30 replies to this topic

[strakats]

Already ran malwarebytes and winsock fix

Please help...thank you!

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:05 PM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 7895 bytes

[screen317]

Hi and welcome to Malwarebytes.


Post the log from MBAM please.

Next, please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

[strakats]

ComboFix 09-10-03.01 - straka 10/04/2009 9:31.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.506 [GMT -5:00]
Running from: c:\documents and settings\straka\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\myce.reg
c:\documents and settings\All Users\Application Data\qekorovic.dll
c:\documents and settings\All Users\Documents\vifivi.sys
c:\documents and settings\straka\Application Data\vutusale.bat
c:\documents and settings\straka\Local Settings\Application Data\xawuxa.pif
c:\program files\Common Files\usotase.pif
c:\windows\subulynepo.exe
c:\windows\system32\afuwenoge.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\riwyb.dl
c:\windows\Temp\tmp3.tmp
c:\windows\tenek.sys
c:\windows\yhimil.reg

Infected copy of c:\windows\system32\drivers\dtscsi.sys was found and disinfected
Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 01:21 . 2009-10-04 01:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-04 00:33 . 2009-10-04 00:33 -------- d-----w- c:\program files\Trend Micro
2009-10-03 22:34 . 2009-10-03 22:34 -------- d-----w- c:\documents and settings\straka\Local Settings\Application Data\Mozilla
2009-10-03 20:53 . 2009-10-03 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\WINDOWS
2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\V-ONE
2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\UserData
2009-10-03 05:33 . 2008-03-18 01:50 421544 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\UDLL.dll
2009-10-03 05:33 . 2006-11-25 18:41 25600 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermptxp.sys
2009-10-03 05:33 . 2006-11-25 18:41 22768 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermpt.sys
2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Saved Games
2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\PrivacIE
2009-10-03 05:32 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\pool.bin
2009-10-03 05:29 . 2006-11-25 18:41 9232 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdfl.sys
2009-10-03 05:29 . 2006-11-25 18:41 92064 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdm.sys
2009-10-03 05:29 . 2006-11-25 18:41 79328 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmserd.sys
2009-10-03 05:29 . 2006-11-25 18:41 5936 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmwhnt.sys
2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.MFC
2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.CRT
2009-10-03 05:29 . 2006-11-25 18:41 66656 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmbus.sys
2009-10-03 05:29 . 2006-11-25 18:41 6208 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcmnt.sys
2009-10-03 05:29 . 2006-11-25 18:41 4048 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcr.sys
2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Logitech
2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Incomplete
2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IETldCache
2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IECompatCache
2009-10-03 05:12 . 2009-10-04 14:30 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000
2009-10-03 03:12 . 2009-10-03 03:12 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-03 03:10 . 2009-10-03 03:10 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-03 02:20 . 2009-10-03 02:20 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\browser - logitech
2009-10-03 01:19 . 2009-10-03 03:01 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\.magicfix
2009-10-03 01:18 . 2009-10-03 03:03 -------- d-s---w- c:\documents and settings\HelpAssistant.OFFICE
2009-10-02 19:28 . 2009-10-03 03:07 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\V-ONE
2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\Saved Games
2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2009-10-02 19:28 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant\pool.bin
2009-10-02 19:22 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\Logitech
2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\browser - logitech
2009-10-02 19:05 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\.magicfix
2009-10-02 19:04 . 2009-10-03 03:09 -------- d-s---w- c:\documents and settings\HelpAssistant
2009-09-13 01:29 . 2009-09-13 01:29 12934 ----a-w- c:\windows\system32\butegyny.dat
2009-09-13 01:29 . 2009-09-13 01:29 12887 ----a-w- c:\windows\alyh.com
2009-09-05 22:11 . 2009-09-05 22:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 22:10 . 2009-09-05 22:24 -------- d-----w- c:\documents and settings\straka\Application Data\VuzeStream
2009-09-05 22:08 . 2009-10-04 01:04 -------- d-----w- c:\program files\Xobni
2009-09-05 22:08 . 2009-09-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-09-05 22:07 . 2009-09-05 22:07 -------- d-----w- c:\program files\AskBarDis
2009-09-04 22:03 . 2009-09-04 22:03 8 --sh--r- c:\windows\system32\57D60DA5E8.sys
2009-09-04 18:41 . 2009-09-04 18:41 -------- d-----w- c:\program files\Runtime Software
2009-09-04 17:07 . 2009-09-11 23:22 -------- d-----w- c:\documents and settings\straka\Application Data\mjusbsp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 14:02 . 2006-07-27 03:26 -------- d-----w- c:\program files\DynDNS Updater
2009-10-03 20:53 . 2006-04-20 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Real
2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Common Files\Real
2009-09-28 03:19 . 2009-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2009-09-26 03:28 . 2006-04-05 00:47 -------- d-----w- c:\documents and settings\straka\Application Data\Azureus
2009-09-13 01:29 . 2009-09-13 01:29 14174 ----a-w- c:\documents and settings\straka\Application Data\aqyrora.dat
2009-09-13 01:29 . 2009-09-13 01:29 13353 ----a-w- c:\program files\Common Files\boteqygoki._sy
2009-09-13 01:25 . 2009-09-02 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 12:57 . 2009-08-07 01:46 -------- d-----w- c:\documents and settings\straka\Application Data\Juniper Networks
2009-09-11 23:41 . 2006-07-13 03:58 3662 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-10 19:54 . 2009-09-02 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-09-02 03:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 22:07 . 2006-04-05 00:47 -------- d-----w- c:\program files\Azureus
2009-08-23 00:13 . 2007-01-15 20:10 -------- d-----w- c:\documents and settings\straka\Application Data\CoreFTP
2009-08-21 13:32 . 2006-04-13 02:04 108056 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\MSBuild
2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 00:25 . 2009-08-21 00:25 16442 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\vikyr.dat
2009-08-16 23:26 . 2006-04-03 00:53 -------- d-----w- c:\program files\Java
2009-08-15 23:00 . 2008-08-28 22:52 -------- d-----w- c:\program files\SopCast
2009-08-15 22:55 . 2008-08-07 22:45 -------- d-----w- c:\program files\TVAnts
2009-08-07 15:13 . 2006-08-30 12:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-07 01:43 . 2009-08-07 01:43 -------- d-----w- c:\program files\Citrix
2009-08-05 09:01 . 2004-08-10 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-10 20:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-25 10:23 . 2008-12-21 14:29 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 20:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2006-04-06 23:29 . 2006-04-06 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-03_03.11.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 20:00 . 2008-04-14 00:12 49152 c:\windows\system32\wdigest(2).dll
+ 2004-08-10 20:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32(2).dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2004-08-10 20:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 20:00 . 2007-08-14 00:01 48128 c:\windows\system32\mshtmler.dll
- 2004-08-10 20:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
+ 2004-08-10 20:00 . 2007-08-14 00:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-14 00:36 . 2007-08-14 00:36 12288 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 00:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 20:00 . 2007-08-14 00:44 40960 c:\windows\system32\licmgr10.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2005-07-03 02:11 . 2007-08-14 00:39 92672 c:\windows\system32\inseng.dll
+ 2004-08-10 20:00 . 2007-08-14 00:36 36352 c:\windows\system32\imgutil.dll
+ 2004-08-10 20:00 . 2007-08-14 00:39 55296 c:\windows\system32\iesetup.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2009-08-23 16:17 . 2009-06-29 16:12 78336 c:\windows\system32\ieencode.dll
+ 2004-08-10 20:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-14 00:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-10 20:00 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2004-08-10 20:00 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2004-08-10 20:00 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-10 20:00 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-11-20 03:19 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-10 20:00 . 2007-08-14 00:44 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2005-07-03 02:11 . 2007-08-14 00:39 92672 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-10 20:00 . 2007-08-14 00:36 36352 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-10 20:00 . 2007-08-14 00:39 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-08-23 16:17 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-10 20:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-11-20 03:19 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-10 20:00 . 2007-08-14 00:18 60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-10 20:00 . 2007-08-14 00:39 71680 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 17408 c:\windows\system32\corpol.dll
+ 2004-08-10 20:00 . 2007-08-14 00:39 71680 c:\windows\system32\admparse.dll
+ 2009-09-05 22:11 . 2009-09-05 22:11 49664 c:\windows\Installer\60294ff.msi
+ 2009-09-05 22:08 . 2009-09-05 22:08 87552 c:\windows\Installer\60294f1.msi
+ 2009-09-05 22:08 . 2009-09-05 22:08 87040 c:\windows\Installer\60294ea.msi
+ 2009-09-05 23:11 . 2009-09-05 23:11 43520 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d1a31e41fd2e4593b0f433f9c92e237b\stdole.ni.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 14848 c:\windows\assembly\GAC_MSIL\stdole\7.0.3300.0__6298d2d1fcfb5d85\stdole.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 57344 c:\windows\assembly\GAC_MSIL\Newtonsoft.Json\1.1.1.0__6298d2d1fcfb5d85\Newtonsoft.Json.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 57344 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Vbe.Interop.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 97792 c:\windows\assembly\GAC_32\XobniPluginAPI\1.7.3.7053__6298d2d1fcfb5d85\XobniPluginAPI.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 3072 c:\windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\extensibility.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 827392 c:\windows\system32\wininet.dll
+ 2007-08-14 00:45 . 2007-08-14 00:45 206336 c:\windows\system32\winfxdocobj.exe
+ 2004-08-10 20:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 20:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
- 2004-08-10 20:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2005-03-10 07:49 . 2005-03-10 07:49 295424 c:\windows\system32\termsrv32.dll
+ 2005-03-10 07:49 . 2005-03-10 07:49 295424 c:\windows\system32\termsrv32(2)(2).dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
+ 2004-08-10 20:00 . 2007-08-14 00:54 156160 c:\windows\system32\msls31.dll
- 2004-08-10 20:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-14 00:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2005-06-15 17:49 . 2008-04-14 00:11 299520 c:\windows\system32\kerberos(2).dll
+ 2004-08-10 20:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2007-08-14 00:54 . 2007-08-14 00:54 180736 c:\windows\system32\ieui.dll
+ 2007-08-14 00:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2005-07-03 02:11 . 2007-08-14 00:54 191488 c:\windows\system32\iepeers.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 18:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 20:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-10 20:00 . 2007-07-12 23:31 765952 c:\windows\system32\dllcache\vgx.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-10 20:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-10 20:00 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-10 20:00 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-10 20:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-10 20:00 . 2007-08-14 00:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-11-20 03:19 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-10 20:00 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2007-11-20 03:19 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2005-07-03 02:11 . 2007-08-14 00:54 191488 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-11-20 03:19 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-10 20:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 20:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2009-10-03 13:53 . 2009-03-08 22:39 177792 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2009-09-05 22:09 . 2009-09-05 22:09 109568 c:\windows\Installer\60294f8.msi
+ 2009-08-23 16:17 . 2006-09-06 23:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2004-08-10 12:11 . 2009-08-18 15:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-08-17 18:19 . 2009-08-17 18:19 398632 c:\windows\Downloaded Program Files\JuniperExt.exe
+ 2009-09-05 23:11 . 2009-09-05 23:11 746496 c:\windows\assembly\NativeImages_v2.0.50727_32\ZedGraph\1b3997c4a8d718ca47c4da342afb5411\ZedGraph.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 702464 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniStatistics\2c23021c84942be3a899e07e79b7dcc4\XobniStatistics.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 219648 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniPluginAPI\f39f4614f8c2880922736827f5fcb254\XobniPluginAPI.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\5ccc7c5edaa205df4ed326c90e7b501f\Xobni.XMapiAccessor.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 493568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\a6901f8c44f1b0b9f604c80d62f93874\System.Data.SQLite.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 506880 c:\windows\assembly\NativeImages_v2.0.50727_32\office\69b9dbe027cd56f0db4299b9173b55b2\office.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\143bd06fec0760ed6d45d945ce01ab94\Newtonsoft.Json.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\20d169afe411989dcee8fa00c897de97\Microsoft.Vbe.Interop.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 415232 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniSkype\b576e2c4c86f53194c5c9037ac4496d2\Interop.XobniSkype.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\fbac1a8d77ef94cfbd84e409d55f6219\Interop.shdocvw.ni.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 212992 c:\windows\assembly\GAC_MSIL\office\11.0.0.0__6298d2d1fcfb5d85\office.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Word.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 405504 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Outlook.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 180224 c:\windows\assembly\GAC_MSIL\Interop.XobniSkype\1.0.0.0__6298d2d1fcfb5d85\Interop.XobniSkype.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 589824 c:\windows\assembly\GAC_MSIL\Interop.XobniRdo\4.5.0.813__6298d2d1fcfb5d85\Interop.XobniRdo.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 131072 c:\windows\assembly\GAC_MSIL\Interop.shdocvw\1.1.0.0__6298d2d1fcfb5d85\Interop.shdocvw.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 216064 c:\windows\assembly\GAC_32\ZedGraph\4.3.4.0__02a83cbd123fcd60\ZedGraph.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 158208 c:\windows\assembly\GAC_32\XobniStatistics\1.7.3.7053__6298d2d1fcfb5d85\XobniStatistics.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 727040 c:\windows\assembly\GAC_32\XobniFeeds\1.7.3.7053__6298d2d1fcfb5d85\XobniFeeds.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 417792 c:\windows\assembly\GAC_32\Xobni.XMapiAccessor\1.0.3363.21656__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 839680 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 864256 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 864256 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2005-08-04 02:29 . 2008-06-18 11:03 2458112 c:\windows\system32\WMVCore.dll
+ 2005-08-04 02:29 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
+ 2006-04-13 02:16 . 2009-10-03 03:13 9390984 c:\windows\system32\Restore\rstrlog.dat
+ 2005-07-20 03:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
+ 2007-08-14 00:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 22:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
- 2005-08-04 02:29 . 2008-06-18 11:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2005-08-04 02:29 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2005-07-03 02:11 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2005-07-20 03:00 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2007-11-20 03:19 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-11-20 03:19 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-09-05 23:11 . 2009-09-05 23:11 2369024 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniFeeds\2f9a5319c4c11907b7303807d08411a7\XobniFeeds.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\cc910561ca082052db1e6eac3d5b9189\Microsoft.Office.Interop.Word.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 1028608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\accdae5050f4b0d7a95e9fb5673abc73\Microsoft.Office.Interop.Outlook.ni.dll
+ 2009-09-05 23:11 . 2009-09-05 23:11 1445888 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniRdo\a9efd7fb4d7b548ded62dc76f3553e18\Interop.XobniRdo.ni.dll
+ 2009-09-05 22:09 . 2009-09-05 22:09 4230656 c:\windows\assembly\GAC_32\XobniCommon\1.7.3.7053__6298d2d1fcfb5d85\XobniCommon.dll
+ 2009-09-11 23:21 . 2009-09-11 23:21 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2008-08-25 00:09 . 2008-08-25 00:09 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2009-08-21 08:01 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-09-05 22:11 . 2009-09-05 22:11 15705600 c:\windows\Installer\6029507.msp
+ 2009-09-05 23:11 . 2009-09-05 23:11 11715584 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniCommon\908d11bc5df8f49a97b6181d3628182a\XobniCommon.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\straka\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"EPSON Stylus CX3800 Series on Office (from LENA-PC)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-03-09 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\straka\\Application Data\\VuzeStream\\VuzeStream.exe"=
"c:\\Documents and Settings\\straka\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/5/2009 5:07 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/5/2009 5:07 PM 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/1/2009 10:32 PM 269648]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [12/27/2007 4:39 PM 51816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/10/2008 8:15 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/1/2009 10:32 PM 19160]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [12/18/2008 5:56 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [12/18/2008 5:56 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [12/18/2008 5:56 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [12/18/2008 5:56 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [12/18/2008 5:56 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [12/18/2008 5:56 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [12/18/2008 5:56 PM 115752]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL =
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: turbotax.com
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://mydesktop.swacorp.com/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\straka\Application Data\Mozilla\Firefox\Profiles\voeznei8.default\
FF - plugin: c:\documents and settings\straka\Application Data\VuzeStream\NetscapePlugin1.0.2.9\npVuzeStream.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\straka\Local Settings\Temporary Internet Files\Content.IE5\IATNAGEH\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 09:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4068441832-866955680-4070757987-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a9,2f,79,61,21,af,1f,bb,ca,65,43,e7,03,fc,f8,e0,5a,30,5b,76,39,a0,08,
43,fd,db,33,9b,70,b9,25,42,3e,87,aa,4f,35,77,9c,ce,cc,20,d1,7d,38,98,22,8a,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
Completion time: 2009-10-04 9:46
ComboFix-quarantined-files.txt 2009-10-04 14:45
ComboFix2.txt 2009-09-03 03:15

Pre-Run: 79,913,365,504 bytes free
Post-Run: 80,296,804,352 bytes free

430 --- E O F --- 2009-09-10 08:04

[strakats]

Malwarebytes' Anti-Malware 1.41
Database version: 2900
Windows 5.1.2600 Service Pack 3

10/4/2009 10:11:22 AM
mbam-log-2009-10-04 (10-11-22).txt

Scan type: Quick Scan
Objects scanned: 193999
Time elapsed: 19 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[strakats]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:09 AM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9649 bytes

[strakats]

The problem still exists

[screen317]

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.


Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://www.malwarebytes.org/forums/index.php?showtopic=26691
Collect::
c:\windows\system32\butegyny.dat
c:\program files\Common Files\boteqygoki._sy
c:\windows\alyh.com

Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

[strakats]

Chris,

Will do when I get home from work today. Not sure where you find time to do this but thank you very much.

Good luck with Fall semester!

[screen317]

Hehe... I ask myself the same thing.

Thanks for letting me know..

[strakats]

ComboFix 09-10-06.03 - straka 10/06/2009 20:19.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.512 [GMT -5:00]
Running from: c:\documents and settings\straka\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\straka\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active


file zipped: c:\program files\Common Files\boteqygoki._sy
file zipped: c:\windows\alyh.com
file zipped: c:\windows\system32\butegyny.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\boteqygoki._sy
c:\windows\alyh.com
c:\windows\system32\butegyny.dat

Infected copy of c:\windows\system32\drivers\dtscsi.sys was found and disinfected
Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-04 16:02 . 2009-10-06 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-04 01:21 . 2009-10-04 01:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-04 00:33 . 2009-10-04 00:33 -------- d-----w- c:\program files\Trend Micro
2009-10-03 22:34 . 2009-10-03 22:34 -------- d-----w- c:\documents and settings\straka\Local Settings\Application Data\Mozilla
2009-10-03 20:53 . 2009-10-03 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\WINDOWS
2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\V-ONE
2009-10-03 05:33 . 2009-10-03 05:33 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\UserData
2009-10-03 05:33 . 2008-03-18 01:50 421544 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\UDLL.dll
2009-10-03 05:33 . 2006-11-25 18:41 25600 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermptxp.sys
2009-10-03 05:33 . 2006-11-25 18:41 22768 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\usbsermpt.sys
2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Saved Games
2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\PrivacIE
2009-10-03 05:32 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\pool.bin
2009-10-03 05:29 . 2006-11-25 18:41 9232 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdfl.sys
2009-10-03 05:29 . 2006-11-25 18:41 92064 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmmdm.sys
2009-10-03 05:29 . 2006-11-25 18:41 79328 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmserd.sys
2009-10-03 05:29 . 2006-11-25 18:41 5936 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmwhnt.sys
2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.MFC
2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Microsoft.VC80.CRT
2009-10-03 05:29 . 2006-11-25 18:41 66656 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmbus.sys
2009-10-03 05:29 . 2006-11-25 18:41 6208 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcmnt.sys
2009-10-03 05:29 . 2006-11-25 18:41 4048 ----a-w- c:\documents and settings\HelpAssistant.OFFICE.000\mqdmcr.sys
2009-10-03 05:29 . 2009-10-03 05:29 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Logitech
2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\Incomplete
2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IETldCache
2009-10-03 05:19 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000\IECompatCache
2009-10-03 05:12 . 2009-10-07 00:59 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE.000
2009-10-03 03:12 . 2009-10-03 03:12 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-03 03:10 . 2009-10-03 03:10 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-03 02:20 . 2009-10-03 02:20 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\browser - logitech
2009-10-03 01:19 . 2009-10-03 03:01 -------- d-----w- c:\documents and settings\HelpAssistant.OFFICE\.magicfix
2009-10-03 01:18 . 2009-10-03 03:03 -------- d-s---w- c:\documents and settings\HelpAssistant.OFFICE
2009-10-02 19:28 . 2009-10-03 03:07 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\V-ONE
2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\Saved Games
2009-10-02 19:28 . 2009-10-02 19:28 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2009-10-02 19:28 . 2008-02-09 00:36 256 ----a-w- c:\documents and settings\HelpAssistant\pool.bin
2009-10-02 19:22 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\Logitech
2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2009-10-02 19:11 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\HelpAssistant\browser - logitech
2009-10-02 19:05 . 2009-10-03 03:08 -------- d-----w- c:\documents and settings\HelpAssistant\.magicfix
2009-10-02 19:04 . 2009-10-03 03:09 -------- d-s---w- c:\documents and settings\HelpAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 00:48 . 2006-07-27 03:26 -------- d-----w- c:\program files\DynDNS Updater
2009-10-04 01:04 . 2009-09-05 22:08 -------- d-----w- c:\program files\Xobni
2009-10-03 20:53 . 2006-04-20 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Real
2009-10-03 03:09 . 2006-04-06 23:14 -------- d-----w- c:\program files\Common Files\Real
2009-09-28 03:19 . 2009-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2009-09-26 03:28 . 2006-04-05 00:47 -------- d-----w- c:\documents and settings\straka\Application Data\Azureus
2009-09-13 01:29 . 2009-09-13 01:29 14174 ----a-w- c:\documents and settings\straka\Application Data\aqyrora.dat
2009-09-13 01:25 . 2009-09-02 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 12:57 . 2009-08-07 01:46 -------- d-----w- c:\documents and settings\straka\Application Data\Juniper Networks
2009-09-11 23:41 . 2006-07-13 03:58 3662 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-11 23:22 . 2009-09-04 17:07 -------- d-----w- c:\documents and settings\straka\Application Data\mjusbsp
2009-09-10 19:54 . 2009-09-02 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-09-02 03:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 22:24 . 2009-09-05 22:10 -------- d-----w- c:\documents and settings\straka\Application Data\VuzeStream
2009-09-05 22:11 . 2009-09-05 22:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 22:08 . 2009-09-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-09-05 22:07 . 2006-04-05 00:47 -------- d-----w- c:\program files\Azureus
2009-09-05 22:07 . 2009-09-05 22:07 -------- d-----w- c:\program files\AskBarDis
2009-09-04 22:03 . 2009-09-04 22:03 8 --sh--r- c:\windows\system32\57D60DA5E8.sys
2009-09-04 18:41 . 2009-09-04 18:41 -------- d-----w- c:\program files\Runtime Software
2009-09-03 02:13 . 2006-04-03 00:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-23 00:13 . 2007-01-15 20:10 -------- d-----w- c:\documents and settings\straka\Application Data\CoreFTP
2009-08-21 13:32 . 2006-04-13 02:04 108056 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\MSBuild
2009-08-21 08:11 . 2009-08-21 08:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 00:25 . 2009-08-21 00:25 16442 ----a-w- c:\documents and settings\straka\Local Settings\Application Data\vikyr.dat
2009-08-16 23:26 . 2006-04-03 00:53 -------- d-----w- c:\program files\Java
2009-08-15 23:00 . 2008-08-28 22:52 -------- d-----w- c:\program files\SopCast
2009-08-15 22:55 . 2008-08-07 22:45 -------- d-----w- c:\program files\TVAnts
2009-08-07 15:13 . 2006-08-30 12:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-07 00:24 . 2004-08-10 20:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 20:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-10 20:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 20:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 20:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 20:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 20:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-10 20:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-25 10:23 . 2008-12-21 14:29 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 20:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2006-04-06 23:29 . 2006-04-06 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-04_14.43.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-06 02:52 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-06 02:52 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-10-04 16:02 . 2009-10-04 16:02 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-10 20:00 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-08-10 20:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-10 20:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-10 20:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-10 20:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-10 20:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2004-08-10 20:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\straka\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"EPSON Stylus CX3800 Series on Office (from LENA-PC)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-03-09 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\straka\\Application Data\\VuzeStream\\VuzeStream.exe"=
"c:\\Documents and Settings\\straka\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/5/2009 5:07 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/5/2009 5:07 PM 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/1/2009 10:32 PM 269648]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [12/27/2007 4:39 PM 51816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/10/2008 8:15 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/1/2009 10:32 PM 19160]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [12/18/2008 5:56 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [12/18/2008 5:56 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [12/18/2008 5:56 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [12/18/2008 5:56 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [12/18/2008 5:56 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [12/18/2008 5:56 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [12/18/2008 5:56 PM 115752]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL =
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: turbotax.com
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://mydesktop.swacorp.com/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\straka\Application Data\Mozilla\Firefox\Profiles\voeznei8.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\straka\Application Data\VuzeStream\NetscapePlugin1.0.2.9\npVuzeStream.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 20:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4068441832-866955680-4070757987-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a9,2f,79,61,21,af,1f,bb,ca,65,43,e7,03,fc,f8,e0,5a,30,5b,76,39,a0,08,
43,fd,db,33,9b,70,b9,25,42,3e,87,aa,4f,35,77,9c,ce,cc,20,d1,7d,38,98,22,8a,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
Completion time: 2009-10-07 20:30
ComboFix-quarantined-files.txt 2009-10-07 01:29
ComboFix2.txt 2009-10-04 14:46
ComboFix3.txt 2009-09-03 03:15

Pre-Run: 79,858,987,008 bytes free
Post-Run: 79,832,088,576 bytes free

255 --- E O F --- 2009-09-10 08:04
Upload was successful

[strakats]

Scanning Report
Tuesday, October 6, 2009 20:56:58 - 21:48:34

Computer name: OFFICE
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
17 malware found
TrackingCookie.Questionmarket (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

Gen:Trojan.Heur.GM (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Mediaplex (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

Exploit.PDF-JS.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted)

Trojan.SWF.Dropper.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted)

Gen:Trojan.Heur.GM.5044800000 (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE.000\LOCAL SETTINGS\TEMP\SHELL32.DLL (Not cleaned)

Exploit.PDF-JS.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted)

Trojan.SWF.Dropper.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted)

Gen:Trojan.Heur.GM.5044800000 (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT.OFFICE\LOCAL SETTINGS\TEMP\SHELL32.DLL (Renamed & Submitted)

Exploit.PDF-JS.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\ANDSHEETS[1].PDF (Renamed & Submitted)

Trojan.SWF.Dropper.Gen (virus)

* C:\DOCUMENTS AND SETTINGS\HELPASSISTANT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\URTPS7LX\SINCELINE[1].SWF (Renamed & Submitted)

Statistics
Scanned:

* Files: 98618
* System: 4114
* Not scanned: 10

Actions:

* Disinfected: 9
* Renamed: 7
* Deleted: 0
* Not cleaned: 1
* Submitted: 7

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD0797.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

[strakats]

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee VirusScan Enterprise
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
HijackThis 2.0.2
Java™ 6 Update 15
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[strakats]

Internet Explorer still hangs but Foxfire works. Hard drive appears to be continuously churning away.

[strakats]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:07 AM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on Office (from LENA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P51 "EPSON Stylus CX3800 Series on Office (from LENA-PC)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\straka\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\straka\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mydesktop.swacorp.com/,DanaInfo=.am...10100558360.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://mydesktop.swacorp.com/dana-cached/s...SetupClient.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9865 bytes

[strakats]

Also can't download updates from Malwarebytes application.

[screen317]

Hi,

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar

Let me know if you decided to uninstall it.


After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):


Java™ 6 Update 15
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Adobe Reader 7.1.0

Restart your computer.

Get the latest version of Java and Adobe Reader.

Quote

Also can't download updates from Malwarebytes application.

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased it.


See if it will update now.



Also, please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  zwebauth.dll

  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


-screen317

[strakats]

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:22 on 07/10/2009 by straka (Administrator - Elevation successful)

========== filefind ==========

Searching for "zwebauth.dll"
C:\WINDOWS\system32\ZWebAuth.dll --a--c 16973 bytes [01:02 13/05/2006] [23:37 18/09/2001] A1CC9E1DB0840F4DB88AF99CB584971D

-=End Of File=-

[strakats]

Issues:
IE won't load web pages
Malware won't update
Java install won't run

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee VirusScan Enterprise
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
HijackThis 2.0.2
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VirusScan Enterprise Mcshield.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise SHSTAT.EXE
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[strakats]

The pc also becomes unresponsive after sitting idle for while

[strakats]

Whatever's got the hard drive churning away, like its being scanned, has got to be the culprit.