Spyware, Malware, virus infection

Mr. J · 06-21-2008, 05:46 PM

So essentially the symptoms my computer is having are nearly the exact same from this thread:

http://www.techsupportforum.com/secu...maybe-trojan-w
32-looksky.html

Though whatever virus I have has also:

-wont allow the my disk drive to run
-cant boot up in safe mode goes to a blue screen (if needed I can write down the error message)
-disabled my control panel
-disabled my task manager
-made it appear that my C drive is gone (I can still access it through RUN)
-got rid of my restart button in the start up menu
-upon loading my computer it will just be an empty desktop with no explorer running and just my background picture... so its making it difficult to do the 5 steps. However occasionally it will boot up normally however not for long though: it pages right back to a blank desktop.

Anyway I have a little brother whom I share my computer with (forced to. You know how that goes.) So I really dont know what may have caused it. With him it could have been a 101 different things.

So just reitterating here.. My computer wont boot up to my desktop and doesnt recognize mouse clicks or key strokes. Does recognize mouse movement though... However sometimes my settings will load for a minute or two then goes back to a blank desktop. So I can boot up apps quick. Oddly enough as long as I get em up I can run em but nothing else which is making this very difficult to finish with step 5. So I'll have to post the DSS log later whenever I figure out how to get my settings to reload. Suggestions would be awesome. I've troubleshot to no avail though.

I will post along with this the Panda ActiveScan log. Was the only thing I could manage. Luckily a friend is letting me borrow his laptop until I resolve this issue.

If there is any other sort of details needed please let me know. Thanks in advance for your time.

EDIT: Sorry didnt notice the attatch file option below for the log.

Ried · 06-21-2008, 06:01 PM

Hello Mr. J,

Do you still have the Start button? Is your Run command still working?

Example:

Click Start>Run

Does the Run command open for you?

Mr. J · 06-21-2008, 06:05 PM

Nope, thats long gone too. Sorry, I forgot to add that. Theres a ton of little things gone. Windows Key plus R doesnt work either.

EDIT: I somehow managed to get safe mode working.

Ried · 06-21-2008, 06:17 PM

I didn't think we'd be that lucky.

Let's try this and see if we can get something to work with.

Reboot your system the same as you would to enter Safe Mode.

Instead of selecting Safe Mode, select 'Last known good configuration'

Please let me know if that helped. If it did, run a scan with dss.exe and post the main.txt

Ried · 06-21-2008, 06:18 PM

Sorry...I didn't see your edit until now.

If Safe Mode is working, run the scan with dss.exe and post the main.txt

Mr. J · 06-21-2008, 06:19 PM

Aye that didn't work either. I edited my post earlier as to not double post. But basicly safe mode doesnt work as well as "last good configuration." However I got a stroke of luck and its working in safe mode and seems to be responding to most of my queries so. Hit me up with suggestions :D

Also currently downloading the DSS Ill have that up here soon.

Ried · 06-21-2008, 06:21 PM

That's what I need to see. I have a plan in mind, but would prefer to see exactly what I'm up against first.

Mr. J · 06-21-2008, 06:35 PM

Cool beans and thanks, Ried. Ill be back as soon as the DSS finishes.

Ried · 06-21-2008, 06:36 PM

I'll be here. It should only take about 10 minutes to complete.

Mr. J · 06-21-2008, 07:38 PM

Sorry about the wait had to step out for some errands while I let it run. I've attached the scans below.

Really curious to see what the little ******* did to my computer. Hes a big gamer so Im sure he downloaded something with a virus attatched.

Again thank you for your help very much appreciate it. Got some papers I need to finish and I' am really trying to avoid reformating.

Deckard's System Scanner v20071014.68
Run by Christopher Husmann on 2003-11-07 22:07:50
Computer is in an unknown state (3)
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).

-- Last 5 Restore Point(s) --
33: 2008-03-03 01:25:18 UTC - RP705 - Removed Battlefield 2142
32: 2008-03-02 11:22:25 UTC - RP704 - System Checkpoint
31: 2008-03-01 11:01:07 UTC - RP703 - System Checkpoint
30: 2008-02-29 09:53:34 UTC - RP702 - System Checkpoint
29: 2008-02-28 09:08:22 UTC - RP701 - System Checkpoint

-- First Restore Point --
1: 2008-02-06 11:09:18 UTC - RP673 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Christopher Husmann.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09: VIRUS ALERT!, on 11/7/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Christopher Husmann\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Christopher Husmann.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: {1a0c1811-5660-055a-9a04-de9d961e7510} - {0157e169-d9ed-40a9-a550-06651181c0a1} - C:\WINDOWS\system32\gjivhjey.dll
O2 - BHO: (no name) - {1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D} - C:\WINDOWS\system32\ssqRLffd.dll
O2 - BHO: (no name) - {BA78FAD7-F8B7-4A3B-AFCD-C2711328B3FA} - C:\WINDOWS\system32\yayyAsSI.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\WINDOWS\vrmdtneg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Christopher Husmann\Local Settings\Temporary Internet Files\Content.IE5\R2H7ZTR3\install_sbd_en[1].exe
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [1400514f] rundll32.exe "C:\WINDOWS\system32\kxjcwask.dll",b
O4 - HKLM\..\Run: [Sys14.exe] C:\Windows\Sys14.exe
O4 - HKLM\..\Run: [Sys15.exe] C:\Windows\Sys15.exe
O4 - HKLM\..\Run: [Sys16.exe] C:\Windows\Sys16.exe
O4 - HKLM\..\Run: [Sys17.exe] C:\Windows\Sys17.exe
O4 - HKLM\..\Run: [BM173362d3] Rundll32.exe "C:\WINDOWS\system32\arboxphx.dll",s
O4 - HKCU\..\Run: [WintelUpdate] c:\d.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools\daemon.exe -autorun
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas3c.exe" /minimize
O4 - HKCU\..\Run: [Sys14.exe] C:\Windows\Sys14.exe
O4 - HKCU\..\Run: [Sys15.exe] C:\Windows\Sys15.exe
O4 - HKCU\..\Run: [Sys16.exe] C:\Windows\Sys16.exe
O4 - HKCU\..\Run: [Sys17.exe] C:\Windows\Sys17.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Christopher Husmann\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136847899265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136848597656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: *x - *x (file missing)
O20 - Winlogon Notify: €x - €x (file missing)
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\
O20 - Winlogon Notify: ssqRLffd - C:\WINDOWS\SYSTEM32\ssqRLffd.dll
O20 - Winlogon Notify: ðØÜ - ðØÜ (file missing)
O21 - SSODL: xvorfwbd - {3822F249-C0B0-400C-8E63-EC4DFA3105A4} - C:\WINDOWS\xvorfwbd.dll
O21 - SSODL: wpvmqosg - {556AEF25-2406-4E0D-98A1-167EAAA51FFA} - C:\WINDOWS\wpvmqosg.dll
O21 - SSODL: VoidDriveMicro - {c68aa992-703d-4364-b990-bdcd40127d49} - C:\WINDOWS\Resources\VoidDriveMicro.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9906 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S1 narqwe - c:\windows\system32\narqwe.sys
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-19 17:09:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2003-10-07 and 2003-11-07 -----------------------------

2008-06-18 18:53:50 0 d-------- C:\bintheredunthat
2008-06-18 18:50:27 0 d-------- C:\WINDOWS\privacy_danger
2008-06-18 18:11:33 98816 --a------ C:\WINDOWS\system32\gypnnncm.dll
2008-06-18 18:10:09 80896 --a------ C:\WINDOWS\system32\hecmoyqo.dll
2008-06-18 18:10:03 89600 --a------ C:\WINDOWS\system32\pwjghqsi.dll
2008-06-18 18:09:28 36352 --a------ C:\WINDOWS\system32\qoMdBQKE.dll
2008-06-18 18:08:32 0 d-------- C:\WINDOWS\system32\763444
2008-06-18 04:43:33 0 d-------- C:\BFU
2008-06-18 01:10:00 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\TmpRecentIcons
2008-06-18 01:01:48 0 d-------- C:\Program Files\Enigma Software Group
2008-06-18 00:46:33 0 d-------- C:\Program Files\DAEMON Tools
2008-06-18 00:42:33 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\DAEMON Tools
2008-06-17 23:17:07 82432 --a------ C:\WINDOWS\system32\spkdxtbn.dll
2008-06-17 23:16:25 757133 --ahs---- C:\WINDOWS\system32\ISsAyyay.ini2
2008-06-17 23:16:21 322560 --a------ C:\WINDOWS\system32\yayyAsSI.dll
2008-06-17 22:34:22 1587 --ahs---- C:\WINDOWS\system32\BJiRstwa.ini2
2008-06-17 22:29:12 28800 --a------ C:\WINDOWS\system32\nnnlkjHA.dll
2008-06-17 22:29:05 180224 --a------ C:\WINDOWS\xvorfwbd.dll
2008-06-17 22:29:05 233472 --a------ C:\WINDOWS\wpvmqosg.dll
2008-06-17 22:29:05 155648 --a------ C:\WINDOWS\vrmdtneg.dll
2008-06-17 22:29:05 81920 --a------ C:\WINDOWS\neltabxw.exe
2008-06-17 22:29:05 94208 --a------ C:\WINDOWS\exwd.exe
2008-06-17 22:28:51 16768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys <Not Verified; www.kceasy.com; KCeasy tcpip.sys patcher>
2008-06-17 22:28:12 221184 --a------ C:\WINDOWS\system32\nvrsma.dll
2008-06-17 22:28:06 0 --a------ C:\WINDOWS\system32\narqwe.sys
2008-06-17 22:27:52 24064 --a------ C:\WINDOWS\system32\ssqRLffd.dll
2008-06-17 20:16:52 0 d-------- C:\Diablo II
2008-06-14 16:24:20 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\SPORE Creature Creator
2008-06-14 16:23:57 0 d-------- C:\Program Files\Electronic Arts
2008-06-09 19:26:04 201728 --a------ C:\WINDOWS\system32\tdk-screensaver-a03.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-06-09 19:26:04 0 d-------- C:\WINDOWS\system32\tdk-screensaver-a03 dir
2008-06-09 04:22:58 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Move Networks
2008-06-07 07:45:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-05 23:02:34 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-05 23:01:30 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Skype
2008-06-05 23:01:20 0 d-------- C:\Program Files\Skype
2008-06-05 23:01:19 0 d-------- C:\Program Files\Common Files\Skype
2008-06-02 18:21:59 0 d-------- C:\Documents and Settings\Guest\Application Data\MySpace
2008-06-01 17:58:40 0 d-------- C:\Program Files\EuphRO2
2008-05-29 18:18:30 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\MySpace
2008-05-23 21:38:06 0 d-------- C:\Program Files\City of Heroes
2008-05-22 02:55:42 0 d-------- C:\Skins
2008-05-22 02:55:42 0 d-------- C:\Code
2008-05-02 18:10:47 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\CyberLink
2008-03-25 23:25:21 0 d-------- C:\Logs
2008-03-04 21:37:00 256 --a------ C:\Documents and Settings\Christopher Husmann\pool.bin
2008-03-03 19:54:15 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-03-03 19:53:51 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-03-03 18:34:02 0 d-------- C:\Documents and Settings\Christopher Husmann\.housecall6.6
2008-03-03 16:32:33 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-03-03 16:32:33 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-03 16:19:37 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-03-03 16:19:37 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-03-03 16:19:37 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-03-03 16:19:37 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-03-03 16:19:37 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-03-03 16:19:37 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-03-03 16:19:37 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-03 16:19:37 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-03-03 16:18:58 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2008-03-03 16:18:43 0 d-------- C:\WINDOWS\system32\EVGA
2008-03-03 15:49:32 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\nView_Wallpaper
2008-03-03 15:17:09 0 d-------- C:\WINDOWS\pss
2008-02-25 06:13:16 0 d-------- C:\Program Files\MSXML 6.0
2008-02-22 18:42:23 256 --a------ C:\WINDOWS\system32\pool.bin
2008-02-22 18:42:14 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Research In Motion
2008-02-22 17:56:06 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-02-22 17:56:00 0 d-------- C:\Program Files\Research In Motion
2008-02-16 20:18:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-16 19:08:54 0 dr------- C:\my documents
2008-02-16 19:00:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-16 19:00:36 0 d-------- C:\Program Files\Logitech
2008-02-16 19:00:36 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-02-16 18:37:40 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-31 20:25:41 0 d--hs---- C:\WINDOWS\ftpcache
2007-12-03 06:01:50 0 d-------- C:\Program Files\Windows Live Favorites
2007-11-27 21:16:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-11-27 20:57:10 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\IGN_DLM
2007-11-27 20:56:45 0 d-------- C:\Program Files\Download Manager
2007-11-18 18:24:14 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\skypePM
2007-11-18 18:24:14 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-18 18:19:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-06 00:17:01 0 d--h----- C:\WINDOWS\PIF
2007-11-03 16:43:18 17 --a------ C:\WINDOWS\popcinfo.dat
2007-10-31 17:40:10 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-24 20:34:07 0 d-------- C:\Nexon
2007-10-24 20:32:55 0 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2007-10-22 20:12:27 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2007-10-17 13:41:39 0 d-------- C:\Program Files\Common Files\Real
2007-10-17 13:41:37 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Real
2007-09-13 14:56:24 0 d-------- C:\Documents and Settings\Christopher Husmann\Contacts
2007-09-13 14:51:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-13 14:50:36 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-13 14:49:05 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-09-02 20:47:49 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2007-08-15 01:12:46 0 d-------- C:\Program Files\Spyware Doctor
2007-08-15 01:12:46 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\PC Tools
2007-08-04 02:05:23 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\MSN6
2007-08-04 02:05:23 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-07-11 22:14:45 0 d-------- C:\Program Files\InterActual
2007-07-10 00:33:10 0 d-------- C:\Documents and Settings\Guest\Application Data\acccore
2007-06-23 15:10:07 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Lionhead Studios
2007-06-23 10:11:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-07 01:47:45 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-06-02 02:33:45 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Blue Box Network
2007-06-02 02:33:38 0 d-------- C:\Program Files\Blue Box Network
2007-04-28 01:36:49 0 d-------- C:\WINDOWS\RebirthRO Full Client
2007-03-31 21:55:32 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Turbine
2007-03-31 21:44:52 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-31 19:09:33 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\GetRightToGo
2007-03-11 21:13:03 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-03-10 00:11:36 0 d-------- C:\Program Files\directx
2007-02-26 19:04:51 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-02-26 19:04:51 341 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-02-26 19:03:05 0 --a------ C:\WINDOWS\system32\ssprs.dll
2007-02-26 19:03:05 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-02-26 19:03:05 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-02-26 19:03:05 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-02-26 03:15:06 0 d-------- C:\Program Files\Macromedia
2007-01-27 14:21:22 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\acccore
2007-01-27 14:21:18 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-01-27 14:13:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-01-27 14:13:13 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-01-27 14:12:54 0 d-------- C:\Program Files\Common Files\AOL
2007-01-27 14:12:51 0 d-------- C:\Program Files\AIM6
2007-01-16 13:42:52 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Viewpoint
2007-01-14 17:08:13 0 d-------- C:\Program Files\Windows Media Connect 2
2007-01-14 17

47 0 d-------- C:\WINDOWS\system32\LogFiles
2007-01-14 17

47 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-22 11:28:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2006-11-27 18:53:07 0 d-------- C:\Program Files\Sony
2006-11-22 00:57:05 0 d-------- C:\WINDOWS\network diagnostic
2006-11-10 11:57:54 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2006-11-10 11:38:33 0 d-------- C:\Documents and Settings\Guest\Application Data\Talkback
2006-11-10 11:38:10 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2006-11-10 10:56:05 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2006-11-10 10:55:46 0 d--h----- C:\Documents and Settings\Guest\Templates
2006-11-10 10:55:46 0 dr------- C:\Documents and Settings\Guest\Start Menu
2006-11-10 10:55:46 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2006-11-10 10:55:46 0 dr-h----- C:\Documents and Settings\Guest\Recent
2006-11-10 10:55:46 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2006-11-10 10:55:46 0 d--h----- C:\Documents and Settings\Guest\NetHood
2006-11-10 10:55:46 0 dr------- C:\Documents and Settings\Guest\My Documents
2006-11-10 10:55:46 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2006-11-10 10:55:46 0 dr------- C:\Documents and Settings\Guest\Favorites
2006-11-10 10:55:46 0 d-------- C:\Documents and Settings\Guest\Desktop
2006-11-10 10:55:46 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2006-11-10 10:55:46 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2006-11-10 10:55:46 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2006-11-10 10:55:45 2097152 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2006-08-27 00:49:37 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-08-27 00:47:44 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2006-08-27 00:47:44 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2006-08-27 00:47:43 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2006-08-24 13:00:58 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Corel
2006-08-24 12:59:33 0 d-------- C:\Program Files\Common Files\Borland Shared
2006-08-24 12:59:01 0 d-------- C:\WINDOWS\ShellNew
2006-08-24 12:58:01 0 d-------- C:\Program Files\WordPerfect Office 11
2006-08-24 12:58:01 0 d-------- C:\Program Files\Common Files\Corel
2006-07-29 01:38:43 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Firaxis Games
2006-07-27 01:01:40 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\IMVU
2006-07-21 01:24:11 0 d-------- C:\WINDOWS\.file_store_32
2006-06-08 14:27:30 326 --a------ C:\WINDOWS\system32\tablet.dat
2006-06-08 14:27:28 8138 --a------ C:\WINDOWS\system32\drivers\PenClass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
2006-06-08 14:27:27 0 d-------- C:\WINDOWS\system32\WTablet
2006-06-08 14:27:22 102400 --a------ C:\WINDOWS\system32\Wintab32.dll <Not Verified; Wacom Technology, Corp.; Wacom Technology, Corp. WINTAB32>
2006-06-08 14:27:22 749568 --a------ C:\WINDOWS\system32\Tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
2006-06-08 14:27:21 0 d-------- C:\Program Files\Tablet
2006-05-24 13:37:01 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Aim
2006-05-14 22:28:15 528 -r-hs---- C:\WINDOWS\egirllic15
2006-05-11 23:22:54 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Google
2006-05-11 23:22:37 0 d-------- C:\Program Files\Google
2006-05-06 22:53:43 8192 --a------ C:\WINDOWS\d3dx.dat
2006-05-06 00:46:39 1359 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2006-04-23 19:34:48 0 d--h----- C:\WINDOWS\msdownld.tmp
2006-04-23 19:14:43 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-04-23 19:13:24 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-04-09 19:55:25 0 d-------- C:\WINDOWS\system32\Spider-Man 3 Screensaver dir
2006-03-09 17:15:15 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\AdobeUM
2006-03-03 19:53:05 0 d-------- C:\Program Files\Common Files\EasyInfo
2006-02-26 15:47:51 0 d-------- C:\WINDOWS\nview
2006-02-24 20:26:51 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Help
2006-02-24 12:24:15 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2006-02-20 19:56:41 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-02-20 19:56:41 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-02-20 19:56:41 0 d-------- C:\Program Files\XviD
2006-02-12 01:10:24 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Ventrilo
2006-02-12 01:09:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-01-27 21:43:08 0 d-------- C:\Program Files\MsnMusic
2006-01-27 21:42:08 0 d-------- C:\WINDOWS\RegisteredPackages
2006-01-27 21:36:25 0 d-------- C:\WINDOWS\Sun
2006-01-27 21:36:25 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Sun
2006-01-27 21:14:50 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Apple Computer
2006-01-27 21:14:02 0 d-------- C:\Program Files\QuickTime
2006-01-27 21:12:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-01-27 21:12:33 0 d-------- C:\WINDOWS\Downloaded Installations
2006-01-27 16:34:41 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Adobe
2006-01-27 16:30:51 0 d-------- C:\Program Files\Common Files\Adobe
2006-01-27 16:29:53 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2006-01-23 20:43:24 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2006-01-10 21:50:20 0 d-------- C:\downloads
2006-01-10 21:30:50 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Azureus
2006-01-10 21:13:24 0 d-------- C:\Program Files\Viewpoint
2006-01-10 21:13:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-01-10 21:13:23 0 d-------- C:\Program Files\AOD
2006-01-10 21:13:20 0 d-------- C:\Program Files\AIM
2006-01-10 19:26:15 0 d-------- C:\Program Files\Azureus
2006-01-10 19:26:14 0 d-------- C:\Program Files\Java
2006-01-10 19:25:07 0 d-------- C:\Program Files\Common Files\Java
2006-01-10 19:16:19 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Macromedia
2006-01-10 03:14:00 0 d-------- C:\Program Files\MSN Messenger
2006-01-10 03:10:29 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Talkback
2006-01-10 03:10:19 335 --a------ C:\WINDOWS\nsreg.dat
2006-01-10 03:10:10 107132 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-01-10 03:10:01 3691 --a------ C:\WINDOWS\mozver.dat
2006-01-10 03:10:00 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Mozilla
2006-01-10 03:09:21 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2006-01-09 22:19:12 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Xfire
2006-01-09 22:13:21 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\My Games
2006-01-09 20:43:49 0 d-------- C:\NVIDIA
2006-01-09 19:14:25 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-01-09 19:10:44 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2006-01-09 19:09:58 0 d-------- C:\WINDOWS\Prefetch
2006-01-09 18:55:12 0 d-------- C:\WINDOWS\provisioning
2006-01-09 18:55:12 0 d-------- C:\WINDOWS\peernet
2006-01-09 18:53:39 0 d-------- C:\WINDOWS\ServicePackFiles
2006-01-09 18:47:58 0 d-------- C:\WINDOWS\EHome
2006-01-09 18:30:20 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2006-01-09 18:12:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-01-09 18:10:23 0 d---s---- C:\WINDOWS\system32\Microsoft
2006-01-09 18:09:36 0 d-------- C:\WINDOWS\system32\PreInstall
2006-01-09 18:09:33 0 d--h----- C:\WINDOWS\$hf_mig$
2006-01-09 18:08:57 0 d-------- C:\WINDOWS\system32\bits
2006-01-09 18:05:08 0 d-------- C:\WINDOWS\SoftwareDistribution
2006-01-09 18:04:56 0 d--hs---- C:\Documents and Settings\Christopher Husmann\UserData
2006-01-09 17:37:40 4272 -ra------ C:\WINDOWS\system32\drivers\bvrp_pci.sys
2006-01-09 17:32:04 0 d-------- C:\WUTemp
2006-01-09 17:26:59 0 d-------- C:\Program Files\Intel
2006-01-09 17:26:31 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2006-01-09 17:25:07 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2006-01-09 17:25:07 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2006-01-09 17:25:07 0 d-------- C:\Program Files\Analog Devices
2006-01-09 17:20:52 0 d-------- C:\Program Files\CyberLink
2006-01-09 17:18:43 176128 --a------ C:\WINDOWS\system32\RcdScan.dll <Not Verified; Dell Computer Corporation; RcdScan Module>
2006-01-09 17:18:43 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP HTML 2000>
2006-01-09 17:18:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2006-01-09 17:18:39 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
2006-01-09 17:18:31 0 d-------- C:\Program Files\Common Files\InstallShield
2006-01-09 17:13:48 0 d--hs---- C:\WINDOWS\Installer
2006-01-09 17:13:45 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\Identities
2006-01-09 17:13:28 0 d--h----- C:\Documents and Settings\Christopher Husmann\Templates
2006-01-09 17:13:28 0 dr------- C:\Documents and Settings\Christopher Husmann\Start Menu
2006-01-09 17:13:28 0 dr-h----- C:\Documents and Settings\Christopher Husmann\SendTo
2006-01-09 17:13:28 0 dr-h----- C:\Documents and Settings\Christopher Husmann\Recent
2006-01-09 17:13:28 0 d--h----- C:\Documents and Settings\Christopher Husmann\PrintHood
2006-01-09 17:13:28 6029312 --ah----- C:\Documents and Settings\Christopher Husmann\NTUSER.DAT
2006-01-09 17:13:28 0 d--h----- C:\Documents and Settings\Christopher Husmann\NetHood
2006-01-09 17:13:28 0 dr------- C:\Documents and Settings\Christopher Husmann\My Documents
2006-01-09 17:13:28 0 d--h----- C:\Documents and Settings\Christopher Husmann\Local Settings
2006-01-09 17:13:28 0 dr------- C:\Documents and Settings\Christopher Husmann\Favorites
2006-01-09 17:13:28 0 d-------- C:\Documents and Settings\Christopher Husmann\Desktop
2006-01-09 17:13:28 0 d--hs---- C:\Documents and Settings\Christopher Husmann\Cookies
2006-01-09 17:13:28 0 dr-h----- C:\Documents and Settings\Christopher Husmann\Application Data
2006-01-09 17:09:35 0 d--hs---- C:\System Volume Information
2006-01-09 17:09:34 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2006-01-09 17:09:34 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2006-01-09 17:09:34 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2006-01-09 17:09:34 0 d-------- C:\Documents and Settings\LocalService\Application Data
2006-01-09 17:09:34 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2006-01-09 17:09:33 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2006-01-09 17:09:33 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2006-01-09 17:09:33 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2006-01-09 17:09:33 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2006-01-09 17:09:33 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2006-01-09 17

46 0 d-------- C:\WINDOWS\system32\xircom
2006-01-09 17

46 0 d-------- C:\Program Files\microsoft frontpage
2006-01-09 17

44 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2006-01-09 17

44 0 d-------- C:\DELL
2006-01-09 17:03:36 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-01-09 17:01:39 0 d--hs---- C:\Documents and Settings\All Users\DRM
2006-01-09 17:01:31 0 dr------- C:\WINDOWS\Offline Web Pages
2006-01-09 17:01:31 0 d---s---- C:\WINDOWS\Downloaded Program Files
2006-01-09 17:01:01 0 d-------- C:\WINDOWS\system32\DirectX
2006-01-09 17:00:20 0 d---s---- C:\WINDOWS\Tasks
2006-01-09 17:00:13 0 d-------- C:\Program Files\Common Files\MSSoap
2006-01-09 17:00:09 0 d-------- C:\WINDOWS\system32\Macromed
2006-01-09 17:00:09 0 d-------- C:\WINDOWS\srchasst
2006-01-09 17:00:08 0 d-------- C:\Program Files\Movie Maker
2006-01-09 17:00:04 0 d-------- C:\WINDOWS\system32\Restore
2006-01-09 17:00:04 0 d-------- C:\WINDOWS\PCHealth
2006-01-09 16:59:51 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2006-01-09 16:59:33 0 d-------- C:\WINDOWS\Registration
2006-01-09 16:59:07 0 d--h----- C:\Program Files\WindowsUpdate
2006-01-09 16:59:07 0 d-------- C:\Program Files\Online Services
2006-01-09 16:59:02 0 d-------- C:\Program Files\Messenger
2006-01-09 16:58:58 0 d-------- C:\Program Files\MSN Gaming Zone
2006-01-09 16:58:32 0 d-------- C:\Program Files\Windows NT
2006-01-09 16:58:29 0 d-------- C:\WINDOWS\system32\MsDtc
2006-01-09 16:58:28 0 d-------- C:\WINDOWS\system32\Com
2006-01-09 11:52:56 0 d-------- C:\Program Files\Common Files\ODBC
2006-01-09 11:52:53 0 dr------- C:\Program Files
2006-01-09 11:52:53 0 d-------- C:\Program Files\Common Files
2006-01-09 11:52:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
2006-01-09 11:52:32 0 d--h----- C:\Documents and Settings\Default User\Templates
2006-01-09 11:52:32 0 dr------- C:\Documents and Settings\Default User\Start Menu
2006-01-09 11:52:32 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2006-01-09 11:52:32 0 d--h----- C:\Documents and Settings\Default User\Recent
2006-01-09 11:52:32 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2006-01-09 11:52:32 0 d--h----- C:\Documents and Settings\Default User\NetHood
2006-01-09 11:52:32 0 d-------- C:\Documents and Settings\Default User\My Documents
2006-01-09 11:52:32 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2006-01-09 11:52:32 0 d-------- C:\Documents and Settings\Default User\Favorites
2006-01-09 11:52:32 0 d-------- C:\Documents and Settings\Default User\Desktop
2006-01-09 11:52:32 0 d---s---- C:\Documents and Settings\Default User\Cookies
2006-01-09 11:52:32 0 d--h----- C:\Documents and Settings\All Users\Templates
2006-01-09 11:52:32 0 dr------- C:\Documents and Settings\All Users\Start Menu
2006-01-09 11:52:32 0 d-------- C:\Documents and Settings\All Users\Favorites
2006-01-09 11:52:32 0 dr------- C:\Documents and Settings\All Users\Documents
2006-01-09 11:52:32 0 d-------- C:\Documents and Settings\All Users\Desktop
2006-01-09 11:51:45 0 d-------- C:\WINDOWS\system32\CatRoot2
2006-01-09 11:51:45 0 d-------- C:\WINDOWS\system32\CatRoot
2006-01-09 11:51:40 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2006-01-09 11:51:40 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2006-01-09 11:51:40 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2006-01-09 11:51:40 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-01-09 11:51:23 0 d-------- C:\Documents and Settings
2006-01-09 11:44:52 0 d-------- C:\WINDOWS
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\WinSxS
2006-01-09 11:44:52 0 dr------- C:\WINDOWS\Web
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\twain_32
2006-01-09 11:44:52 0 d-a------ C:\WINDOWS\system32
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\wins
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\wbem
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\usmt
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\spool
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\ShellExt
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\Setup
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\ras
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\oobe
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\npp
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\mui
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\inetsrv
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\IME
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\icsxml
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\ias
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\export
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\drivers
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\drivers\etc
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\drivers\disdn
2006-01-09 11:44:52 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\dhcp
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\config
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\3com_dmi
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\3076
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\2052
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\1054
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\1042
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\1041
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\1037
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\1033
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\1031
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\1028
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system32\1025
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\system
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\security
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\Resources
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\repair
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\mui
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\msapps
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\msagent
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\Media
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\java
2006-01-09 11:44:52 0 d--h----- C:\WINDOWS\inf
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\ime
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\Help
2006-01-09 11:44:52 0 dr--s---- C:\WINDOWS\Fonts
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\Driver Cache
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\Debug
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\Cursors
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\Connection Wizard
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\Config
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\AppPatch
2006-01-09 11:44:52 0 d-------- C:\WINDOWS\addins
2004-07-14 22:34:06 16896 --a------ C:\WINDOWS\system32\mscorier.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2003-11-07 22:09:06 0 d-------- C:\Program Files\Trend Micro
2003-11-07 22:05:49 0 d-------- C:\Documents and Settings\Christopher Husmann\Application Data\U3
2003-11-07 21:50:26 81408 --a------ C:\WINDOWS\system32\kxjcwask.dll
2003-11-07 21:47:26 99328 --a------ C:\WINDOWS\system32\gjivhjey.dll
2003-11-07 21:44:44 90112 --a------ C:\WINDOWS\system32\arboxphx.dll
2003-11-07 21:31:23 0 d-------- C:\ie-spyad
2003-11-07 21:28:37 0 -rahs---- C:\MSDOS.SYS
2003-11-07 21:28:37 0 -rahs---- C:\IO.SYS
2003-11-07 21:28:37 0 --a------ C:\CONFIG.SYS
2003-11-07 21:28:37 0 --a------ C:\AUTOEXEC.BAT
2003-11-07 21:27:33 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2003-11-07 21:27:32 0 d-------- C:\Program Files\SpywareBlaster
2003-11-07 20:23:21 0 d-------- C:\Program Files\Panda Security
2003-11-07 20:14:03 245760 --a------ C:\WINDOWS\ksendlbtxqd.dll
2003-11-07 20:14:02 94208 --a------ C:\WINDOWS\eltr.exe
2003-11-07 20:13:56 0 d-------- C:\Program Files\VAV
2003-11-07 20:13:55 30720 --a------ C:\WINDOWS\Sys17.exe
2003-11-07 20:13:54 30208 --a------ C:\WINDOWS\Sys16.exe
2003-11-07 20:13:54 31744 --a------ C:\WINDOWS\Sys15.exe
2003-11-07 20:13:53 32256 --a------ C:\WINDOWS\Sys14.exe
2003-11-07 20:13:51 0 d-------- C:\Program Files\PCHealthCenter

-- Find3M Report ---------------------------------------------------------------

2008-06-17 22:28:12 577536 --a------ C:\WINDOWS\system32\user32.DLL <Not Verified; Microsoft Corporation; Microsoft®

06-21-2008, 06:01 PM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,747 OS: WinXP and Vista	Re: Spyware, Malware, virus infection Hello Mr. J, Do you still have the Start button? Is your Run command still working? Example: Click Start>Run Does the Run command open for you? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-21-2008, 06:05 PM	#3 (permalink)
Mr. J Registered User Join Date: Jun 2008 Posts: 9 OS: Windows XP Home Edition	Re: Spyware, Malware, virus infection Nope, thats long gone too. Sorry, I forgot to add that. Theres a ton of little things gone. Windows Key plus R doesnt work either. EDIT: I somehow managed to get safe mode working. Last edited by Mr. J : 06-21-2008 at 06:11 PM.

06-21-2008, 06:17 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,747 OS: WinXP and Vista	Re: Spyware, Malware, virus infection I didn't think we'd be that lucky. Let's try this and see if we can get something to work with. Reboot your system the same as you would to enter Safe Mode. Instead of selecting Safe Mode, select 'Last known good configuration' Please let me know if that helped. If it did, run a scan with dss.exe and post the main.txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-21-2008, 06:18 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,747 OS: WinXP and Vista	Re: Spyware, Malware, virus infection Sorry...I didn't see your edit until now. If Safe Mode is working, run the scan with dss.exe and post the main.txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-21-2008, 06:19 PM	#6 (permalink)
Mr. J Registered User Join Date: Jun 2008 Posts: 9 OS: Windows XP Home Edition	Re: Spyware, Malware, virus infection Aye that didn't work either. I edited my post earlier as to not double post. But basicly safe mode doesnt work as well as "last good configuration." However I got a stroke of luck and its working in safe mode and seems to be responding to most of my queries so. Hit me up with suggestions :D Also currently downloading the DSS Ill have that up here soon.

06-21-2008, 06:21 PM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,747 OS: WinXP and Vista	Re: Spyware, Malware, virus infection That's what I need to see. I have a plan in mind, but would prefer to see exactly what I'm up against first. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-21-2008, 06:35 PM	#8 (permalink)
Mr. J Registered User Join Date: Jun 2008 Posts: 9 OS: Windows XP Home Edition	Re: Spyware, Malware, virus infection Cool beans and thanks, Ried. Ill be back as soon as the DSS finishes.

06-21-2008, 06:36 PM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,747 OS: WinXP and Vista	Re: Spyware, Malware, virus infection I'll be here. It should only take about 10 minutes to complete. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."