2C1E7FA1BC.exe
    2009-04-29 04:41 . 2009-04-29 04:41 1406 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_CE61F9F35DBEC87A3354B8.exe
    2009-04-20 00:10 . 2009-04-20 00:10 390664 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
    2009-04-17 12:26 . 2004-08-11 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 19:11 . 2008-10-23 04:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-04-15 14:51 . 2004-08-11 23:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2008-11-09 06:08 . 2006-04-05 20:38 56 --sh--r- c:\windows\system32\491A85F95E.sys
    2008-11-09 06:08 . 2006-04-05 20:38 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-02-26 18:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-10-09 249856]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
    "EasyFreeWebCam"="c:\progra~1\EASYWE~1\easywebcam.exe" [2009-01-12 1884160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-07-01 16:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BumpTop.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BumpTop.lnk
    backup=c:\windows\pss\BumpTop.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^MOM and DAD^Start Menu^Programs^Startup^BumpTop.lnk]
    path=c:\documents and settings\MOM and DAD\Start Menu\Programs\Startup\BumpTop.lnk
    backup=c:\windows\pss\BumpTop.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "winvnc"=2 (0x2)
    "ZuneNetworkSvc"=3 (0x3)
    "WMPNetworkSvc"=3 (0x3)
    "QBFCService"=3 (0x3)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
    "MDM"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=2 (0x2)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\motox822\\source 2007 dedicated server\\srcds.exe"=
    "c:\\Program Files\\Steam\\steamapps\\motox822\\team fortress 2\\hl2.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
    "zĪ|Î,‘|-‘|q-‘|x-‘|>"= zĪ|Î,‘|-‘|q-‘|x-‘|>:Nod32 Runtime
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Easy Web Cam\\easywebcam.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/15/2009 10:53 PM 327688]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/15/2009 10:53 PM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/15/2009 10:53 PM 298776]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3/8/2009 7:23 PM 47640]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [6/21/2009 5:27 PM 1373480]
    R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2/27/2008 8:11 PM 53307]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
    S0 cdfsex;cdfsex;c:\windows\system32\drivers\cdfsex.sys --> c:\windows\system32\drivers\cdfsex.sys [?]
    S1 ati1r2k;ati1r2k;c:\windows\system32\drivers\ati1r2k.sys --> c:\windows\system32\drivers\ati1r2k.sys [?]
    S1 usbnt;usbnt;c:\windows\system32\drivers\usbnt.sys --> c:\windows\system32\drivers\usbnt.sys [?]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2009-07-10 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-02 02:22]

    2009-07-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2009-02-26 18:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E8B} - c:\progra~1\EASYWE~1\easywebcam.exe
    Trusted Zone: turbotax.com
    FF - ProfilePath - c:\documents and settings\MOM and DAD\Application Data\Mozilla\Firefox\Profiles\oqlefedq.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-10 09:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3149744984-3560293793-1601873477-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D04B2C9-617C-D7FB-8978-839558E2F1F7}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "naabkjhddgnjldoedjfapccbbooe"=hex:6b,61,65,70,70,66,63,6e,6f,66,63,69,65,6d,
    66,61,61,6b,62,66,65,63,00,00
    "magjenmchjjaihbpacdhfnpgoc"=hex:6a,61,70,70,6c,69,69,6d,68,6d,6a,70,70,69,63,
    68,68,6f,68,6a,00,d2
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(852)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2009-07-10 9:21
    ComboFix-quarantined-files.txt 2009-07-10 16:21
    ComboFix2.txt 2009-07-06 23:24

    Pre-Run: 121,746,059,264 bytes free
    Post-Run: 121,807,949,824 bytes free

    298 --- E O F --- 2009-07-09 01:50








    New HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:34:14 AM, on 7/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143051743265
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

    --
    End of file - 9340 bytes

  9. #9
    Emeritus- Malware Team
    Join Date
    Oct 2008
    Location
    Cornwall, UK
    Posts
    592

    Default

    Hello!

    I would like to see any information that might be available from the first time you ran ComboFix.

    Step 1:
    Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folders:

    C:\qoobox In that folder you will find the ComboFix log files.

    Please post the contents of each of those log files in your next reply.


    I'd like you to check (a file/some files) for Viruses.



    c:\windows\system32\sfccache.dll


    • Copy/Paste file into the white Upload a file box.
    • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
    • After a while, a window will open, with details of what the scans found.
    • Copy and Paste results in your next reply.




    Run CFScript


    • Close any open browsers.
    • Open Notepad by click start
    • Click Run
    • Type notepad into the box and click enter
    • Notepad will open
    • Copy and Paste everything from the Code box into Notepad:



    Code:
    Drivers::
    cdfsex
    ati1r2k
    usbnt
    
    File::
    c:\windows\system32\drivers\usbnt.sys
    c:\windows\system32\drivers\ati1r2k.sys
    c:\windows\system32\drivers\cdfsex.sys
    c:\windows\system32\bdod.bin
    c:\windows\system32\rn.tmp
    c:\windows\Fce32.dll
    c:\windows\system32\ImgX4.dll
    c:\windows\system32\_ISource2.dll
    c:\windows\system32\Fce32.dll
    c:\windows\system32\See32.dll
    c:\windows\system32\offer.exe
    
    Folder::
    c:\documents and settings\MOM and DAD\Application Data\uTorrent
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    
    DDS::
    uURLSearchHooks: H - No File
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -
    • Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)

    • Refering to the picture below, drag CFScript into ComboFix.exe

    • When finished, it shall produce a log for you at C:\ComboFix.txt



    NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.



    Next Reply

    Please reply with:

    • ComboFix log (found at C:\Combofix.txt)
    • New HijackThis log
    MRU Master of Malware Removal University

    Member of UNITE and ASAP

  10. #10
    Junior Member
    Join Date
    Dec 2008
    Posts
    9

    Arrow Reply 4

    For some reason C:\qoobox only has one Combofix log on it and that was the one from my last post. This might have happened when I uninstalled combo fix like you told me to but I'm not sure.



    Virus Total:

    File sfccache.dll received on 2009.07.11 20:31:08 (UTC)
    Result: 0/41 (0%)



    CFScript Combofix log: (After this scan was run, a box came up that said Combofix had to send malware files to its servers for further analysis)

    ComboFix 09-07-09.08 - MOM and DAD 07/11/2009 13:34.6.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.559 [GMT -7:00]
    Running from: c:\documents and settings\MOM and DAD\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\MOM and DAD\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    FILE ::
    "c:\windows\Fce32.dll"
    "c:\windows\system32\_ISource2.dll"
    "c:\windows\system32\bdod.bin"
    "c:\windows\system32\drivers\ati1r2k.sys"
    "c:\windows\system32\drivers\cdfsex.sys"
    "c:\windows\system32\drivers\usbnt.sys"
    "c:\windows\system32\Fce32.dll"
    "c:\windows\system32\ImgX4.dll"
    "c:\windows\system32\offer.exe"
    "c:\windows\system32\rn.tmp"
    "c:\windows\system32\See32.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\MOM and DAD\Application Data\uTorrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By G-ADLVR_R7.rar.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\[PC] MTX Mototrax Motocross [RIP] [dopeman].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\1000+ Cell Phone Java Games.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Action Movie essentials.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Adobe After Effects CS3 Professional 2008 PC + Crack.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Age of Empire 3.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Allok MPEG4 Converter + { ++ CRACK ++ }.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Amberlin.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\ANBERLIN - DISCOGRAPHY [CHANNEL NEO].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Ardamax Keylogger v-4.8+serial.rar.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\AV Voice Changer Diamond 6 0 10 [h33t] [dinguskull].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\AVG Anti-Virus 8 Pro + key.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\AVG Antivirus 8 0 + serial (EXPIRES YEAR 2018) (CLEAN) [blaze69].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\AVG Antivirus 8 Pro + 12 Serials [EXPIRY YEAR 2025][h33t].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [Bubanee].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Blaze Media Pro 8.0.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Borat[2006]DvDrip.AC3[Eng]-aXXo.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\BumpTop.Pro.V1.2646-Madroach.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Civilization_IV.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\DAEMON Tools Pro 4.30.304 (32-64Bit-XP-ViSta).torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\dht.dat
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\dht.dat.old
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\DJ_dLux-dLectro-2009-MIXFIEND.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Dragon.Naturally.Speaking.9.51.Professional(French+all.English).setup+Readme.Serial.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Easy Window and System Tray Icons Hider v1.20.0-BEAN.exe.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Elite Keylogger 4.3.070.rar.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Eminem - Relapse [2009][CD+2 SkidVid_XviD+Cov]320Kbps.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Flight Simulator 2004 ISO - Repack By 108.iso.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Flo-Rida Feat. Kesha - Right Round [iVANA-XviD].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Fort_Minor-The_Rising_Tied-2005-XXL.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\GARRYS_MOD.iso.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Gran.Torino.2008.DvDRip-FxM.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Green Day - 21st Century Breakdown (Complete 320 kBps mp3) by ThE GEorGE.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\GTA San Andreas.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Harold.&.Kumar.Go.To.White.Castle[2004]DvDrip.AC3-aXXo.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Harry Potter and the Chamber of Secrets.7z.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Hollywood Undead - Swan Songs& Misc. Songs.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Incubus - Monuments And Melodies [CD Rip] [All Cov+2CD][Bubanee].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Jamie_Foxx_Ft_T-Pain-Blame_It-(Promo_VLS)-2009.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\jitbit.macro.recorder.4.1.0.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Kid Cudi - Day & Night.mp3.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Kings Of Leon - Only By The Night[2008][MP3@320kbps]-antecho.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Lavasoft Ad-Aware 2008 Pro 7.1.0.11 Final[h33t]-MasterUploader.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Lavasoft Ad-Aware 2008 Pro v7.1.0.11 (Reloaded).torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Left 4 Dead No-Steam Patch 1.0.1.1.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Left 4 Dead.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\MagicISO_Maker_5.5.272.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\MGMT - Oracular Spectacular [2008].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Microsoft Flight Simulator X deluxe.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Need For Speed - Hot Pursuit 2.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Need For Speed Hot Pursuit 2.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack.1.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\PC_GTA.SanAndreas -(rip)-(ToeD).torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Pennywise - Reason To Believe [Deluxe Edition].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Pennywise.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Pitbull-I_Know_You_Want_Me_(Calle_Ocho)-Promo_CDM-2009.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\PowerIso 4.4 (CLEAN) [blaze69].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\QuickTime Pro v7.60.92 for Windows XPVista.rar.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\resume.dat
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\resume.dat.old
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Rise_Against-Appeal_To_Reason-2008-RiSEAGAiNST.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Role Models.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Role.Models[2008][Unrated.Edition]DvDrip-aXXo.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Roller Coaster Tycoon 2.1.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Roller Coaster Tycoon 2.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Roller_Coaster_Tycoon_2(UG).torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Rosetta Stone V3.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\rss.dat
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\rss.dat.old
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\settings.dat
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\settings.dat.old
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Silent Keylogger v1.5 Uploaded By 3DPiMp.rar.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Spiderman 3 [2007] DvDRiP [ENG] - NEO.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Star Wars Battlefront [PC Game].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Superbad[2007][Unrated Editon]DvDrip[Eng]-FXG.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Symantec pcAnywhere v12.1.rar.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\T.I. - Paper Trail - (Explicit Retail-2008).torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\T.I. (Ft. Justin Timberlake) - Dead and Gone.mp3.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\The Hangover.2009.Cam-AlienFilms.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\The Killers - Day And Age [2008][CD+SkidVid_XviD+Cov].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\The Offspring - Rise and Fall Rage and Grace [2008].torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\The Smashing Pumpkins Greatest Hits.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\The.Simpsons.Movie[2007]DvDrip.AC3[Eng]-aXXo.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Top 40 singles USA 13 06 2009 KompletlyWyred DHZ Inc Release.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\UltraISO Premium Edition v9.3.3.2685 Retail-SHAREGO.rar.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Wanted.2008.DVDRIP-ZEKTORM.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Wanted[2008]DvDrip-aXXo.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\WinRAR_3.80_Professional.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Workspace Macro Pro - Automation Edition 6.0.4.7z.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Yes.Man.2008.DvDRip-FxM.torrent
    c:\documents and settings\MOM and DAD\Application Data\uTorrent\Zack And Miri Make A PornoDvDrip (CanusRG-pill).torrent
    C:\test.txt
    c:\windows\Fce32.dll
    c:\windows\system32\bdod.bin
    c:\windows\system32\Fce32.dll
    c:\windows\system32\ImgX4.dll
    c:\windows\system32\offer.exe
    c:\windows\system32\rn.tmp
    c:\windows\system32\See32.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
    .

    2009-07-10 04:37 . 2009-07-10 16:33 -------- d-----w- c:\program files\Easy Web Cam
    2009-07-09 23:20 . 2009-07-09 23:20 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AskToolbar
    2009-07-09 23:06 . 2009-07-09 23:05 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-09 23:05 . 2009-07-09 23:05 152576 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
    2009-07-09 21:39 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-09 21:39 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-09 21:39 . 2009-07-09 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-09 03:08 . 2009-07-09 03:08 -------- d-----w- c:\program files\Ask.com
    2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\program files\ManyCam 2.4
    2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ManyCam
    2009-07-09 02:03 . 2001-10-05 23:02 102400 ----a-w- c:\windows\system32\icm10wui.dll
    2009-07-09 02:03 . 2001-10-05 23:02 94208 ----a-w- c:\windows\system32\icm10wia.dll
    2009-07-09 02:03 . 2001-10-05 23:01 14182 ----a-w- c:\windows\system32\drivers\icm10blk.sys
    2009-07-09 02:03 . 2001-10-05 22:57 282681 ----a-w- c:\windows\system32\icm10api.dll
    2009-07-09 02:03 . 2000-09-15 22:51 372736 ----a-w- c:\windows\system32\ijl15.dll
    2009-07-09 02:03 . 2001-10-05 23:02 65536 ----a-w- c:\windows\system32\ICM10reg.dll
    2009-07-09 02:03 . 2001-10-05 23:00 420870 ----a-w- c:\windows\system32\drivers\ICM10USB.sys
    2009-07-09 02:03 . 2001-10-05 22:56 266297 ----a-w- c:\windows\system32\ICM10EXT.dll
    2009-07-09 02:03 . 2001-10-05 22:56 110649 ----a-w- c:\windows\system32\ICM10com.dll
    2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2009-07-09 02:03 . 2001-10-05 23:00 3398 ----a-w- c:\windows\system32\drivers\icm10ply.sys
    2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- c:\temp\cs630_XP
    2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- C:\temp
    2009-07-07 06:04 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-07-07 04:03 . 2009-07-07 04:03 6041600 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\Release_01_3062.exe
    2009-07-07 04:03 . 2009-07-07 04:03 56320 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
    2009-07-07 04:03 . 2009-07-07 04:03 36864 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\DellSommelierFix.exe
    2009-07-07 04:03 . 2009-07-07 04:03 123138 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
    2009-07-07 03:40 . 2009-07-07 03:40 -------- d-----w- c:\program files\Trend Micro
    2009-07-04 17:20 . 2009-07-04 17:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-07-01 22:18 . 2009-07-01 22:18 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AVG Security Toolbar
    2009-07-01 16:42 . 2009-07-01 16:42 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
    2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
    2009-06-26 05:53 . 2009-06-26 05:53 637 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625225359.bat
    2009-06-26 03:32 . 2009-06-26 03:32 2278 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625203224.bat
    2009-06-26 03:31 . 2009-07-04 19:20 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WinFF
    2009-06-26 03:26 . 2009-06-26 03:26 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\MPEG Streamclip
    2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iPod
    2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iTunes
    2009-06-26 03:19 . 2009-06-26 03:19 -------- d-----w- c:\program files\QuickTime
    2009-06-26 03:18 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-06-26 03:18 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-26 03:17 . 2009-06-26 03:20 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-25 04:48 . 2009-07-04 19:20 -------- d-----w- c:\program files\Yahoo!
    2009-06-22 03:02 . 2009-06-22 03:02 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ritePen
    2009-06-22 02:37 . 2009-06-22 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
    2009-06-22 02:37 . 2009-06-22 02:37 -------- d-----w- c:\program files\Rosetta Stone
    2009-06-22 00:29 . 2009-07-11 20:19 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WTablet
    2009-06-22 00:27 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
    2009-06-22 00:27 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2009-06-22 00:27 . 2007-02-16 18:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\windows\system32\WTablet
    2009-06-22 00:27 . 2007-09-07 18:16 1373480 ------w- c:\windows\system32\Pen_Tablet.exe
    2009-06-22 00:27 . 2007-09-07 18:09 128296 ------w- c:\windows\system32\Pen_Tablet.dll
    2009-06-22 00:27 . 2007-09-07 17:55 181544 ------w- c:\windows\system32\Wintab32.dll
    2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\program files\Tablet
    2009-06-17 00:38 . 2009-07-06 00:15 -------- d-----w- c:\program files\FeatherSoft Windows Hider
    2009-06-14 06:42 . 2009-06-14 06:42 -------- d-----w- c:\program files\Moffsoft FreeCalc
    2009-06-11 22:03 . 2009-06-11 22:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-11 20:31 . 2009-05-05 04:21 -------- d-----w- c:\program files\Firefox
    2009-07-11 05:51 . 2008-05-29 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-07-09 23:05 . 2006-03-14 04:41 -------- d-----w- c:\program files\Java
    2009-07-09 22:45 . 2009-05-30 23:35 1090248 ----a-w- c:\windows\system32\sfccache.dll
    2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-06 02:55 . 2009-05-03 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-07-02 15:50 . 2008-10-18 00:45 34 ----a-w- c:\documents and settings\MOM and DAD\jagex_runescape_preferences.dat
    2009-07-01 16:42 . 2009-05-16 05:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-07-01 16:42 . 2009-05-16 05:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-07-01 16:42 . 2009-05-16 05:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-26 03:21 . 2009-06-10 00:14 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Apple Computer
    2009-06-26 03:20 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-06-26 03:20 . 2009-06-09 23:09 -------- d-----w- c:\program files\Bonjour
    2009-06-22 18:26 . 2009-04-18 02:21 -------- d-----w- c:\program files\Cheat Engine
    2009-06-22 03:01 . 2006-03-14 04:45 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-22 02:38 . 2009-06-09 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-06-18 19:15 . 2008-10-01 04:55 -------- d-----w- c:\program files\Steam
    2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\program files\Apple Software Update
    2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-06-09 23:18 . 2007-09-06 03:29 33400 ----a-w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-09 23:09 . 2006-03-22 19:16 -------- d-----w- c:\program files\Common Files\Adobe
    2009-06-09 03:17 . 2009-04-01 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2009-06-09 01:26 . 2009-06-09 01:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-06-08 23:11 . 2009-06-02 04:31 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
    2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-03 00:50 . 2009-06-02 04:33 65 ----a-w- c:\windows\system32\BD8060.DAT
    2009-06-02 04:33 . 2009-06-02 04:32 -------- d-----w- c:\program files\Brother
    2009-06-02 04:32 . 2006-03-14 04:45 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-06-02 04:31 . 2009-06-02 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
    2009-05-30 23:47 . 2007-11-13 13:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-05-30 23:47 . 2009-05-30 23:38 91 ----a-w- c:\windows\system32\aticom.dat
    2009-05-27 04:59 . 2009-05-27 04:59 -------- d-----r- c:\documents and settings\MOM and DAD\Application Data\Brother
    2009-05-25 19:57 . 2009-05-25 19:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2009-05-23 03:10 . 2009-05-23 03:10 -------- d-----w- c:\program files\directx
    2009-05-23 03:04 . 2009-05-16 20:59 612 ----a-w- c:\windows\eReg.dat
    2009-05-23 02:38 . 2009-05-23 02:36 -------- d-----w- c:\program files\PowerISO
    2009-05-22 01:55 . 2009-05-16 05:53 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\AVGTOOLBAR
    2009-05-16 22:48 . 2009-05-16 22:44 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Any Video Converter
    2009-05-16 05:56 . 2009-05-15 03:49 -------- d-----w- c:\program files\Common Files\Softwin
    2009-05-16 05:53 . 2009-05-16 05:53 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-05-07 15:32 . 2004-08-11 23:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-04-29 04:56 . 2004-08-11 23:00 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:55 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_FE8D9346612A3FA1CA6C54.exe
    2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_8558C8A0BCDE26BB5381A1.exe
    2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_6FEFF9B68218417F98F549.exe
    2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_375698F2AAFD2C1E7FA1BC.exe
    2009-04-29 04:41 . 2009-04-29 04:41 1406 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_CE61F9F35DBEC87A3354B8.exe
    2009-04-20 00:10 . 2009-04-20 00:10 390664 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
    2009-04-17 12:26 . 2004-08-11 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 19:11 . 2008-10-23 04:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-04-15 14:51 . 2004-08-11 23:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2008-11-09 06:08 . 2006-04-05 20:38 56 --sh--r- c:\windows\system32\491A85F95E.sys
    2008-11-09 06:08 . 2006-04-05 20:38 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-07-10_16.19.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 20:19 . 2009-07-11 20:19 16384 c:\windows\temp\Perflib_Perfdata_90c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-02-26 18:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-10-09 249856]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-07-01 16:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BumpTop.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BumpTop.lnk
    backup=c:\windows\pss\BumpTop.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^MOM and DAD^Start Menu^Programs^Startup^BumpTop.lnk]
    path=c:\documents and settings\MOM and DAD\Start Menu\Programs\Startup\BumpTop.lnk
    backup=c:\windows\pss\BumpTop.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "winvnc"=2 (0x2)
    "ZuneNetworkSvc"=3 (0x3)
    "WMPNetworkSvc"=3 (0x3)
    "QBFCService"=3 (0x3)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
    "MDM"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=2 (0x2)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\motox822\\source 2007 dedicated server\\srcds.exe"=
    "c:\\Program Files\\Steam\\steamapps\\motox822\\team fortress 2\\hl2.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
    "zĪ|Î,‘|-‘|q-‘|x-‘|>"= zĪ|Î,‘|-‘|q-‘|x-‘|>:Nod32 Runtime
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/15/2009 10:53 PM 327688]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/15/2009 10:53 PM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/15/2009 10:53 PM 298776]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3/8/2009 7:23 PM 47640]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [6/21/2009 5:27 PM 1373480]
    R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2/27/2008 8:11 PM 53307]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
    S0 cdfsex;cdfsex;c:\windows\system32\drivers\cdfsex.sys --> c:\windows\system32\drivers\cdfsex.sys [?]
    S1 ati1r2k;ati1r2k;c:\windows\system32\drivers\ati1r2k.sys --> c:\windows\system32\drivers\ati1r2k.sys [?]
    S1 usbnt;usbnt;c:\windows\system32\drivers\usbnt.sys --> c:\windows\system32\drivers\usbnt.sys [?]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2009-07-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-02 02:22]

    2009-07-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2009-02-26 18:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: turbotax.com
    FF - ProfilePath - c:\documents and settings\MOM and DAD\Application Data\Mozilla\Firefox\Profiles\oqlefedq.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-11 13:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3149744984-3560293793-1601873477-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D04B2C9-617C-D7FB-8978-839558E2F1F7}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "naabkjhddgnjldoedjfapccbbooe"=hex:6b,61,65,70,70,66,63,6e,6f,66,63,69,65,6d,
    66,61,61,6b,62,66,65,63,00,00
    "magjenmchjjaihbpacdhfnpgoc"=hex:6a,61,70,70,6c,69,69,6d,68,6d,6a,70,70,69,63,
    68,68,6f,68,6a,00,d2
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(852)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2009-07-11 13:41
    ComboFix-quarantined-files.txt 2009-07-11 20:41
    ComboFix2.txt 2009-07-10 16:21
    ComboFix3.txt 2009-07-06 23:24

    Pre-Run: 121,768,325,120 bytes free
    Post-Run: 121,750,384,640 bytes free

    402 --- E O F --- 2009-07-09 01:50




    New HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:12:09 PM, on 7/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143051743265
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

    --
    End of file - 9233 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •