heres my new scans help plz my computer is running so slow!!!!!!!

klowery11115 · 06-06-2009, 06:55 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 23:27:08.21 on Fri 06/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.65 [GMT -8:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} -
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} -
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - AIM Toolbar Loader
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2E608F70-C430-4BC5-96F6-608E02EBA5B2} - No File
TB: {70DE7956-479D-4EB7-8641-2B45774C350E} - No File
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Sunkist2k] "c:\program files\multimedia card reader\shwicon2k.exe"
mRun: [IPInSightLAN 01] "c:\program files\visual networks\visual ip insight\sbc\IPClient.exe" -l
mRun: [Ulead Quick-Drop] "c:\program files\ulead systems\ulead dvd moviefactory 4.0 disc creator tbyb\ulead quick-drop 1.0\Quick-Drop.exe" WINDOWCALL
mRun: [USIUDF_Eject_Monitor] "c:\program files\common files\ulead systems\dvd\USISrv.exe"
mRun: [IPHSend] "c:\program files\common files\aol\iphsend\IPHSend.exe"
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSubtract.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &AIM Search
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326}
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\DRWEBSP.DLL
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - hxxp://www.windowsecurity.com/trojanscan/TDECntrl.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJDwvsp

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-1-25 2560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-29 24652]
R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [2004-1-17 30112]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-12-17 33792]
S2 mrtRate;mrtRate; [x]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-6-6 42112]
S3 pohci13F;pohci13F; [x]

=============== Created Last 30 ================

2009-06-02 19:47 <DIR> --d----- c:\program files\RelevantKnowledge
2009-05-29 21:16 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-05-29 21:12 <DIR> --d----- c:\windows\ie8updates
2009-05-29 21:09 <DIR> -cd-h--- c:\windows\ie8
2009-05-21 18:41 647,168 a------- c:\windows\system32\CDWriterXP.ocx
2009-05-21 18:37 57,344 a------- c:\windows\system32\Wnaspint.dll
2009-05-15 10:41 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Napster
2009-05-15 03:52 <DIR> -cd----- C:\Downloads
2009-05-15 03:35 <DIR> --d----- c:\program files\DNA
2009-05-15 03:35 <DIR> --d----- c:\docume~1\owner\applic~1\DNA
2009-05-11 07:51 <DIR> --d----- c:\program files\Windows Media Connect 2

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a--s---- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2007-03-16 16:36 13,195 ac------ c:\documents and settings\owner\zguicfgw.dat
2005-11-26 14:48 774,144 ac------ c:\program files\RngInterstitial.dll
2005-08-21 04:45 5,664 ac------ c:\docume~1\alluse~1\applic~1\ypinfo.bin
2005-02-28 15:08 76 ac--h--- c:\program files\Desktop.ini
2004-05-30 18:08 77 ac------ c:\documents and settings\owner\ub.dat
2004-05-18 13:47 0 ac------ c:\documents and settings\owner\ad.dat
2003-12-28 23:36 40 ac------ c:\documents and settings\owner\language.dat
2001-09-28 17:00 164,864 ac------ c:\program files\UNWISE.EXE
2005-09-20 00:05 152 -c-shr-- c:\windows\system32\3741FB9001.sys
2003-12-28 22:15 56 -c-shr-- c:\windows\system32\BC2C6383F0.sys
2006-04-05 15:24 1,057 a--sh--- c:\windows\system32\mmf(10)(2).sys
2005-05-28 01:02 1,057 ac-sh--- c:\windows\system32\mmf(10)(3).sys
2005-05-28 01:02 1,057 ac-sh--- c:\windows\system32\mmf(10)(4).sys
2005-05-30 16:47 1,057 ac-sh--- c:\windows\system32\mmf(10)(5).sys
2006-04-09 10:20 1,057 a--sh--- c:\windows\system32\mmf(10)(6).sys
2006-04-01 21:15 1,057 a--sh--- c:\windows\system32\mmf(100)(2).sys
2006-03-13 14:51 1,057 a--sh--- c:\windows\system32\mmf(104)(2).sys
2006-04-05 15:09 1,057 a--sh--- c:\windows\system32\mmf(11)(2).sys
2005-05-28 00:31 1,057 ac-sh--- c:\windows\system32\mmf(11)(3).sys
2005-05-28 00:31 1,057 ac-sh--- c:\windows\system32\mmf(11)(4).sys
2006-04-09 08:51 1,057 a--sh--- c:\windows\system32\mmf(11)(5).sys
2006-04-04 14:52 1,057 a--sh--- c:\windows\system32\mmf(12)(2).sys
2005-05-27 17:25 1,057 ac-sh--- c:\windows\system32\mmf(12)(3).sys
2005-05-27 17:25 1,057 ac-sh--- c:\windows\system32\mmf(12)(4).sys
2006-04-09 07:57 1,057 a--sh--- c:\windows\system32\mmf(12)(5).sys
2006-04-04 12:16 1,057 a--sh--- c:\windows\system32\mmf(13)(2).sys
2005-05-27 14:47 1,057 ac-sh--- c:\windows\system32\mmf(13)(3).sys
2005-05-27 14:47 1,057 ac-sh--- c:\windows\system32\mmf(13)(4).sys
2006-04-08 15:04 1,057 a--sh--- c:\windows\system32\mmf(13)(5).sys
2006-04-04 09:35 1,057 a--sh--- c:\windows\system32\mmf(14)(2).sys
2005-05-26 21:30 1,057 ac-sh--- c:\windows\system32\mmf(14)(3).sys
2005-05-26 21:30 1,057 ac-sh--- c:\windows\system32\mmf(14)(4).sys
2006-04-08 01:21 1,057 a--sh--- c:\windows\system32\mmf(14)(5).sys
2006-04-04 07:31 1,057 a--sh--- c:\windows\system32\mmf(15)(2).sys
2005-05-26 14:48 1,057 ac-sh--- c:\windows\system32\mmf(15)(3).sys
2005-05-26 14:48 1,057 ac-sh--- c:\windows\system32\mmf(15)(4).sys
2006-04-08 00:52 1,057 a--sh--- c:\windows\system32\mmf(15)(5).sys
2006-04-03 23:02 1,057 a--sh--- c:\windows\system32\mmf(16)(2).sys
2005-05-25 14:48 1,057 ac-sh--- c:\windows\system32\mmf(16)(3).sys
2005-05-25 14:48 1,057 ac-sh--- c:\windows\system32\mmf(16)(4).sys
2006-04-07 14:57 1,057 a--sh--- c:\windows\system32\mmf(16)(5).sys
2006-04-01 11:49 1,057 a--sh--- c:\windows\system32\mmf(17)(2).sys
2005-05-24 14:48 1,057 ac-sh--- c:\windows\system32\mmf(17)(3).sys
2005-05-24 14:48 1,057 ac-sh--- c:\windows\system32\mmf(17)(4).sys
2006-04-07 13:07 1,057 a--sh--- c:\windows\system32\mmf(17)(5).sys
2006-03-31 15:05 1,057 a--sh--- c:\windows\system32\mmf(18)(2).sys
2005-05-23 15:07 1,057 ac-sh--- c:\windows\system32\mmf(18)(3).sys
2005-05-23 15:07 1,057 ac-sh--- c:\windows\system32\mmf(18)(4).sys
2006-04-07 12:57 1,057 a--sh--- c:\windows\system32\mmf(18)(5).sys
2006-03-31 05:36 1,057 a--sh--- c:\windows\system32\mmf(19)(2).sys
2005-05-22 16:23 1,057 ac-sh--- c:\windows\system32\mmf(19)(3).sys
2005-05-22 16:23 1,057 ac-sh--- c:\windows\system32\mmf(19)(4).sys
2006-04-07 08:41 1,057 a--sh--- c:\windows\system32\mmf(19)(5).sys
2004-07-07 14:57 1,057 ac-sh--- c:\windows\system32\mmf(2).sys
2006-03-31 04:37 1,057 a--sh--- c:\windows\system32\mmf(20)(2).sys
2005-05-21 12:31 1,057 ac-sh--- c:\windows\system32\mmf(20)(3).sys
2005-05-21 12:31 1,057 ac-sh--- c:\windows\system32\mmf(20)(4).sys
2006-04-06 23:18 1,057 a--sh--- c:\windows\system32\mmf(20)(5).sys
2006-03-31 00:53 1,057 a--sh--- c:\windows\system32\mmf(21)(2).sys
2005-05-21 02:14 1,057 ac-sh--- c:\windows\system32\mmf(21)(3).sys
2005-05-21 02:14 1,057 ac-sh--- c:\windows\system32\mmf(21)(4).sys
2006-04-06 22:08 1,057 a--sh--- c:\windows\system32\mmf(21)(5).sys
2006-03-31 00:43 1,057 a--sh--- c:\windows\system32\mmf(22)(2).sys
2005-05-21 01:07 1,057 ac-sh--- c:\windows\system32\mmf(22)(3).sys
2005-05-21 01:07 1,057 ac-sh--- c:\windows\system32\mmf(22)(4).sys
2006-03-30 14:48 1,057 a--sh--- c:\windows\system32\mmf(23)(2).sys
2005-05-21 00:41 1,057 ac-sh--- c:\windows\system32\mmf(23)(3).sys
2005-05-21 00:41 1,057 ac-sh--- c:\windows\system32\mmf(23)(4).sys
2006-03-30 13:29 1,057 a--sh--- c:\windows\system32\mmf(24)(2).sys
2005-05-20 19:30 1,057 ac-sh--- c:\windows\system32\mmf(24)(3).sys
2005-05-20 19:30 1,057 ac-sh--- c:\windows\system32\mmf(24)(4).sys
2006-03-29 14:55 1,057 a--sh--- c:\windows\system32\mmf(25)(2).sys
2005-05-20 19:09 1,057 ac-sh--- c:\windows\system32\mmf(25)(3).sys
2005-05-20 19:09 1,057 ac-sh--- c:\windows\system32\mmf(25)(4).sys
2005-05-20 14:47 1,057 ac-sh--- c:\windows\system32\mmf(26)(2).sys
2006-03-29 14:22 1,057 a--sh--- c:\windows\system32\mmf(26)(3).sys
2005-05-19 17:05 1,057 ac-sh--- c:\windows\system32\mmf(27)(2).sys
2006-03-28 22:47 1,057 a--sh--- c:\windows\system32\mmf(27)(3).sys
2005-05-19 15:28 1,057 ac-sh--- c:\windows\system32\mmf(28)(2).sys
2006-04-03 15:57 1,057 a--sh--- c:\windows\system32\mmf(28)(3).sys
2006-03-12 13:41 1,057 a--sh--- c:\windows\system32\mmf(28)(4).sys
2005-05-19 14:50 1,057 ac-sh--- c:\windows\system32\mmf(29)(2).sys
2006-04-01 21:15 1,057 a--sh--- c:\windows\system32\mmf(29)(3).sys
2004-07-07 16:55 1,057 ac-sh--- c:\windows\system32\mmf(3).sys
2005-05-18 18:13 1,057 ac-sh--- c:\windows\system32\mmf(30)(2).sys
2006-04-02 13:06 1,057 a--sh--- c:\windows\system32\mmf(30)(3).sys
2005-05-18 15:23 1,057 ac-sh--- c:\windows\system32\mmf(31)(2).sys
2006-04-03 14:49 1,057 a--sh--- c:\windows\system32\mmf(31)(3).sys
2005-05-18 14:48 1,057 ac-sh--- c:\windows\system32\mmf(32)(2).sys
2005-05-17 22:44 1,057 ac-sh--- c:\windows\system32\mmf(33)(2).sys
2006-04-03 18:21 1,057 a--sh--- c:\windows\system32\mmf(33)(3).sys
2005-05-17 21:50 1,057 ac-sh--- c:\windows\system32\mmf(34)(2).sys
2006-03-14 14:49 1,057 a--sh--- c:\windows\system32\mmf(34)(3).sys
2005-05-17 14:53 1,057 ac-sh--- c:\windows\system32\mmf(35)(2).sys
2006-03-14 18:10 1,057 a--sh--- c:\windows\system32\mmf(35)(3).sys
2005-05-17 14:48 1,057 ac-sh--- c:\windows\system32\mmf(36)(2).sys
2006-03-15 14:49 1,057 a--sh--- c:\windows\system32\mmf(36)(3).sys
2005-05-16 15:08 1,057 ac-sh--- c:\windows\system32\mmf(37)(2).sys
2006-03-15 20:20 1,057 a--sh--- c:\windows\system32\mmf(37)(3).sys
2005-05-16 14:48 1,057 ac-sh--- c:\windows\system32\mmf(38)(2).sys
2006-03-16 14:48 1,057 a--sh--- c:\windows\system32\mmf(38)(3).sys
2005-05-15 23:18 1,057 ac-sh--- c:\windows\system32\mmf(39)(2).sys
2006-03-17 06:49 1,057 a--sh--- c:\windows\system32\mmf(39)(3).sys
2004-07-07 16:52 1,057 ac-sh--- c:\windows\system32\mmf(4).sys
2005-05-15 21:11 1,057 ac-sh--- c:\windows\system32\mmf(40)(2).sys
2006-03-17 14:27 1,057 a--sh--- c:\windows\system32\mmf(40)(3).sys
2005-05-15 18:13 1,057 ac-sh--- c:\windows\system32\mmf(41)(2).sys
2006-03-17 14:50 1,057 a--sh--- c:\windows\system32\mmf(41)(3).sys
2005-05-15 12:36 1,057 ac-sh--- c:\windows\system32\mmf(42)(2).sys
2006-03-18 14:07 1,057 a--sh--- c:\windows\system32\mmf(42)(3).sys
2005-05-15 12:06 1,057 ac-sh--- c:\windows\system32\mmf(43)(2).sys
2006-03-19 01:14 1,057 a--sh--- c:\windows\system32\mmf(43)(3).sys
2005-05-15 11:24 1,057 ac-sh--- c:\windows\system32\mmf(44)(2).sys
2006-03-19 10:45 1,057 a--sh--- c:\windows\system32\mmf(44)(3).sys
2005-05-15 03:48 1,057 ac-sh--- c:\windows\system32\mmf(45)(2).sys
2006-03-19 18:41 1,057 a--sh--- c:\windows\system32\mmf(45)(3).sys
2005-05-14 16:07 1,057 ac-sh--- c:\windows\system32\mmf(46)(2).sys
2006-03-20 14:48 1,057 a--sh--- c:\windows\system32\mmf(46)(3).sys
2005-05-28 13:35 1,057 ac-sh--- c:\windows\system32\mmf(47)(2).sys
2005-05-15 18:13 1,057 ac-sh--- c:\windows\system32\mmf(47)(3).sys
2005-05-14 16:07 1,057 ac-sh--- c:\windows\system32\mmf(48)(2).sys
2005-05-15 03:48 1,057 ac-sh--- c:\windows\system32\mmf(49)(2).sys
2005-05-29 12:34 1,057 ac-sh--- c:\windows\system32\mmf(5)(10).sys
2005-05-28 17:11 1,057 ac-sh--- c:\windows\system32\mmf(5)(11).sys
2006-04-03 15:57 1,057 a--sh--- c:\windows\system32\mmf(5)(12).sys
2006-04-06 21:36 1,057 a--sh--- c:\windows\system32\mmf(5)(13).sys
2006-04-03 15:57 1,057 a--sh--- c:\windows\system32\mmf(5)(14).sys
2006-04-03 15:57 1,057 a--sh--- c:\windows\system32\mmf(5)(15).sys
2006-04-09 16:58 1,057 a--sh--- c:\windows\system32\mmf(5)(16).sys
2008-04-22 02:44 1,057 a--sh--- c:\windows\system32\mmf(5)(17).sys
2004-08-03 22:01 1,057 ac-sh--- c:\windows\system32\mmf(5)(2).sys
2005-05-14 15:09 1,057 ac-sh--- c:\windows\system32\mmf(5)(3).sys
2006-04-06 13:49 1,057 a--sh--- c:\windows\system32\mmf(5)(4).sys
2006-03-28 14:49 1,057 a--sh--- c:\windows\system32\mmf(5)(5).sys
2005-06-01 15:05 1,057 ac-sh--- c:\windows\system32\mmf(5)(6).sys
2005-05-29 12:34 1,057 ac-sh--- c:\windows\system32\mmf(5)(7).sys
2005-05-29 12:34 1,057 ac-sh--- c:\windows\system32\mmf(5)(8).sys
2005-06-12 10:12 1,057 ac-sh--- c:\windows\system32\mmf(5)(9).sys
2005-05-15 21:11 1,057 ac-sh--- c:\windows\system32\mmf(54)(2).sys
2005-05-15 23:18 1,057 ac-sh--- c:\windows\system32\mmf(55)(2).sys
2005-05-16 14:48 1,057 ac-sh--- c:\windows\system32\mmf(56)(2).sys
2005-05-16 15:08 1,057 ac-sh--- c:\windows\system32\mmf(57)(2).sys
2005-05-17 14:48 1,057 ac-sh--- c:\windows\system32\mmf(58)(2).sys
2005-05-17 14:53 1,057 ac-sh--- c:\windows\system32\mmf(59)(2).sys
2005-05-28 01:02 1,057 ac-sh--- c:\windows\system32\mmf(6)(10).sys
2006-04-03 14:49 1,057 a--sh--- c:\windows\system32\mmf(6)(11).sys
2006-04-06 18:45 1,057 a--sh--- c:\windows\system32\mmf(6)(12).sys
2006-04-03 14:49 1,057 a--sh--- c:\windows\system32\mmf(6)(13).sys
2006-04-03 14:49 1,057 a--sh--- c:\windows\system32\mmf(6)(14).sys
2006-04-09 16:15 1,057 a--sh--- c:\windows\system32\mmf(6)(15).sys
2008-04-22 01:20 1,057 a--sh--- c:\windows\system32\mmf(6)(16).sys
2006-02-06 14:48 1,057 a--sh--- c:\windows\system32\mmf(6)(2).sys
2006-04-05 20:53 1,057 a--sh--- c:\windows\system32\mmf(6)(3).sys
2005-05-30 16:47 1,057 ac-sh--- c:\windows\system32\mmf(6)(4).sys
2005-05-28 20:27 1,057 ac-sh--- c:\windows\system32\mmf(6)(5).sys
2005-05-15 03:48 1,057 ac-sh--- c:\windows\system32\mmf(6)(6).sys
2005-06-12 09:59 1,057 ac-sh--- c:\windows\system32\mmf(6)(7).sys
2005-05-28 20:27 1,057 ac-sh--- c:\windows\system32\mmf(6)(8).sys
2005-05-15 12:36 1,057 ac-sh--- c:\windows\system32\mmf(6)(9).sys
2005-05-17 21:50 1,057 ac-sh--- c:\windows\system32\mmf(60)(2).sys
2005-05-17 22:44 1,057 ac-sh--- c:\windows\system32\mmf(61)(2).sys
2006-03-11 23:36 1,057 a--sh--- c:\windows\system32\mmf(61)(3).sys
2005-05-18 14:48 1,057 ac-sh--- c:\windows\system32\mmf(62)(2).sys
2006-03-11 14:48 1,057 a--sh--- c:\windows\system32\mmf(62)(3).sys
2005-05-18 15:23 1,057 ac-sh--- c:\windows\system32\mmf(63)(2).sys
2006-03-10 12:29 1,057 a--sh--- c:\windows\system32\mmf(63)(3).sys
2005-05-18 18:13 1,057 ac-sh--- c:\windows\system32\mmf(64)(2).sys
2006-03-09 15:19 1,057 a--sh--- c:\windows\system32\mmf(64)(3).sys
2005-05-19 14:50 1,057 ac-sh--- c:\windows\system32\mmf(65)(2).sys
2006-03-08 12:33 1,057 a--sh--- c:\windows\system32\mmf(65)(3).sys
2006-03-07 16:58 1,057 a--sh--- c:\windows\system32\mmf(66)(2).sys
2006-03-07 14:33 1,057 a--sh--- c:\windows\system32\mmf(67)(2).sys
2006-03-07 11:57 1,057 a--sh--- c:\windows\system32\mmf(68)(2).sys
2006-03-06 11:20 1,057 a--sh--- c:\windows\system32\mmf(69)(2).sys
2006-10-03 21:08 1,057 a--sh--- c:\windows\system32\mmf(7)(10).sys
2006-04-02 13:06 1,057 a--sh--- c:\windows\system32\mmf(7)(11).sys
2006-04-02 13:06 1,057 a--sh--- c:\windows\system32\mmf(7)(12).sys
2006-04-09 13:05 1,057 a--sh--- c:\windows\system32\mmf(7)(13).sys
2008-04-22 00:51 1,057 a--sh--- c:\windows\system32\mmf(7)(14).sys
2006-04-05 20:47 1,057 a--sh--- c:\windows\system32\mmf(7)(2).sys
2006-04-02 13:06 1,057 a--sh--- c:\windows\system32\mmf(7)(3).sys
2005-05-28 20:17 1,057 ac-sh--- c:\windows\system32\mmf(7)(4).sys
2005-05-15 11:24 1,057 ac-sh--- c:\windows\system32\mmf(7)(5).sys
2005-06-11 19:28 1,057 ac-sh--- c:\windows\system32\mmf(7)(6).sys
2005-05-28 20:17 1,057 ac-sh--- c:\windows\system32\mmf(7)(7).sys
2005-05-15 12:06 1,057 ac-sh--- c:\windows\system32\mmf(7)(8).sys
2005-05-27 14:47 1,057 ac-sh--- c:\windows\system32\mmf(7)(9).sys
2006-03-05 22:35 1,057 a--sh--- c:\windows\system32\mmf(70)(2).sys
2006-03-05 11:20 1,057 a--sh--- c:\windows\system32\mmf(71)(2).sys
2006-03-04 21:51 1,057 a--sh--- c:\windows\system32\mmf(72)(2).sys
2006-03-04 14:22 1,057 a--sh--- c:\windows\system32\mmf(73)(2).sys
2006-03-04 10:40 1,057 a--sh--- c:\windows\system32\mmf(74)(2).sys
2006-04-02 13:06 1,057 a--sh--- c:\windows\system32\mmf(75)(2).sys
2006-04-01 21:15 1,057 a--sh--- c:\windows\system32\mmf(8)(10).sys
2006-04-01 21:15 1,057 a--sh--- c:\windows\system32\mmf(8)(11).sys
2006-04-09 12:03 1,057 a--sh--- c:\windows\system32\mmf(8)(12).sys
2008-04-20 13:21 1,057 a--sh--- c:\windows\system32\mmf(8)(13).sys
2006-04-05 20:40 1,057 a--sh--- c:\windows\system32\mmf(8)(2).sys
2006-04-01 21:15 1,057 a--sh--- c:\windows\system32\mmf(8)(3).sys
2005-05-28 17:11 1,057 ac-sh--- c:\windows\system32\mmf(8)(4).sys
2005-05-15 12:06 1,057 ac-sh--- c:\windows\system32\mmf(8)(5).sys
2005-06-11 19:19 1,057 ac-sh--- c:\windows\system32\mmf(8)(6).sys
2005-05-28 17:11 1,057 ac-sh--- c:\windows\system32\mmf(8)(7).sys
2005-05-15 11:24 1,057 ac-sh--- c:\windows\system32\mmf(8)(8).sys
2005-05-26 21:30 1,057 ac-sh--- c:\windows\system32\mmf(8)(9).sys
2006-04-03 23:02 1,057 a--sh--- c:\windows\system32\mmf(87)(2).sys
2006-04-04 07:31 1,057 a--sh--- c:\windows\system32\mmf(88)(2).sys
2006-04-04 09:35 1,057 a--sh--- c:\windows\system32\mmf(89)(2).sys
2006-04-01 11:49 1,057 a--sh--- c:\windows\system32\mmf(9)(10).sys
2006-04-09 11:43 1,057 a--sh--- c:\windows\system32\mmf(9)(11).sys
2006-04-01 11:49 1,057 a--sh--- c:\windows\system32\mmf(9)(12).sys
2006-04-05 20:20 1,057 a--sh--- c:\windows\system32\mmf(9)(2).sys
2006-04-01 11:49 1,057 a--sh--- c:\windows\system32\mmf(9)(3).sys
2005-05-28 13:35 1,057 ac-sh--- c:\windows\system32\mmf(9)(4).sys
2005-05-15 12:36 1,057 ac-sh--- c:\windows\system32\mmf(9)(5).sys
2005-06-11 22:59 1,057 ac-sh--- c:\windows\system32\mmf(9)(6).sys
2005-05-28 13:35 1,057 ac-sh--- c:\windows\system32\mmf(9)(7).sys
2005-05-14 15:09 1,057 ac-sh--- c:\windows\system32\mmf(9)(8).sys
2006-04-06 14:50 1,057 a--sh--- c:\windows\system32\mmf(9)(9).sys
2006-04-04 12:16 1,057 a--sh--- c:\windows\system32\mmf(90)(2).sys
2005-06-01 11:19 1,057 ac-sh--- c:\windows\system32\mmf(90)(3).sys
2006-04-04 14:52 1,057 a--sh--- c:\windows\system32\mmf(91)(2).sys
2006-04-05 15:09 1,057 a--sh--- c:\windows\system32\mmf(92)(2).sys
2006-04-05 15:24 1,057 a--sh--- c:\windows\system32\mmf(93)(2).sys
2006-04-01 11:49 1,057 a--sh--- c:\windows\system32\mmf(99)(2).sys
2004-12-17 15:29 71 ac-sh--- c:\windows\system32\SYSDRVREB.SYS

============= FINISH: 23:28:06.21 ===============

**amateur** · 06-08-2009, 02:16 PM

Hello and welcome to TSF.

I cannot see any antivirus installed on this computer. Is there any specific reason for that? It's extremely dangerous to be online without the protection of an antivirus, which is an open invitation for infection. We'll have to address this issue when the machine is clean. Please stay disconnected from the internet in the mean time, except for communicating with us.

Norton Internet Worm Protection is not in your installed programs list, but still detected in the DSS log, albeit disabled. Do you have it installed? Or, could it be a leftover from the uninstall?

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Download & save ComboFix to your Desktop but don't run it yet

---------------------------------------------------------------------------------------------

Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work)
Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop
Click Format and ensure Wordwrap is unchecked.

Code:

DDS::
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll

Save this as "CFScript"

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click here if you you need further information.

Referring to the picture above, drag CFScript.txt into ComboFix.exe

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

klowery11115 · 06-08-2009, 07:29 PM

ComboFix 09-06-08.02 - Owner 06/08/2009 21:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.99 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
c:\program files\Common Files\uninstall information
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
C:\SETUP.BAT
c:\windows\patch.exe
c:\windows\sv.dat
c:\windows\system32\42KJE738.ocx
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\otjmxh.dat
c:\windows\system32\otjmxh_navup.dat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\taskmgr.com
c:\windows\system32\tmp.reg
c:\windows\system32\Ultra.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LSASS
-------\Legacy_RKHIT
-------\Legacy_WINDOWS_VISFX_COMPONENTS

((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-08 13:05 . 2009-06-08 13:05 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-08 13:04 . 2009-06-08 13:04 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-08 12:06 . 2009-06-08 12:06 -------- dc----w- c:\documents and settings\big sweener\Local Settings\Application Data\Apple Computer
2009-05-30 05:23 . 2009-05-30 05:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 05:16 . 2009-05-30 05:16 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-05-30 05:12 . 2009-05-30 05:12 -------- d-----w- c:\windows\ie8updates
2009-05-30 05:11 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-30 05:09 . 2009-05-30 05:10 -------- dc-h--w- c:\windows\ie8
2009-05-27 01:17 . 2009-05-27 01:17 321536 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\engine_vx.dll
2009-05-27 01:16 . 2009-05-27 01:16 18724 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\bass.dll
2009-05-27 01:16 . 2009-05-27 01:16 26200 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll
2009-05-27 01:16 . 2009-05-27 01:16 16952 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll
2009-05-27 01:16 . 2009-05-27 01:16 15416 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll
2009-05-27 01:16 . 2009-05-27 01:16 14392 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll
2009-05-27 01:16 . 2009-05-27 01:16 13984 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll
2009-05-27 01:16 . 2009-05-27 01:16 10808 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll
2009-05-22 02:37 . 2002-11-05 23:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-18 01:04 . 2009-05-18 01:04 2967799 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-15 18:41 . 2009-05-15 18:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Napster
2009-05-15 11:52 . 2009-05-17 02:10 -------- dc----w- C:\Downloads
2009-05-15 11:35 . 2009-05-15 11:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DNA
2009-05-15 11:35 . 2009-06-09 05:08 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-05-15 11:35 . 2009-06-08 19:20 -------- d-----w- c:\program files\DNA
2009-05-11 15:51 . 2009-05-11 15:51 -------- d-----w- c:\program files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 05:10 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf.sys
2009-06-07 12:14 . 2006-12-15 00:09 -------- d-----w- c:\program files\AIM6
2009-06-06 13:46 . 2008-02-04 02:53 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-06 07:21 . 2004-12-07 02:09 -------- d-----w- c:\program files\Common Files\Motive
2009-06-06 07:15 . 2004-12-28 10:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-06 07:13 . 2006-11-21 05:37 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-06 04:30 . 2004-12-07 02:09 -------- d-----w- c:\program files\SBC Self Support Tool
2009-06-06 04:28 . 2003-08-24 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-05-18 01:04 . 2008-11-16 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-15 18:41 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-09 19:09 . 2004-12-03 05:16 -------- d-----w- c:\program files\Yahoo!
2009-05-06 17:02 . 2008-12-23 07:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-04-06 23:32 . 2008-11-16 02:37 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:32 . 2008-11-16 02:37 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-28 02:41 . 2009-03-28 02:41 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2005-11-26 22:48 . 2005-11-26 22:49 774144 -c--a-w- c:\program files\RngInterstitial.dll
2001-09-29 01:00 . 2005-03-16 07:34 164864 -c--a-w- c:\program files\UNWISE.EXE
2005-09-20 08:05 . 2004-01-18 17:29 152 -csh--r- c:\windows\system32\3741FB9001.sys
2003-12-29 06:15 . 2003-12-26 02:07 56 -csh--r- c:\windows\system32\BC2C6383F0.sys
2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(10)(2).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(3).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(4).sys
2005-05-31 00:47 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(10)(5).sys
2006-04-09 18:20 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(10)(6).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(100)(2).sys
2006-03-13 22:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(104)(2).sys
2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(11)(2).sys
2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(3).sys
2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(4).sys
2006-04-09 16:51 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(11)(5).sys
2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(12)(2).sys
2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(3).sys
2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(4).sys
2006-04-09 15:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(12)(5).sys
2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(13)(2).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(3).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(4).sys
2006-04-08 23:04 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(13)(5).sys
2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(14)(2).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(3).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(4).sys
2006-04-08 09:21 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(14)(5).sys
2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(15)(2).sys
2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(3).sys
2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(4).sys
2006-04-08 08:52 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(15)(5).sys
2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(16)(2).sys
2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(3).sys
2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(4).sys
2006-04-07 22:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(16)(5).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(17)(2).sys
2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(3).sys
2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(4).sys
2006-04-07 21:07 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(17)(5).sys
2006-03-31 23:05 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(18)(2).sys
2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(3).sys
2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(4).sys
2006-04-07 20:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(18)(5).sys
2006-03-31 13:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(19)(2).sys
2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(3).sys
2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(4).sys
2006-04-07 16:41 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(19)(5).sys
2004-07-07 22:57 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(2).sys
2006-03-31 12:37 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(20)(2).sys
2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(3).sys
2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(4).sys
2006-04-07 07:18 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(20)(5).sys
2006-03-31 08:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(21)(2).sys
2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(3).sys
2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(4).sys
2006-04-07 06:08 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(21)(5).sys
2006-03-31 08:43 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(22)(2).sys
2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(3).sys
2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(4).sys
2006-03-30 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(23)(2).sys
2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(3).sys
2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(4).sys
2006-03-30 21:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(24)(2).sys
2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(3).sys
2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(4).sys
2006-03-29 22:55 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(25)(2).sys
2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(3).sys
2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(4).sys
2005-05-20 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(26)(2).sys
2006-03-29 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(26)(3).sys
2005-05-20 01:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(27)(2).sys
2006-03-29 06:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(27)(3).sys
2005-05-19 23:28 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(28)(2).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(3).sys
2006-03-12 21:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(4).sys
2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(29)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(29)(3).sys
2004-07-08 00:55 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(3).sys
2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(30)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(30)(3).sys
2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(31)(2).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(31)(3).sys
2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(32)(2).sys
2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(33)(2).sys
2006-04-04 02:21 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(33)(3).sys
2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(34)(2).sys
2006-03-14 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(34)(3).sys
2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(35)(2).sys
2006-03-15 02:10 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(35)(3).sys
2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(36)(2).sys
2006-03-15 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(36)(3).sys
2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(37)(2).sys
2006-03-16 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(37)(3).sys
2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(38)(2).sys
2006-03-16 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(38)(3).sys
2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(39)(2).sys
2006-03-17 14:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(39)(3).sys
2004-07-08 00:52 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(4).sys
2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(40)(2).sys
2006-03-17 22:27 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(40)(3).sys
2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(41)(2).sys
2006-03-17 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(41)(3).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(42)(2).sys
2006-03-18 22:07 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(42)(3).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(43)(2).sys
2006-03-19 09:14 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(43)(3).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(44)(2).sys
2006-03-19 18:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(44)(3).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(45)(2).sys
2006-03-20 02:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(45)(3).sys
2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(46)(2).sys
2006-03-20 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(46)(3).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(2).sys
2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(3).sys
2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(48)(2).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(49)(2).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(10).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(11).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(12).sys
2006-04-07 05:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(13).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(14).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(15).sys
2006-04-10 00:58 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(5)(16).sys
2008-04-22 10:44 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(5)(17).sys
2004-08-04 06:01 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(2).sys
2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(3).sys
2006-04-06 21:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(4).sys
2006-03-28 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(5).sys
2005-06-01 23:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(6).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(7).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(8).sys
2005-06-12 18:12 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(5)(9).sys
2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(54)(2).sys
2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(55)(2).sys
2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(56)(2).sys
2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(57)(2).sys
2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(58)(2).sys
2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(59)(2).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(10).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(11).sys
2006-04-07 02:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(12).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(13).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(14).sys
2006-04-10 00:15 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(6)(15).sys
2008-04-22 09:20 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(6)(16).sys
2006-02-06 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(2).sys
2006-04-06 04:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(3).sys
2005-05-31 00:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(4).sys
2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(5).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(6).sys
2005-06-12 17:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(6)(7).sys
2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(8).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(9).sys
2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(60)(2).sys
2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(61)(2).sys
2006-03-12 07:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(61)(3).sys
2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(62)(2).sys
2006-03-11 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(62)(3).sys
2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(63)(2).sys
2006-03-10 20:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(63)(3).sys
2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(64)(2).sys
2006-03-09 23:19 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(64)(3).sys
2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(65)(2).sys
2006-03-08 20:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(65)(3).sys
2006-03-08 00:58 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(66)(2).sys
2006-03-07 22:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(67)(2).sys
2006-03-07 19:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(68)(2).sys
2006-03-06 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(69)(2).sys
2006-10-04 05:08 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(10).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(11).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(12).sys
2006-04-09 21:05 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(7)(13).sys
2008-04-22 08:51 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(7)(14).sys
2006-04-06 04:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(3).sys
2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(4).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(5).sys
2005-06-12 03:28 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(7)(6).sys
2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(7).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(8).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(9).sys
2006-03-06 06:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(70)(2).sys
2006-03-05 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(71)(2).sys
2006-03-05 05:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(72)(2).sys
2006-03-04 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(73)(2).sys
2006-03-04 18:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(74)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(75)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(10).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(11).sys
2006-04-09 20:03 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(8)(12).sys
2008-04-20 21:21 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(8)(13).sys
2006-04-06 04:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(3).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(4).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(5).sys
2005-06-12 03:19 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(8)(6).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(7).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(8).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(9).sys
2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(87)(2).sys
2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(88)(2).sys
2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(89)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(10).sys
2006-04-09 19:43 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(9)(11).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(12).sys
2006-04-06 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(3).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(4).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(5).sys
2005-06-12 06:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(9)(6).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(7).sys
2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(8).sys
2006-04-06 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(9).sys
2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(90)(2).sys
2005-06-01 19:19 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(90)(3).sys
2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(91)(2).sys
2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(92)(2).sys
2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(93)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(99)(2).sys
2004-12-17 23:29 . 2004-12-17 23:29 71 -csha-w- c:\windows\system32\SYSDRVREB.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-15 321344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-02-01 102400]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-24 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-8-28 552960]

c:\documents and settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\wab.exe"=
"c:\\Program Files\\JavaSoft\\JRE1.4\\1.4.2\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8575:TCP"= 8575:TCP:BitComet 8575 TCP
"8575:UDP"= 8575:UDP:BitComet 8575 UDP
"990:TCP"= 990:TCP:yty
"999:TCP"= 999:TCP:fgh
"5678:TCP"= 5678:TCP:sft
"5679:TCP"= 5679:TCP:tyio66
"5721:TCP"= 5721:TCP:uwwf
"17093:TCP"= 17093:TCP:BitComet 17093 TCP
"17093:UDP"= 17093:UDP:BitComet 17093 UDP

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [1/25/2004 7:00 PM 2560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/29/2007 4:26 PM 24652]
R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [1/17/2004 9:01 PM 30112]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12/17/2008 8:36 PM 33792]
S2 mrtRate;mrtRate; [x]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/6/2007 2:58 PM 42112]
S3 pohci13F;pohci13F; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]

2009-01-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
HKCU-Run-Aim6 - (no file)
SafeBoot-procexp90.Sys
MSConfigStartUp-CTFMON - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &AIM Search
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
LSP: c:\windows\system32\DRWEBSP.DLL
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 21:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1033579849-865041543-3952056309-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6]
"1"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,36,b1,2e,f7,56,49,5f,
1a
"2"=hex:75,4f,d5,56,e6,9d,1a,13,c8,71,03,1e,73,6c,6e,62,58,a8,9a,49,4f,b9,cd,
0f,5b,63,25,a5,82,25,ac,36
"3"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,f0,b4,6d,ee,bc,c7,ac,
0b,c8,17,e0,ea,3a,b9,a9,b3,2b,85,23,84,db,a5,db,15,57,06,da,7a,f2,b6,f8,62,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6\BC8EEB13EC0E80C548E5EE71D72FCCB1]
"1"=hex:7e,63,ed,e4,ff,c6,da,b0,3c,b3,ff,e0,03,2b,bc,b2,da,51,f5,e7,5b,21,e3,
14
"2"=hex:ff,46,a9,cd,53,d2,ef,98
"3"=hex:04,d1,c8,a3,3b,6b,9d,2b,f4,66,3f,34,93,65,a4,2e,0e,13,96,f1,e8,c7,83,
09,69,d3,c6,5b,db,c3,51,5e,90,dd,dd,a5,d2,90,5b,e1,ca,b0,b2,49,e8,b2,87,c4,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,56,45,d4,09,32,3d,f1,
bb,f7,48,93,b9,38,3c,15,e4,8d,f5,b4,8e,82,72,66,0b,c7,96,98,35,f9,2a,2c,db,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,1a,71,d0,d8,f4,aa,c9,dc,12,96,5a,35,4b,e0,a7,
97,aa,2b,0b,0b,17,06,5b,f5,f7,ed,c8,65,48,a5,05,1f,94,84,cd,49,ed,e7,fc,e7
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:55,0c,d6,b4,90,c5,27,45
"11"=hex:7d,ba,74,77,fe,09,92,36
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\DRWEBSP.DLL

- - - - - - - > 'explorer.exe'(628)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-09 21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 05:19

Pre-Run: 56,440,389,632 bytes free
Post-Run: 56,348,803,072 bytes free

489 --- E O F --- 2009-05-30 05:13

**amateur** · 06-08-2009, 08:42 PM

Hi,

I have not received any answers to my inquiries about the antivirus and the Norton Internet Worm Protection.

=============================

It appears that you're using BitTorrent DNA, which is a P2P file sharing program. This practice can make you vulnerable to data and identity theft. Please read this sticky:

Perils of P2P File Sharing

I would strongly urge you to remove it via Add or Remove Programs in Control Panel as suggested in our
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help page.

Quote:

p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link

=============================

Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add or Remove Programs):

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Web Start
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Java(TM) 6 Update 13 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

=============================

Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop
Click Format and ensure Wordwrap is unchecked.

Code:

DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\JavaSoft\\JRE1.4\\1.4.2\\bin\\javaw.exe"=-
"c:\\WINDOWS\\system32\\wjview.exe"=-
"c:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8575:TCP"=-
"8575:UDP"=-
"990:TCP"=-
"999:TCP"=-
"5678:TCP"=-
"5679:TCP"=-
"5721:TCP"=-
"17093:TCP"=-
"17093:UDP"=-

Driver::
mrtRate
pohci13F

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

==============================

Perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

===========================

Please include the following in your next reply:

Combofix.txt
Kaspersky report
Antivirus and firewall information
Feedback on how the computer is behaving now

klowery11115 · 06-09-2009, 12:31 AM

yeah about that anti virus i have spyboy search and destory and systemcare and Malwarebytes' Anti-Malware program

klowery11115 · 06-09-2009, 04:45 AM

ComboFix 09-06-08.03 - Owner 06/09/2009 2:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.104 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRTRATE
-------\Legacy_POHCI13F
-------\Service_mrtRate
-------\Service_pohci13F

((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-08 13:05 . 2009-06-08 13:05 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-08 13:04 . 2009-06-08 13:04 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-05-30 05:23 . 2009-05-30 05:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 05:16 . 2009-05-30 05:16 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-05-30 05:12 . 2009-05-30 05:12 -------- d-----w- c:\windows\ie8updates
2009-05-30 05:11 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-30 05:09 . 2009-05-30 05:10 -------- dc-h--w- c:\windows\ie8
2009-05-27 01:17 . 2009-05-27 01:17 321536 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\engine_vx.dll
2009-05-27 01:16 . 2009-05-27 01:16 18724 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\bass.dll
2009-05-27 01:16 . 2009-05-27 01:16 26200 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll
2009-05-27 01:16 . 2009-05-27 01:16 16952 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll
2009-05-27 01:16 . 2009-05-27 01:16 15416 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll
2009-05-27 01:16 . 2009-05-27 01:16 14392 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll
2009-05-27 01:16 . 2009-05-27 01:16 13984 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll
2009-05-27 01:16 . 2009-05-27 01:16 10808 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll
2009-05-22 02:37 . 2002-11-05 23:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-18 01:04 . 2009-05-18 01:04 2967799 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-15 18:41 . 2009-06-09 10:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Napster
2009-05-15 11:52 . 2009-05-17 02:10 -------- dc----w- C:\Downloads
2009-05-11 15:51 . 2009-05-11 15:51 -------- d-----w- c:\program files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 10:48 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf.sys
2009-06-09 10:28 . 2004-05-25 22:26 -------- d-----w- c:\program files\Common Files\Java
2009-06-09 10:28 . 2003-12-25 18:46 -------- d-----w- c:\program files\Java
2009-06-09 10:13 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 12:14 . 2006-12-15 00:09 -------- d-----w- c:\program files\AIM6
2009-06-06 13:46 . 2008-02-04 02:53 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-06 07:21 . 2004-12-07 02:09 -------- d-----w- c:\program files\Common Files\Motive
2009-06-06 07:15 . 2004-12-28 10:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-06 07:13 . 2006-11-21 05:37 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-06 04:30 . 2004-12-07 02:09 -------- d-----w- c:\program files\SBC Self Support Tool
2009-06-06 04:28 . 2003-08-24 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-05-18 01:04 . 2008-11-16 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-09 19:09 . 2004-12-03 05:16 -------- d-----w- c:\program files\Yahoo!
2009-05-06 17:02 . 2008-12-23 07:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-04-06 23:32 . 2008-11-16 02:37 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:32 . 2008-11-16 02:37 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-28 02:41 . 2009-03-28 02:41 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2005-11-26 22:48 . 2005-11-26 22:49 774144 -c--a-w- c:\program files\RngInterstitial.dll
2001-09-29 01:00 . 2005-03-16 07:34 164864 -c--a-w- c:\program files\UNWISE.EXE
2005-09-20 08:05 . 2004-01-18 17:29 152 -csh--r- c:\windows\system32\3741FB9001.sys
2003-12-29 06:15 . 2003-12-26 02:07 56 -csh--r- c:\windows\system32\BC2C6383F0.sys
2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(10)(2).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(3).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(4).sys
2005-05-31 00:47 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(10)(5).sys
2006-04-09 18:20 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(10)(6).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(100)(2).sys
2006-03-13 22:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(104)(2).sys
2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(11)(2).sys
2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(3).sys
2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(4).sys
2006-04-09 16:51 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(11)(5).sys
2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(12)(2).sys
2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(3).sys
2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(4).sys
2006-04-09 15:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(12)(5).sys
2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(13)(2).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(3).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(4).sys
2006-04-08 23:04 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(13)(5).sys
2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(14)(2).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(3).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(4).sys
2006-04-08 09:21 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(14)(5).sys
2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(15)(2).sys
2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(3).sys
2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(4).sys
2006-04-08 08:52 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(15)(5).sys
2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(16)(2).sys
2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(3).sys
2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(4).sys
2006-04-07 22:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(16)(5).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(17)(2).sys
2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(3).sys
2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(4).sys
2006-04-07 21:07 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(17)(5).sys
2006-03-31 23:05 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(18)(2).sys
2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(3).sys
2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(4).sys
2006-04-07 20:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(18)(5).sys
2006-03-31 13:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(19)(2).sys
2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(3).sys
2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(4).sys
2006-04-07 16:41 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(19)(5).sys
2004-07-07 22:57 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(2).sys
2006-03-31 12:37 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(20)(2).sys
2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(3).sys
2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(4).sys
2006-04-07 07:18 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(20)(5).sys
2006-03-31 08:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(21)(2).sys
2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(3).sys
2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(4).sys
2006-04-07 06:08 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(21)(5).sys
2006-03-31 08:43 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(22)(2).sys
2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(3).sys
2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(4).sys
2006-03-30 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(23)(2).sys
2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(3).sys
2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(4).sys
2006-03-30 21:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(24)(2).sys
2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(3).sys
2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(4).sys
2006-03-29 22:55 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(25)(2).sys
2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(3).sys
2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(4).sys
2005-05-20 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(26)(2).sys
2006-03-29 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(26)(3).sys
2005-05-20 01:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(27)(2).sys
2006-03-29 06:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(27)(3).sys
2005-05-19 23:28 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(28)(2).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(3).sys
2006-03-12 21:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(4).sys
2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(29)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(29)(3).sys
2004-07-08 00:55 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(3).sys
2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(30)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(30)(3).sys
2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(31)(2).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(31)(3).sys
2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(32)(2).sys
2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(33)(2).sys
2006-04-04 02:21 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(33)(3).sys
2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(34)(2).sys
2006-03-14 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(34)(3).sys
2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(35)(2).sys
2006-03-15 02:10 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(35)(3).sys
2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(36)(2).sys
2006-03-15 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(36)(3).sys
2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(37)(2).sys
2006-03-16 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(37)(3).sys
2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(38)(2).sys
2006-03-16 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(38)(3).sys
2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(39)(2).sys
2006-03-17 14:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(39)(3).sys
2004-07-08 00:52 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(4).sys
2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(40)(2).sys
2006-03-17 22:27 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(40)(3).sys
2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(41)(2).sys
2006-03-17 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(41)(3).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(42)(2).sys
2006-03-18 22:07 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(42)(3).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(43)(2).sys
2006-03-19 09:14 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(43)(3).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(44)(2).sys
2006-03-19 18:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(44)(3).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(45)(2).sys
2006-03-20 02:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(45)(3).sys
2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(46)(2).sys
2006-03-20 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(46)(3).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(2).sys
2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(3).sys
2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(48)(2).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(49)(2).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(10).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(11).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(12).sys
2006-04-07 05:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(13).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(14).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(15).sys
2006-04-10 00:58 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(5)(16).sys
2008-04-22 10:44 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(5)(17).sys
2004-08-04 06:01 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(2).sys
2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(3).sys
2006-04-06 21:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(4).sys
2006-03-28 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(5).sys
2005-06-01 23:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(6).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(7).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(8).sys
2005-06-12 18:12 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(5)(9).sys
2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(54)(2).sys
2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(55)(2).sys
2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(56)(2).sys
2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(57)(2).sys
2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(58)(2).sys
2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(59)(2).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(10).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(11).sys
2006-04-07 02:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(12).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(13).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(14).sys
2006-04-10 00:15 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(6)(15).sys
2008-04-22 09:20 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(6)(16).sys
2006-02-06 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(2).sys
2006-04-06 04:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(3).sys
2005-05-31 00:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(4).sys
2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(5).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(6).sys
2005-06-12 17:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(6)(7).sys
2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(8).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(9).sys
2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(60)(2).sys
2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(61)(2).sys
2006-03-12 07:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(61)(3).sys
2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(62)(2).sys
2006-03-11 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(62)(3).sys
2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(63)(2).sys
2006-03-10 20:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(63)(3).sys
2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(64)(2).sys
2006-03-09 23:19 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(64)(3).sys
2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(65)(2).sys
2006-03-08 20:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(65)(3).sys
2006-03-08 00:58 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(66)(2).sys
2006-03-07 22:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(67)(2).sys
2006-03-07 19:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(68)(2).sys
2006-03-06 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(69)(2).sys
2006-10-04 05:08 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(10).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(11).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(12).sys
2006-04-09 21:05 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(7)(13).sys
2008-04-22 08:51 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(7)(14).sys
2006-04-06 04:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(3).sys
2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(4).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(5).sys
2005-06-12 03:28 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(7)(6).sys
2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(7).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(8).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(9).sys
2006-03-06 06:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(70)(2).sys
2006-03-05 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(71)(2).sys
2006-03-05 05:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(72)(2).sys
2006-03-04 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(73)(2).sys
2006-03-04 18:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(74)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(75)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(10).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(11).sys
2006-04-09 20:03 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(8)(12).sys
2008-04-20 21:21 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(8)(13).sys
2006-04-06 04:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(3).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(4).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(5).sys
2005-06-12 03:19 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(8)(6).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(7).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(8).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(9).sys
2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(87)(2).sys
2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(88)(2).sys
2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(89)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(10).sys
2006-04-09 19:43 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(9)(11).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(12).sys
2006-04-06 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(3).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(4).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(5).sys
2005-06-12 06:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(9)(6).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(7).sys
2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(8).sys
2006-04-06 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(9).sys
2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(90)(2).sys
2005-06-01 19:19 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(90)(3).sys
2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(91)(2).sys
2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(92)(2).sys
2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(93)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(99)(2).sys
2004-12-17 23:29 . 2004-12-17 23:29 71 -csha-w- c:\windows\system32\SYSDRVREB.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-06-09_05.11.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-09 10:48 . 2009-06-09 10:48 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2009-06-09 10:45 . 2009-06-09 10:45 60416 c:\windows\Temp\Perflib_Perfdata__755.dat
- 2009-06-09 05:08 . 2009-06-09 05:08 60416 c:\windows\Temp\Perflib_Perfdata__755.dat
+ 2009-06-09 06:47 . 2009-06-09 06:47 53248 c:\windows\Temp\catchme.dll
- 2009-06-09 05:11 . 2009-06-09 05:11 53248 c:\windows\Temp\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-02-01 102400]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-24 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-8-28 552960]

c:\documents and settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\wab.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [1/25/2004 7:00 PM 2560]
R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [1/17/2004 9:01 PM 30112]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12/17/2008 8:36 PM 33792]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/6/2007 2:58 PM 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]

2009-01-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &AIM Search
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
LSP: c:\windows\system32\DRWEBSP.DLL
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1033579849-865041543-3952056309-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6]
"1"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,36,b1,2e,f7,56,49,5f,
1a
"2"=hex:75,4f,d5,56,e6,9d,1a,13,c8,71,03,1e,73,6c,6e,62,58,a8,9a,49,4f,b9,cd,
0f,5b,63,25,a5,82,25,ac,36
"3"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,f0,b4,6d,ee,bc,c7,ac,
0b,c8,17,e0,ea,3a,b9,a9,b3,2b,85,23,84,db,a5,db,15,57,06,da,7a,f2,b6,f8,62,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6\BC8EEB13EC0E80C548E5EE71D72FCCB1]
"1"=hex:7e,63,ed,e4,ff,c6,da,b0,3c,b3,ff,e0,03,2b,bc,b2,da,51,f5,e7,5b,21,e3,
14
"2"=hex:ff,46,a9,cd,53,d2,ef,98
"3"=hex:04,d1,c8,a3,3b,6b,9d,2b,f4,66,3f,34,93,65,a4,2e,0e,13,96,f1,e8,c7,83,
09,69,d3,c6,5b,db,c3,51,5e,90,dd,dd,a5,d2,90,5b,e1,ca,b0,b2,49,e8,b2,87,c4,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,56,45,d4,09,32,3d,f1,
bb,f7,48,93,b9,38,3c,15,e4,8d,f5,b4,8e,82,72,66,0b,c7,96,98,35,f9,2a,2c,db,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,1a,71,d0,d8,f4,aa,c9,dc,12,96,5a,35,4b,e0,a7,
97,aa,2b,0b,0b,17,06,5b,f5,f7,ed,c8,65,48,a5,05,1f,94,84,cd,49,ed,e7,fc,e7
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:55,0c,d6,b4,90,c5,27,45
"11"=hex:7d,ba,74,77,fe,09,92,36
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\DRWEBSP.DLL

- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-09 22:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 06:54
ComboFix2.txt 2009-06-09 05:19

Pre-Run: 56,327,225,344 bytes free
Post-Run: 56,329,396,224 bytes free

446 --- E O F --- 2009-05-30 05:13

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 09, 2009 08:46:59
Records in database: 2330123
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 105701
Threat name: 7
Infected objects: 46
Suspicious objects: 0
Duration of the scan: 02:42:09

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AAC7B61.exe Infected: not-a-virus:AdWare.Win32.BlazeFind.b 1
C:\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a00724 Infected: Trojan-Clicker.Win32.VB.ku 1
C:\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a02536 Infected: Trojan-Clicker.Win32.VB.ku 1
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-3973bd34-645e9210.zip.bac_a02536 Infected: Trojan.Java.Femad 4
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-3973bd34-645e9210.zip.bac_a02536 Infected: Hoax.Win32.Renos.bb 1
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-5d6c59a1-5d7f637a.zip.bac_a02536 Infected: Trojan.Java.Femad 4
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-5d6c59a1-5d7f637a.zip.bac_a02536 Infected: Trojan-Downloader.Win32.Tiny.bw 1
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-5f5cccb6-64350184.zip.bac_a02536 Infected: Trojan.Java.Femad 4
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-5f5cccb6-64350184.zip.bac_a02536 Infected: Trojan.Win32.Small.ev 1
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-76c9ea78-504f5bbf.zip.bac_a02536 Infected: Trojan.Java.Femad 4
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-76c9ea78-504f5bbf.zip.bac_a02536 Infected: Trojan.Win32.Small.ev 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a00724 Infected: Trojan-Clicker.Win32.VB.ku 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a02536 Infected: Trojan-Clicker.Win32.VB.ku 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-3973bd34-645e9210.zip.bac_a02536 Infected: Trojan.Java.Femad 4
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-3973bd34-645e9210.zip.bac_a02536 Infected: Hoax.Win32.Renos.bb 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-5d6c59a1-5d7f637a.zip.bac_a02536 Infected: Trojan.Java.Femad 4
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-5d6c59a1-5d7f637a.zip.bac_a02536 Infected: Trojan-Downloader.Win32.Tiny.bw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-5f5cccb6-64350184.zip.bac_a02536 Infected: Trojan.Java.Femad 4
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-5f5cccb6-64350184.zip.bac_a02536 Infected: Trojan.Win32.Small.ev 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-76c9ea78-504f5bbf.zip.bac_a02536 Infected: Trojan.Java.Femad 4
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-76c9ea78-504f5bbf.zip.bac_a02536 Infected: Trojan.Win32.Small.ev 1
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1120\A0240430.dll Infected: not-a-virus:FraudTool.Win32.Ascentive.b 1

The selected area was scanned.

and i have the microsoft defealt firewall and spybot search and destroy

**amateur** · 06-09-2009, 09:33 AM

Hi,

Quote:

yeah about that anti virus i have spyboy search and destory and systemcare and Malwarebytes' Anti-Malware program

Quote:

i have the microsoft defealt firewall and spybot search and destroy

Spybot Search & Destroy is not an antivirus application, and neither is Malwarebytes' Anti-Malware: they are antispyware programs.

Advanced SystemCare 3 is a registry cleaner/optimizer. We don't recommend the use of such tools.

Here is a couple of good links about the registry cleaners and boosters:

http://miekiemoes.blogspot.com/2008/...eaking_13.html

http://aumha.net/viewtopic.php?t=28099

==============================

The items which are reported by Kaspersky are in the Quarantine folder of Norton Antivirus, which is no longer installed, Quarantine folder of Housecall, and in the system restore cache where they are harmless unless you restore the system manually to an infected date. However, they will be cleared in my next post.

Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop
Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Code:

DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

Folder::
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\Owner\.housecall\Quarantine
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

SecCenter::
{990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

=============================

Since you already have Malwarebytes' Anti-Malware, please perform a scan with it and post its log .

* Launch Malwarebytes' Anti-Malware
* Click on the Updates tab, then Check for Updates.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select the Scanner tab, check Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

==============================

When you're done with the above instructions, download and install this FREE AntiVirus program, update it, and run a full system scan. Avira AntiVir Personal

When the scan is complete, click on the Report button. A log file will open. Please copy/paste the contents of that in your next reply as well.

Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

==============================

Please post the Combofix.txt, the Malwarebytes' report and the Avira report in your next reply as well as information on how the system is running now.

It's important that you let me know how the system is running now, as I don't have any physical access to the computer, and rely solely on your feedback.

klowery11115 · 06-10-2009, 10:07 PM

ComboFix 09-06-09.06 - Owner 06/09/2009 13:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.165 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\Owner\.housecall\Quarantine
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 19:36 . 2009-06-09 19:50 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-09 19:35 . 2009-06-09 19:35 -------- d-----w- c:\windows\LastGood
2009-06-08 13:05 . 2009-06-08 13:05 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-08 13:04 . 2009-06-08 13:04 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-05-30 05:23 . 2009-05-30 05:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 05:16 . 2009-05-30 05:16 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-05-30 05:12 . 2009-05-30 05:12 -------- d-----w- c:\windows\ie8updates
2009-05-30 05:11 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-30 05:09 . 2009-05-30 05:10 -------- dc-h--w- c:\windows\ie8
2009-05-27 01:17 . 2009-05-27 01:17 321536 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\engine_vx.dll
2009-05-27 01:16 . 2009-05-27 01:16 18724 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\bass.dll
2009-05-27 01:16 . 2009-05-27 01:16 26200 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll
2009-05-27 01:16 . 2009-05-27 01:16 16952 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll
2009-05-27 01:16 . 2009-05-27 01:16 15416 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll
2009-05-27 01:16 . 2009-05-27 01:16 14392 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll
2009-05-27 01:16 . 2009-05-27 01:16 13984 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll
2009-05-27 01:16 . 2009-05-27 01:16 10808 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll
2009-05-22 02:37 . 2002-11-05 23:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-18 01:04 . 2009-05-18 01:04 2967799 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-15 18:41 . 2009-06-09 10:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Napster
2009-05-15 11:52 . 2009-05-17 02:10 -------- dc----w- C:\Downloads
2009-05-11 15:51 . 2009-05-11 15:51 -------- d-----w- c:\program files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 18:59 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf.sys
2009-06-09 10:28 . 2004-05-25 22:26 -------- d-----w- c:\program files\Common Files\Java
2009-06-09 10:28 . 2003-12-25 18:46 -------- d-----w- c:\program files\Java
2009-06-09 10:13 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 12:14 . 2006-12-15 00:09 -------- d-----w- c:\program files\AIM6
2009-06-06 13:46 . 2008-02-04 02:53 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-06 07:21 . 2004-12-07 02:09 -------- d-----w- c:\program files\Common Files\Motive
2009-06-06 07:15 . 2004-12-28 10:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-06 04:30 . 2004-12-07 02:09 -------- d-----w- c:\program files\SBC Self Support Tool
2009-06-06 04:28 . 2003-08-24 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-05-18 01:04 . 2008-11-16 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-09 19:09 . 2004-12-03 05:16 -------- d-----w- c:\program files\Yahoo!
2009-05-06 17:02 . 2008-12-23 07:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-04-06 23:32 . 2008-11-16 02:37 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:32 . 2008-11-16 02:37 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-28 02:41 . 2009-03-28 02:41 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2005-11-26 22:48 . 2005-11-26 22:49 774144 -c--a-w- c:\program files\RngInterstitial.dll
2001-09-29 01:00 . 2005-03-16 07:34 164864 -c--a-w- c:\program files\UNWISE.EXE
2005-09-20 08:05 . 2004-01-18 17:29 152 -csh--r- c:\windows\system32\3741FB9001.sys
2003-12-29 06:15 . 2003-12-26 02:07 56 -csh--r- c:\windows\system32\BC2C6383F0.sys
2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(10)(2).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(3).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(4).sys
2005-05-31 00:47 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(10)(5).sys
2006-04-09 18:20 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(10)(6).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(100)(2).sys
2006-03-13 22:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(104)(2).sys
2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(11)(2).sys
2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(3).sys
2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(4).sys
2006-04-09 16:51 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(11)(5).sys
2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(12)(2).sys
2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(3).sys
2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(4).sys
2006-04-09 15:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(12)(5).sys
2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(13)(2).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(3).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(4).sys
2006-04-08 23:04 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(13)(5).sys
2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(14)(2).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(3).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(4).sys
2006-04-08 09:21 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(14)(5).sys
2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(15)(2).sys
2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(3).sys
2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(4).sys
2006-04-08 08:52 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(15)(5).sys
2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(16)(2).sys
2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(3).sys
2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(4).sys
2006-04-07 22:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(16)(5).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(17)(2).sys
2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(3).sys
2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(4).sys
2006-04-07 21:07 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(17)(5).sys
2006-03-31 23:05 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(18)(2).sys
2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(3).sys
2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(4).sys
2006-04-07 20:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(18)(5).sys
2006-03-31 13:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(19)(2).sys
2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(3).sys
2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(4).sys
2006-04-07 16:41 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(19)(5).sys
2004-07-07 22:57 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(2).sys
2006-03-31 12:37 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(20)(2).sys
2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(3).sys
2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(4).sys
2006-04-07 07:18 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(20)(5).sys
2006-03-31 08:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(21)(2).sys
2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(3).sys
2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(4).sys
2006-04-07 06:08 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(21)(5).sys
2006-03-31 08:43 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(22)(2).sys
2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(3).sys
2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(4).sys
2006-03-30 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(23)(2).sys
2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(3).sys
2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(4).sys
2006-03-30 21:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(24)(2).sys
2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(3).sys
2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(4).sys
2006-03-29 22:55 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(25)(2).sys
2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(3).sys
2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(4).sys
2005-05-20 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(26)(2).sys
2006-03-29 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(26)(3).sys
2005-05-20 01:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(27)(2).sys
2006-03-29 06:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(27)(3).sys
2005-05-19 23:28 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(28)(2).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(3).sys
2006-03-12 21:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(4).sys
2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(29)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(29)(3).sys
2004-07-08 00:55 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(3).sys
2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(30)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(30)(3).sys
2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(31)(2).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(31)(3).sys
2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(32)(2).sys
2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(33)(2).sys
2006-04-04 02:21 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(33)(3).sys
2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(34)(2).sys
2006-03-14 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(34)(3).sys
2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(35)(2).sys
2006-03-15 02:10 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(35)(3).sys
2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(36)(2).sys
2006-03-15 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(36)(3).sys
2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(37)(2).sys
2006-03-16 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(37)(3).sys
2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(38)(2).sys
2006-03-16 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(38)(3).sys
2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(39)(2).sys
2006-03-17 14:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(39)(3).sys
2004-07-08 00:52 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(4).sys
2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(40)(2).sys
2006-03-17 22:27 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(40)(3).sys
2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(41)(2).sys
2006-03-17 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(41)(3).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(42)(2).sys
2006-03-18 22:07 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(42)(3).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(43)(2).sys
2006-03-19 09:14 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(43)(3).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(44)(2).sys
2006-03-19 18:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(44)(3).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(45)(2).sys
2006-03-20 02:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(45)(3).sys
2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(46)(2).sys
2006-03-20 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(46)(3).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(2).sys
2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(3).sys
2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(48)(2).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(49)(2).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(10).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(11).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(12).sys
2006-04-07 05:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(13).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(14).sys
2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(15).sys
2006-04-10 00:58 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(5)(16).sys
2008-04-22 10:44 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(5)(17).sys
2004-08-04 06:01 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(2).sys
2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(3).sys
2006-04-06 21:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(4).sys
2006-03-28 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(5).sys
2005-06-01 23:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(6).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(7).sys
2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(8).sys
2005-06-12 18:12 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(5)(9).sys
2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(54)(2).sys
2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(55)(2).sys
2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(56)(2).sys
2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(57)(2).sys
2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(58)(2).sys
2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(59)(2).sys
2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(10).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(11).sys
2006-04-07 02:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(12).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(13).sys
2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(14).sys
2006-04-10 00:15 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(6)(15).sys
2008-04-22 09:20 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(6)(16).sys
2006-02-06 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(2).sys
2006-04-06 04:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(3).sys
2005-05-31 00:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(4).sys
2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(5).sys
2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(6).sys
2005-06-12 17:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(6)(7).sys
2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(8).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(9).sys
2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(60)(2).sys
2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(61)(2).sys
2006-03-12 07:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(61)(3).sys
2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(62)(2).sys
2006-03-11 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(62)(3).sys
2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(63)(2).sys
2006-03-10 20:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(63)(3).sys
2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(64)(2).sys
2006-03-09 23:19 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(64)(3).sys
2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(65)(2).sys
2006-03-08 20:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(65)(3).sys
2006-03-08 00:58 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(66)(2).sys
2006-03-07 22:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(67)(2).sys
2006-03-07 19:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(68)(2).sys
2006-03-06 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(69)(2).sys
2006-10-04 05:08 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(10).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(11).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(12).sys
2006-04-09 21:05 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(7)(13).sys
2008-04-22 08:51 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(7)(14).sys
2006-04-06 04:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(3).sys
2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(4).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(5).sys
2005-06-12 03:28 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(7)(6).sys
2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(7).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(8).sys
2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(9).sys
2006-03-06 06:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(70)(2).sys
2006-03-05 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(71)(2).sys
2006-03-05 05:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(72)(2).sys
2006-03-04 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(73)(2).sys
2006-03-04 18:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(74)(2).sys
2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(75)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(10).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(11).sys
2006-04-09 20:03 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(8)(12).sys
2008-04-20 21:21 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(8)(13).sys
2006-04-06 04:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(2).sys
2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(3).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(4).sys
2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(5).sys
2005-06-12 03:19 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(8)(6).sys
2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(7).sys
2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(8).sys
2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(9).sys
2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(87)(2).sys
2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(88)(2).sys
2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(89)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(10).sys
2006-04-09 19:43 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(9)(11).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(12).sys
2006-04-06 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(3).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(4).sys
2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(5).sys
2005-06-12 06:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(9)(6).sys
2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(7).sys
2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(8).sys
2006-04-06 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(9).sys
2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(90)(2).sys
2005-06-01 19:19 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(90)(3).sys
2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(91)(2).sys
2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(92)(2).sys
2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(93)(2).sys
2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(99)(2).sys
2004-12-17 23:29 . 2004-12-17 23:29 71 -csha-w- c:\windows\system32\SYSDRVREB.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-06-09_05.11.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-09 18:59 . 2009-06-09 18:59 16384 c:\windows\Temp\Perflib_Perfdata_130.dat
+ 2009-06-09 21:38 . 2009-06-09 21:38 53248 c:\windows\Temp\catchme.dll
- 2009-06-09 05:11 . 2009-06-09 05:11 53248 c:\windows\Temp\catchme.dll
+ 2009-03-16 22:01 . 2009-03-16 22:01 452488 c:\windows\Downloaded Program Files\wlscBase.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-02-01 102400]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-24 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-8-28 552960]

c:\documents and settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\wab.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [1/25/2004 7:00 PM 2560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/29/2007 4:26 PM 24652]
R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [1/17/2004 9:01 PM 30112]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12/17/2008 8:36 PM 33792]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/6/2007 2:58 PM 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]

2009-01-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &AIM Search
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
LSP: c:\windows\system32\DRWEBSP.DLL
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 13:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1033579849-865041543-3952056309-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6]
"1"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,36,b1,2e,f7,56,49,5f,
1a
"2"=hex:75,4f,d5,56,e6,9d,1a,13,c8,71,03,1e,73,6c,6e,62,58,a8,9a,49,4f,b9,cd,
0f,5b,63,25,a5,82,25,ac,36
"3"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,f0,b4,6d,ee,bc,c7,ac,
0b,c8,17,e0,ea,3a,b9,a9,b3,2b,85,23,84,db,a5,db,15,57,06,da,7a,f2,b6,f8,62,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6\BC8EEB13EC0E80C548E5EE71D72FCCB1]
"1"=hex:7e,63,ed,e4,ff,c6,da,b0,3c,b3,ff,e0,03,2b,bc,b2,da,51,f5,e7,5b,21,e3,
14
"2"=hex:ff,46,a9,cd,53,d2,ef,98
"3"=hex:04,d1,c8,a3,3b,6b,9d,2b,f4,66,3f,34,93,65,a4,2e,0e,13,96,f1,e8,c7,83,
09,69,d3,c6,5b,db,c3,51,5e,90,dd,dd,a5,d2,90,5b,e1,ca,b0,b2,49,e8,b2,87,c4,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,56,45,d4,09,32,3d,f1,
bb,f7,48,93,b9,38,3c,15,e4,8d,f5,b4,8e,82,72,66,0b,c7,96,98,35,f9,2a,2c,db,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,1a,71,d0,d8,f4,aa,c9,dc,12,96,5a,35,4b,e0,a7,
97,aa,2b,0b,0b,17,06,5b,f5,f7,ed,c8,65,48,a5,05,1f,94,84,cd,49,ed,e7,fc,e7
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:55,0c,d6,b4,90,c5,27,45
"11"=hex:7d,ba,74,77,fe,09,92,36
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\DRWEBSP.DLL
.
Completion time: 2009-06-09 13:45
ComboFix-quarantined-files.txt 2009-06-09 21:44
ComboFix2.txt 2009-06-09 06:55
ComboFix3.txt 2009-06-09 05:19

Pre-Run: 56,170,618,880 bytes free
Post-Run: 56,243,617,792 bytes free

425 --- E O F --- 2009-05-30 05:13

Avira AntiVir Personal
Report file date: Wednesday, June 10, 2009 22:42

Scanning for 1462412 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KJL4LIFE

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/11/2009 06:36:35
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 19:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 20:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 19:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 21:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 05:33:26
ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 5/29/2009 06:36:35
ANTIVIR3.VDF : 7.1.4.82 321024 Bytes 6/10/2009 06:36:35
Engineversion : 8.2.0.183
AEVDF.DLL : 8.1.1.1 106868 Bytes 6/11/2009 06:36:35
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 6/11/2009 06:36:35
AESCN.DLL : 8.1.2.3 127347 Bytes 6/11/2009 06:36:35
AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 03:24:41
AEPACK.DLL : 8.1.3.18 401783 Bytes 6/11/2009 06:36:35
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 05:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 6/11/2009 06:36:35
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 05:01:56
AEGEN.DLL : 8.1.1.45 348532 Bytes 6/11/2009 06:36:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 23:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 6/11/2009 06:36:35
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 23:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 17:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 19:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 23:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 19:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/25/2009 00:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 19:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/29/2009 00:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 17:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 19:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/11/2009 06:36:35
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 19:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, June 10, 2009 22:42

Starting search for hidden objects.
'78594' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'dpupdchk.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ycommon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'itype.exe' - '1' Module(s) have been scanned
Scan process 'ybrwicon.exe' - '1' Module(s) have been scanned
Scan process 'USISrv.exe' - '1' Module(s) have been scanned
Scan process 'IPClient.exe' - '1' Module(s) have been scanned
Scan process 'shwicon2k.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'Runservice.exe' - '1' Module(s) have been scanned
Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '70' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\AutoTBar.exe
[DETECTION] Is the TR/Agent.duu Trojan
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe
[DETECTION] Is the TR/Agent.duu Trojan
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a00724
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a00724
[DETECTION] Is the TR/Click.VB.KU Trojan
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a02536
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a02536
[DETECTION] Is the TR/Click.VB.KU Trojan
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\archive.jar-1803745e-249b4939.zip
[0] Archive type: ZIP
--> B.class
[DETECTION] Is the TR/Fortn.A Trojan
--> D.class
[DETECTION] Is the TR/Fortn.B Trojan
C:\hp\bin\AUTOTKIT.EXE
[DETECTION] Is the TR/Agent.duu Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AAC7B61.exe.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AAC7B61.exe.vir
[DETECTION] Is the TR/Dldr.Small.D.2 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000011.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000011.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/BookedSpa.e.1 adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000013.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000013.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/BookedSpa.e.1 adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000001.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000001.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000005.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000005.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000006.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000006.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000007.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000007.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000008.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000008.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000009.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000009.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000001.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000001.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/180Solution.Q adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000002.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000002.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/180Solution.Q adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000003.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000003.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/180Solution.BC adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000004.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000004.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/180Solution.Q adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000005.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000005.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/180Solution.K adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1E33E0B1-86D8-4408-8C75-5FFA4A31149F}\00000001.URM.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1E33E0B1-86D8-4408-8C75-5FFA4A31149F}\00000002.URM.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\00000019.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\00000019.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/AbetterInet adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\0000001A.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\0000001A.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/AbetterInet adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{D9C160FF-DFE7-4328-BE00-0ED01EE59B3D}\00000001.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{D9C160FF-DFE7-4328-BE00-0ED01EE59B3D}\00000001.URM.vir
[DETECTION] Is the TR/Dldr.BlaBlockz.3 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000009.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000009.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/Delfin.B adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000039.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000039.URM.vir
[DETECTION] Contains recognition pattern of the ADSPY/Delphin.f.4.B adware or spyware
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F00BE4D0-4AE3-43DA-B71A-19B91618DF14}\00000001.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F00BE4D0-4AE3-43DA-B71A-19B91618DF14}\00000001.URM.vir
[DETECTION] Is the TR/Dldr.IstB.gx.3.A Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F4692FAE-B01D-49D2-A5AB-20B926292E16}\00000001.URM.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F4692FAE-B01D-49D2-A5AB-20B926292E16}\00000001.URM.vir
[DETECTION] Is the TR/Dldr.Small.ASF.3 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a00724.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a00724.vir
[DETECTION] Is the TR/Click.VB.KU Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a02536.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a02536.vir
[DETECTION] Is the TR/Click.VB.KU Trojan
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1158\A0245166.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1158\A0245166.exe
[DETECTION] Is the TR/Dldr.Small.D.2 Trojan
C:\WINDOWS\system32\mmf.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\webdlg32.inf
[DETECTION] Contains recognition pattern of the ADSPY/SBSoft adware or spyware
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd1517.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\Documents and Settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\AutoTBar.exe
[DETECTION] Is the TR/Agent.duu Trojan
[NOTE] The file was moved to '4aa4b9de.qua'!
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe
[DETECTION] Is the TR/Agent.duu Trojan
[NOTE] The file was moved to '4bc36bff.qua'!
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a00724
[NOTE] The file was moved to '4a9fb9cd.qua'!
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a02536
[NOTE] The file was moved to '4bc6b406.qua'!
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\archive.jar-1803745e-249b4939.zip
[NOTE] The file was moved to '4a93b9db.qua'!
C:\hp\bin\AUTOTKIT.EXE
[DETECTION] Is the TR/Agent.duu Trojan
[NOTE] The file was moved to '4a84b9be.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AAC7B61.exe.vir
[NOTE] The file was moved to '4a71b9ab.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000011.URM.vir
[NOTE] The file was moved to '4a60b99a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000013.URM.vir
[NOTE] The file was moved to '489d9a53.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000001.URM.vir
[NOTE] The file was moved to '489e920b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000005.URM.vir
[NOTE] The file was moved to '489f8ac3.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000006.URM.vir
[NOTE] The file was moved to '496082bb.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000007.URM.vir
[NOTE] The file was moved to '4961fb73.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000008.URM.vir
[NOTE] The file was moved to '4962f32b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000009.URM.vir
[NOTE] The file was moved to '4963ebe3.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000001.URM.vir
[NOTE] The file was moved to '4964e3db.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000002.URM.vir
[NOTE] The file was moved to '4965db93.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000003.URM.vir
[NOTE] The file was moved to '4966d04b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000004.URM.vir
[NOTE] The file was moved to '4967c803.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000005.URM.vir
[NOTE] The file was moved to '4968c0fb.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1E33E0B1-86D8-4408-8C75-5FFA4A31149F}\00000001.URM.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '496938b3.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1E33E0B1-86D8-4408-8C75-5FFA4A31149F}\00000002.URM.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '496a316b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\00000019.URM.vir
[NOTE] The file was moved to '496b2923.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\0000001A.URM.vir
[NOTE] The file was moved to '496c211b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{D9C160FF-DFE7-4328-BE00-0ED01EE59B3D}\00000001.URM.vir
[NOTE] The file was moved to '4a60b99b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000009.URM.vir
[NOTE] The file was moved to '48964c84.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000039.URM.vir
[NOTE] The file was moved to '496f1644.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F00BE4D0-4AE3-43DA-B71A-19B91618DF14}\00000001.URM.vir
[NOTE] The file was moved to '49700e3c.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F4692FAE-B01D-49D2-A5AB-20B926292E16}\00000001.URM.vir
[NOTE] The file was moved to '497106f4.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a00724.vir
[NOTE] The file was moved to '4a9fb9cf.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a02536.vir
[NOTE] The file was moved to '4866bd78.qua'!
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1158\A0245166.exe
[NOTE] The file was moved to '4a62b99b.qua'!
C:\WINDOWS\system32\webdlg32.inf
[DETECTION] Contains recognition pattern of the ADSPY/SBSoft adware or spyware
[NOTE] The file was moved to '4a92b9d0.qua'!

End of the scan: Wednesday, June 10, 2009 23:59
Used time: 1:00:20 Hour(s)

The scan has been done completely.

11953 Scanned directories
416931 Files were scanned
34 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
33 Files were moved to quarantine
0 Files were renamed
4 Files cannot be scanned
416893 Files not concerned
16306 Archives were scanned
4 Warnings
34 Notes
78594 Objects were scanned with rootkit scan
0 Hidden objects were found

Malwarebytes' Anti-Malware 1.37
Database version: 2255
Windows 5.1.2600 Service Pack 2

6/10/2009 6:12:05 PM
mbam-log-2009-06-10 (18-12-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 209861
Time elapsed: 40 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\bps data shredder\CtxMenu.dll (Rogue.BulletProofSpyware) -> No action taken.
c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP1120\A0240429.dll (Rogue.BulletProofSpyware) -> No action taken.
c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP1120\A0240430.dll (Adware.Ascentive) -> No action taken.
c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP1143\A0243370.exe (Adware.RelevantKnowledge) -> No action taken.
c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP1143\A0243371.exe (Adware.RelevantKnowledge) -> No action taken.
c:\Qoobox\quarantine\C\program files\relevantknowledge\rlservice.exe.vir (Adware.RelevantKnowledge) -> No action taken.
c:\Qoobox\quarantine\C\program files\relevantknowledge\rlvknlg.exe.vir (Adware.RelevantKnowledge) -> No action taken.
C:\WINDOWS\system32\lncom_.exe (Backdoor.ProRat) -> No action taken.

**amateur** · 06-11-2009, 08:10 AM

Hi,

It's looking good ...... just a couple more things to take care of. How is the system behaving now?

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:

  @echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
For %%g in (
C:\WINDOWS\system32\lncom_.exe
) do if exist %%g (
del /a/f %%g 
if exist echo.%%g>>"%temp%\log.txt"
) 
if exist "%temp%\log.txt" ( 
start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0

Save this Notepad file as del.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on del.bat to run it.

Post back to tell me what it says.

====================================

Download regsrch.zip to your Desktop.
1. Unzip the contents of RegSrch.zip to a convenient location.
2. Double-click on RegSrch.vbs.
3. If you have an anti-virus installed it might prompt you about a running script.
4. Please ignore this warning and allow the script to run.
5. In the "Enter search string (case insensitive) and click OK..." box, paste this string:

990F9400-4CEE-43EA-A83A-D013ADD8EA6E

6. Click "OK" to search the registry for that string.
7. Wait for a few minutes while it completes the search.
8. Click "OK" to open the results in WordPad.
9. Copy and paste the entire results into your next post.

====================================

Please download HJTInstall.exe from here and save it to your desktop

Double click on the HJTInstall.exe icon on your desktop
Click I Accept
HijackThis will open
Click on the Do a system scan and save a log file button.
It will scan and then the log will open in notepad.
Paste the log as a reply to this thread.
Don't use the Analyse This button - its findings are dangerous if misinterpreted.

Do NOT have HijackThis fix anything yet.

klowery11115 · 06-11-2009, 05:31 PM

ok i tried the del.bat and it didnt even do anything a window pops up for like not even a second, RegSrch.vbs. i tried and it said it didnt find any instances of this 990F9400-4CEE-43EA-A83A-D013ADD8EA6E and i hit ok and nothing happend with that no wordpad popped up now heres my hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:04 PM, on 6/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] "C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://a305.ac-images.myspacecdn.com...220c778870.jpg

--
End of file - 9330 bytes

**amateur** · 06-11-2009, 06:24 PM

Hi,

ViewPoint Manager is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". You can read more about it here: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

If you decide to uninstall it, you can do so via Add or Remove Programs in Control Panel. Also delete the following Folders if they still exist afterwards:

C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

=======================

Scan with HijackThis again and put a checkmark against the following entry:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

Close all browsers and windows other than HijackThis, including this one, and click on "fix checked".

Exit HijackThis and restart your computer.

=====================

Scan with Malwarebytes' Antimalware again, but this time when the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

======================

Next, scan with DDS. Post the fresh DDS.txt and the Malwarebytes' log please. Also, let me know how the system is running now.

**amateur** · 06-14-2009, 08:03 AM

Hi klowery1111,

Are you still with us. I usually unsubscribe from the topic if I don't receive a reply within two days without any explanation.

The symptoms may have stopped, we still have some job to do. Please reply if you wish to continue.

**amateur** · 06-16-2009, 01:31 PM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

06-08-2009, 02:16 PM	#2 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,420 OS: XP SP3	Re: heres my new scans help plz my computer is running so slow!!!!!!! Hello and welcome to TSF. I cannot see any antivirus installed on this computer. Is there any specific reason for that? It's extremely dangerous to be online without the protection of an antivirus, which is an open invitation for infection. We'll have to address this issue when the machine is clean. Please stay disconnected from the internet in the mean time, except for communicating with us. Norton Internet Worm Protection is not in your installed programs list, but still detected in the DSS log, albeit disabled. Do you have it installed? Or, could it be a leftover from the uninstall? Download ComboFix from one of these locations: Link 1 Link 2 Link 3 Download & save ComboFix to your Desktop but don't run it yet --------------------------------------------------------------------------------------------- Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work) Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktop Click Format and ensure Wordwrap is unchecked. Code: DDS:: uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/http://www.yahoo.com/search/ie.html mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/http://www.yahoo.com/search/ie.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/http://www.yahoo.com Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll Save this as "CFScript" Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click here if you you need further information. Referring to the picture above, drag CFScript.txt into ComboFix.exe As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

06-08-2009, 07:29 PM	#3 (permalink)
klowery11115 Registered User Join Date: Jun 2009 Location: detroit michigan Posts: 7 OS: windows xp	Re: heres my new scans help plz my computer is running so slow!!!!!!! ComboFix 09-06-08.02 - Owner 06/08/2009 21:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.99 [GMT -8:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt FW: Norton Internet Worm Protection disabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444} c:\program files\Common Files\uninstall information c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe C:\SETUP.BAT c:\windows\patch.exe c:\windows\sv.dat c:\windows\system32\42KJE738.ocx c:\windows\system32\drivers\RKHit.sys c:\windows\system32\dumphive.exe c:\windows\system32\iAlmcoin.dll c:\windows\system32\otjmxh.dat c:\windows\system32\otjmxh_navup.dat c:\windows\system32\SrchSTS.exe c:\windows\system32\taskmgr.com c:\windows\system32\tmp.reg c:\windows\system32\Ultra.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LSASS -------\Legacy_RKHIT -------\Legacy_WINDOWS_VISFX_COMPONENTS ((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 ))))))))))))))))))))))))))))))) . 2009-06-08 13:05 . 2009-06-08 13:05 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2009-06-08 13:04 . 2009-06-08 13:04 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-06-08 12:06 . 2009-06-08 12:06 -------- dc----w- c:\documents and settings\big sweener\Local Settings\Application Data\Apple Computer 2009-05-30 05:23 . 2009-05-30 05:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-05-30 05:16 . 2009-05-30 05:16 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-05-30 05:12 . 2009-05-30 05:12 -------- d-----w- c:\windows\ie8updates 2009-05-30 05:11 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-05-30 05:09 . 2009-05-30 05:10 -------- dc-h--w- c:\windows\ie8 2009-05-27 01:17 . 2009-05-27 01:17 321536 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\engine_vx.dll 2009-05-27 01:16 . 2009-05-27 01:16 18724 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\bass.dll 2009-05-27 01:16 . 2009-05-27 01:16 26200 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll 2009-05-27 01:16 . 2009-05-27 01:16 16952 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll 2009-05-27 01:16 . 2009-05-27 01:16 15416 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll 2009-05-27 01:16 . 2009-05-27 01:16 14392 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll 2009-05-27 01:16 . 2009-05-27 01:16 13984 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll 2009-05-27 01:16 . 2009-05-27 01:16 10808 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll 2009-05-22 02:37 . 2002-11-05 23:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll 2009-05-18 01:04 . 2009-05-18 01:04 2967799 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-15 18:41 . 2009-05-15 18:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Napster 2009-05-15 11:52 . 2009-05-17 02:10 -------- dc----w- C:\Downloads 2009-05-15 11:35 . 2009-05-15 11:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DNA 2009-05-15 11:35 . 2009-06-09 05:08 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA 2009-05-15 11:35 . 2009-06-08 19:20 -------- d-----w- c:\program files\DNA 2009-05-11 15:51 . 2009-05-11 15:51 -------- d-----w- c:\program files\Windows Media Connect 2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-09 05:10 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf.sys 2009-06-07 12:14 . 2006-12-15 00:09 -------- d-----w- c:\program files\AIM6 2009-06-06 13:46 . 2008-02-04 02:53 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-06 07:21 . 2004-12-07 02:09 -------- d-----w- c:\program files\Common Files\Motive 2009-06-06 07:15 . 2004-12-28 10:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-06 07:13 . 2006-11-21 05:37 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-06-06 04:30 . 2004-12-07 02:09 -------- d-----w- c:\program files\SBC Self Support Tool 2009-06-06 04:28 . 2003-08-24 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive 2009-05-18 01:04 . 2008-11-16 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-15 18:41 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-09 19:09 . 2004-12-03 05:16 -------- d-----w- c:\program files\Yahoo! 2009-05-06 17:02 . 2008-12-23 07:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit 2009-04-06 23:32 . 2008-11-16 02:37 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 23:32 . 2008-11-16 02:37 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-03-28 02:41 . 2009-03-28 02:41 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2005-11-26 22:48 . 2005-11-26 22:49 774144 -c--a-w- c:\program files\RngInterstitial.dll 2001-09-29 01:00 . 2005-03-16 07:34 164864 -c--a-w- c:\program files\UNWISE.EXE 2005-09-20 08:05 . 2004-01-18 17:29 152 -csh--r- c:\windows\system32\3741FB9001.sys 2003-12-29 06:15 . 2003-12-26 02:07 56 -csh--r- c:\windows\system32\BC2C6383F0.sys 2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(10)(2).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(3).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(4).sys 2005-05-31 00:47 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(10)(5).sys 2006-04-09 18:20 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(10)(6).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(100)(2).sys 2006-03-13 22:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(104)(2).sys 2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(11)(2).sys 2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(3).sys 2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(4).sys 2006-04-09 16:51 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(11)(5).sys 2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(12)(2).sys 2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(3).sys 2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(4).sys 2006-04-09 15:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(12)(5).sys 2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(13)(2).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(3).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(4).sys 2006-04-08 23:04 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(13)(5).sys 2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(14)(2).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(3).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(4).sys 2006-04-08 09:21 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(14)(5).sys 2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(15)(2).sys 2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(3).sys 2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(4).sys 2006-04-08 08:52 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(15)(5).sys 2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(16)(2).sys 2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(3).sys 2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(4).sys 2006-04-07 22:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(16)(5).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(17)(2).sys 2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(3).sys 2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(4).sys 2006-04-07 21:07 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(17)(5).sys 2006-03-31 23:05 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(18)(2).sys 2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(3).sys 2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(4).sys 2006-04-07 20:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(18)(5).sys 2006-03-31 13:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(19)(2).sys 2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(3).sys 2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(4).sys 2006-04-07 16:41 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(19)(5).sys 2004-07-07 22:57 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(2).sys 2006-03-31 12:37 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(20)(2).sys 2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(3).sys 2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(4).sys 2006-04-07 07:18 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(20)(5).sys 2006-03-31 08:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(21)(2).sys 2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(3).sys 2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(4).sys 2006-04-07 06:08 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(21)(5).sys 2006-03-31 08:43 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(22)(2).sys 2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(3).sys 2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(4).sys 2006-03-30 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(23)(2).sys 2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(3).sys 2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(4).sys 2006-03-30 21:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(24)(2).sys 2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(3).sys 2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(4).sys 2006-03-29 22:55 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(25)(2).sys 2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(3).sys 2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(4).sys 2005-05-20 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(26)(2).sys 2006-03-29 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(26)(3).sys 2005-05-20 01:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(27)(2).sys 2006-03-29 06:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(27)(3).sys 2005-05-19 23:28 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(28)(2).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(3).sys 2006-03-12 21:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(4).sys 2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(29)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(29)(3).sys 2004-07-08 00:55 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(3).sys 2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(30)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(30)(3).sys 2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(31)(2).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(31)(3).sys 2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(32)(2).sys 2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(33)(2).sys 2006-04-04 02:21 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(33)(3).sys 2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(34)(2).sys 2006-03-14 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(34)(3).sys 2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(35)(2).sys 2006-03-15 02:10 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(35)(3).sys 2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(36)(2).sys 2006-03-15 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(36)(3).sys 2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(37)(2).sys 2006-03-16 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(37)(3).sys 2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(38)(2).sys 2006-03-16 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(38)(3).sys 2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(39)(2).sys 2006-03-17 14:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(39)(3).sys 2004-07-08 00:52 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(4).sys 2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(40)(2).sys 2006-03-17 22:27 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(40)(3).sys 2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(41)(2).sys 2006-03-17 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(41)(3).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(42)(2).sys 2006-03-18 22:07 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(42)(3).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(43)(2).sys 2006-03-19 09:14 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(43)(3).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(44)(2).sys 2006-03-19 18:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(44)(3).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(45)(2).sys 2006-03-20 02:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(45)(3).sys 2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(46)(2).sys 2006-03-20 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(46)(3).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(2).sys 2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(3).sys 2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(48)(2).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(49)(2).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(10).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(11).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(12).sys 2006-04-07 05:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(13).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(14).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(15).sys 2006-04-10 00:58 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(5)(16).sys 2008-04-22 10:44 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(5)(17).sys 2004-08-04 06:01 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(2).sys 2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(3).sys 2006-04-06 21:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(4).sys 2006-03-28 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(5).sys 2005-06-01 23:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(6).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(7).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(8).sys 2005-06-12 18:12 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(5)(9).sys 2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(54)(2).sys 2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(55)(2).sys 2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(56)(2).sys 2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(57)(2).sys 2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(58)(2).sys 2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(59)(2).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(10).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(11).sys 2006-04-07 02:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(12).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(13).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(14).sys 2006-04-10 00:15 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(6)(15).sys 2008-04-22 09:20 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(6)(16).sys 2006-02-06 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(2).sys 2006-04-06 04:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(3).sys 2005-05-31 00:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(4).sys 2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(5).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(6).sys 2005-06-12 17:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(6)(7).sys 2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(8).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(9).sys 2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(60)(2).sys 2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(61)(2).sys 2006-03-12 07:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(61)(3).sys 2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(62)(2).sys 2006-03-11 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(62)(3).sys 2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(63)(2).sys 2006-03-10 20:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(63)(3).sys 2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(64)(2).sys 2006-03-09 23:19 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(64)(3).sys 2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(65)(2).sys 2006-03-08 20:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(65)(3).sys 2006-03-08 00:58 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(66)(2).sys 2006-03-07 22:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(67)(2).sys 2006-03-07 19:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(68)(2).sys 2006-03-06 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(69)(2).sys 2006-10-04 05:08 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(10).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(11).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(12).sys 2006-04-09 21:05 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(7)(13).sys 2008-04-22 08:51 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(7)(14).sys 2006-04-06 04:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(3).sys 2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(4).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(5).sys 2005-06-12 03:28 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(7)(6).sys 2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(7).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(8).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(9).sys 2006-03-06 06:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(70)(2).sys 2006-03-05 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(71)(2).sys 2006-03-05 05:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(72)(2).sys 2006-03-04 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(73)(2).sys 2006-03-04 18:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(74)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(75)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(10).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(11).sys 2006-04-09 20:03 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(8)(12).sys 2008-04-20 21:21 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(8)(13).sys 2006-04-06 04:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(3).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(4).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(5).sys 2005-06-12 03:19 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(8)(6).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(7).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(8).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(9).sys 2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(87)(2).sys 2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(88)(2).sys 2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(89)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(10).sys 2006-04-09 19:43 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(9)(11).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(12).sys 2006-04-06 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(3).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(4).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(5).sys 2005-06-12 06:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(9)(6).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(7).sys 2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(8).sys 2006-04-06 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(9).sys 2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(90)(2).sys 2005-06-01 19:19 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(90)(3).sys 2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(91)(2).sys 2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(92)(2).sys 2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(93)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(99)(2).sys 2004-12-17 23:29 . 2004-12-17 23:29 71 -csha-w- c:\windows\system32\SYSDRVREB.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-15 321344] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264] "IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928] "Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-02-01 102400] "USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-24 81920] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] c:\documents and settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-8-28 552960] c:\documents and settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\ AutoTBar.exe [2003-6-18 53248] mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Outlook Express\\wab.exe"= "c:\\Program Files\\JavaSoft\\JRE1.4\\1.4.2\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\wjview.exe"= "c:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"= "c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aim6.exe"= "c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aolsoftware.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8575:TCP"= 8575:TCP:BitComet 8575 TCP "8575:UDP"= 8575:UDP:BitComet 8575 UDP "990:TCP"= 990:TCP:yty "999:TCP"= 999:TCP:fgh "5678:TCP"= 5678:TCP:sft "5679:TCP"= 5679:TCP:tyio66 "5721:TCP"= 5721:TCP:uwwf "17093:TCP"= 17093:TCP:BitComet 17093 TCP "17093:UDP"= 17093:UDP:BitComet 17093 UDP R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [1/25/2004 7:00 PM 2560] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/29/2007 4:26 PM 24652] R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [1/17/2004 9:01 PM 30112] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12/17/2008 8:36 PM 33792] S2 mrtRate;mrtRate; [x] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/6/2007 2:58 PM 42112] S3 pohci13F;pohci13F; [x] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34] 2009-01-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56] . - - - - ORPHANS REMOVED - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) HKCU-Run-Aim6 - (no file) SafeBoot-procexp90.Sys MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/http://www.yahoo.com IE: &AIM Search IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html LSP: c:\windows\system32\DRWEBSP.DLL DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-08 21:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1033579849-865041543-3952056309-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrllkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6] "1"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,36,b1,2e,f7,56,49,5f, 1a "2"=hex:75,4f,d5,56,e6,9d,1a,13,c8,71,03,1e,73,6c,6e,62,58,a8,9a,49,4f,b9,cd, 0f,5b,63,25,a5,82,25,ac,36 "3"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,f0,b4,6d,ee,bc,c7,ac, 0b,c8,17,e0,ea,3a,b9,a9,b3,2b,85,23,84,db,a5,db,15,57,06,da,7a,f2,b6,f8,62,\ [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrllkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6\BC8EEB13EC0E80C548E5EE71D72FCCB1] "1"=hex:7e,63,ed,e4,ff,c6,da,b0,3c,b3,ff,e0,03,2b,bc,b2,da,51,f5,e7,5b,21,e3, 14 "2"=hex:ff,46,a9,cd,53,d2,ef,98 "3"=hex:04,d1,c8,a3,3b,6b,9d,2b,f4,66,3f,34,93,65,a4,2e,0e,13,96,f1,e8,c7,83, 09,69,d3,c6,5b,db,c3,51,5e,90,dd,dd,a5,d2,90,5b,e1,ca,b0,b2,49,e8,b2,87,c4,\ "4"=hex:2f,ad,a2,e7,8a,bf,05,5e "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55, 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\ "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4, 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20 "7"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,56,45,d4,09,32,3d,f1, bb,f7,48,93,b9,38,3c,15,e4,8d,f5,b4,8e,82,72,66,0b,c7,96,98,35,f9,2a,2c,db,\ "8"=hex:63,5a,d7,1b,b1,d4,18,46,1a,71,d0,d8,f4,aa,c9,dc,12,96,5a,35,4b,e0,a7, 97,aa,2b,0b,0b,17,06,5b,f5,f7,ed,c8,65,48,a5,05,1f,94,84,cd,49,ed,e7,fc,e7 "9"=hex:81,20,8f,ab,28,6a,52,9c "18"=hex:70,56,26,33,e3,20,f8,ab "10"=hex:55,0c,d6,b4,90,c5,27,45 "11"=hex:7d,ba,74,77,fe,09,92,36 "12"=hex:81,20,8f,ab,28,6a,52,9c "13"=hex:81,20,8f,ab,28,6a,52,9c "14"=hex:81,20,8f,ab,28,6a,52,9c "24"=hex:81,20,8f,ab,28,6a,52,9c "26"=hex:81,20,8f,ab,28,6a,52,9c "27"=hex:81,20,8f,ab,28,6a,52,9c "19"=hex:81,20,8f,ab,28,6a,52,9c "22"=hex:81,20,8f,ab,28,6a,52,9c . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(900) c:\windows\system32\DRWEBSP.DLL - - - - - - - > 'explorer.exe'(628) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\libusbd-nt.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\progra~1\Yahoo!\browser\ycommon.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************* . Completion time: 2009-06-09 21:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-09 05:19 Pre-Run: 56,440,389,632 bytes free Post-Run: 56,348,803,072 bytes free 489 --- E O F --- 2009-05-30 05:13

06-09-2009, 12:31 AM	#5 (permalink)
klowery11115 Registered User Join Date: Jun 2009 Location: detroit michigan Posts: 7 OS: windows xp	Re: heres my new scans help plz my computer is running so slow!!!!!!! yeah about that anti virus i have spyboy search and destory and systemcare and Malwarebytes' Anti-Malware program

06-09-2009, 04:45 AM	#6 (permalink)
klowery11115 Registered User Join Date: Jun 2009 Location: detroit michigan Posts: 7 OS: windows xp	Re: heres my new scans help plz my computer is running so slow!!!!!!! ComboFix 09-06-08.03 - Owner 06/09/2009 2:39.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.104 [GMT -8:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt FW: Norton Internet Worm Protection disabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MRTRATE -------\Legacy_POHCI13F -------\Service_mrtRate -------\Service_pohci13F ((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 ))))))))))))))))))))))))))))))) . 2009-06-08 13:05 . 2009-06-08 13:05 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2009-06-08 13:04 . 2009-06-08 13:04 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-05-30 05:23 . 2009-05-30 05:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-05-30 05:16 . 2009-05-30 05:16 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-05-30 05:12 . 2009-05-30 05:12 -------- d-----w- c:\windows\ie8updates 2009-05-30 05:11 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-05-30 05:09 . 2009-05-30 05:10 -------- dc-h--w- c:\windows\ie8 2009-05-27 01:17 . 2009-05-27 01:17 321536 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\engine_vx.dll 2009-05-27 01:16 . 2009-05-27 01:16 18724 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\bass.dll 2009-05-27 01:16 . 2009-05-27 01:16 26200 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll 2009-05-27 01:16 . 2009-05-27 01:16 16952 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll 2009-05-27 01:16 . 2009-05-27 01:16 15416 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll 2009-05-27 01:16 . 2009-05-27 01:16 14392 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll 2009-05-27 01:16 . 2009-05-27 01:16 13984 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll 2009-05-27 01:16 . 2009-05-27 01:16 10808 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll 2009-05-22 02:37 . 2002-11-05 23:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll 2009-05-18 01:04 . 2009-05-18 01:04 2967799 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-15 18:41 . 2009-06-09 10:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Napster 2009-05-15 11:52 . 2009-05-17 02:10 -------- dc----w- C:\Downloads 2009-05-11 15:51 . 2009-05-11 15:51 -------- d-----w- c:\program files\Windows Media Connect 2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-09 10:48 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf.sys 2009-06-09 10:28 . 2004-05-25 22:26 -------- d-----w- c:\program files\Common Files\Java 2009-06-09 10:28 . 2003-12-25 18:46 -------- d-----w- c:\program files\Java 2009-06-09 10:13 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-07 12:14 . 2006-12-15 00:09 -------- d-----w- c:\program files\AIM6 2009-06-06 13:46 . 2008-02-04 02:53 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-06 07:21 . 2004-12-07 02:09 -------- d-----w- c:\program files\Common Files\Motive 2009-06-06 07:15 . 2004-12-28 10:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-06 07:13 . 2006-11-21 05:37 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-06-06 04:30 . 2004-12-07 02:09 -------- d-----w- c:\program files\SBC Self Support Tool 2009-06-06 04:28 . 2003-08-24 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive 2009-05-18 01:04 . 2008-11-16 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-09 19:09 . 2004-12-03 05:16 -------- d-----w- c:\program files\Yahoo! 2009-05-06 17:02 . 2008-12-23 07:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit 2009-04-06 23:32 . 2008-11-16 02:37 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 23:32 . 2008-11-16 02:37 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-03-28 02:41 . 2009-03-28 02:41 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2005-11-26 22:48 . 2005-11-26 22:49 774144 -c--a-w- c:\program files\RngInterstitial.dll 2001-09-29 01:00 . 2005-03-16 07:34 164864 -c--a-w- c:\program files\UNWISE.EXE 2005-09-20 08:05 . 2004-01-18 17:29 152 -csh--r- c:\windows\system32\3741FB9001.sys 2003-12-29 06:15 . 2003-12-26 02:07 56 -csh--r- c:\windows\system32\BC2C6383F0.sys 2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(10)(2).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(3).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(4).sys 2005-05-31 00:47 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(10)(5).sys 2006-04-09 18:20 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(10)(6).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(100)(2).sys 2006-03-13 22:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(104)(2).sys 2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(11)(2).sys 2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(3).sys 2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(4).sys 2006-04-09 16:51 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(11)(5).sys 2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(12)(2).sys 2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(3).sys 2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(4).sys 2006-04-09 15:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(12)(5).sys 2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(13)(2).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(3).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(4).sys 2006-04-08 23:04 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(13)(5).sys 2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(14)(2).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(3).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(4).sys 2006-04-08 09:21 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(14)(5).sys 2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(15)(2).sys 2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(3).sys 2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(4).sys 2006-04-08 08:52 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(15)(5).sys 2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(16)(2).sys 2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(3).sys 2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(4).sys 2006-04-07 22:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(16)(5).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(17)(2).sys 2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(3).sys 2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(4).sys 2006-04-07 21:07 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(17)(5).sys 2006-03-31 23:05 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(18)(2).sys 2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(3).sys 2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(4).sys 2006-04-07 20:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(18)(5).sys 2006-03-31 13:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(19)(2).sys 2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(3).sys 2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(4).sys 2006-04-07 16:41 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(19)(5).sys 2004-07-07 22:57 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(2).sys 2006-03-31 12:37 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(20)(2).sys 2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(3).sys 2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(4).sys 2006-04-07 07:18 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(20)(5).sys 2006-03-31 08:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(21)(2).sys 2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(3).sys 2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(4).sys 2006-04-07 06:08 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(21)(5).sys 2006-03-31 08:43 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(22)(2).sys 2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(3).sys 2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(4).sys 2006-03-30 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(23)(2).sys 2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(3).sys 2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(4).sys 2006-03-30 21:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(24)(2).sys 2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(3).sys 2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(4).sys 2006-03-29 22:55 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(25)(2).sys 2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(3).sys 2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(4).sys 2005-05-20 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(26)(2).sys 2006-03-29 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(26)(3).sys 2005-05-20 01:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(27)(2).sys 2006-03-29 06:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(27)(3).sys 2005-05-19 23:28 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(28)(2).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(3).sys 2006-03-12 21:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(4).sys 2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(29)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(29)(3).sys 2004-07-08 00:55 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(3).sys 2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(30)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(30)(3).sys 2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(31)(2).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(31)(3).sys 2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(32)(2).sys 2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(33)(2).sys 2006-04-04 02:21 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(33)(3).sys 2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(34)(2).sys 2006-03-14 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(34)(3).sys 2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(35)(2).sys 2006-03-15 02:10 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(35)(3).sys 2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(36)(2).sys 2006-03-15 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(36)(3).sys 2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(37)(2).sys 2006-03-16 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(37)(3).sys 2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(38)(2).sys 2006-03-16 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(38)(3).sys 2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(39)(2).sys 2006-03-17 14:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(39)(3).sys 2004-07-08 00:52 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(4).sys 2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(40)(2).sys 2006-03-17 22:27 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(40)(3).sys 2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(41)(2).sys 2006-03-17 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(41)(3).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(42)(2).sys 2006-03-18 22:07 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(42)(3).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(43)(2).sys 2006-03-19 09:14 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(43)(3).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(44)(2).sys 2006-03-19 18:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(44)(3).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(45)(2).sys 2006-03-20 02:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(45)(3).sys 2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(46)(2).sys 2006-03-20 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(46)(3).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(2).sys 2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(3).sys 2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(48)(2).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(49)(2).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(10).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(11).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(12).sys 2006-04-07 05:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(13).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(14).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(15).sys 2006-04-10 00:58 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(5)(16).sys 2008-04-22 10:44 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(5)(17).sys 2004-08-04 06:01 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(2).sys 2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(3).sys 2006-04-06 21:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(4).sys 2006-03-28 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(5).sys 2005-06-01 23:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(6).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(7).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(8).sys 2005-06-12 18:12 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(5)(9).sys 2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(54)(2).sys 2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(55)(2).sys 2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(56)(2).sys 2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(57)(2).sys 2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(58)(2).sys 2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(59)(2).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(10).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(11).sys 2006-04-07 02:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(12).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(13).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(14).sys 2006-04-10 00:15 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(6)(15).sys 2008-04-22 09:20 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(6)(16).sys 2006-02-06 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(2).sys 2006-04-06 04:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(3).sys 2005-05-31 00:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(4).sys 2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(5).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(6).sys 2005-06-12 17:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(6)(7).sys 2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(8).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(9).sys 2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(60)(2).sys 2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(61)(2).sys 2006-03-12 07:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(61)(3).sys 2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(62)(2).sys 2006-03-11 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(62)(3).sys 2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(63)(2).sys 2006-03-10 20:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(63)(3).sys 2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(64)(2).sys 2006-03-09 23:19 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(64)(3).sys 2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(65)(2).sys 2006-03-08 20:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(65)(3).sys 2006-03-08 00:58 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(66)(2).sys 2006-03-07 22:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(67)(2).sys 2006-03-07 19:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(68)(2).sys 2006-03-06 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(69)(2).sys 2006-10-04 05:08 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(10).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(11).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(12).sys 2006-04-09 21:05 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(7)(13).sys 2008-04-22 08:51 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(7)(14).sys 2006-04-06 04:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(3).sys 2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(4).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(5).sys 2005-06-12 03:28 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(7)(6).sys 2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(7).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(8).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(9).sys 2006-03-06 06:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(70)(2).sys 2006-03-05 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(71)(2).sys 2006-03-05 05:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(72)(2).sys 2006-03-04 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(73)(2).sys 2006-03-04 18:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(74)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(75)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(10).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(11).sys 2006-04-09 20:03 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(8)(12).sys 2008-04-20 21:21 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(8)(13).sys 2006-04-06 04:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(3).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(4).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(5).sys 2005-06-12 03:19 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(8)(6).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(7).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(8).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(9).sys 2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(87)(2).sys 2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(88)(2).sys 2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(89)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(10).sys 2006-04-09 19:43 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(9)(11).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(12).sys 2006-04-06 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(3).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(4).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(5).sys 2005-06-12 06:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(9)(6).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(7).sys 2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(8).sys 2006-04-06 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(9).sys 2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(90)(2).sys 2005-06-01 19:19 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(90)(3).sys 2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(91)(2).sys 2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(92)(2).sys 2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(93)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(99)(2).sys 2004-12-17 23:29 . 2004-12-17 23:29 71 -csha-w- c:\windows\system32\SYSDRVREB.SYS . ((((((((((((((((((((((((((((( SnapShot@2009-06-09_05.11.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-09 10:48 . 2009-06-09 10:48 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat + 2009-06-09 10:45 . 2009-06-09 10:45 60416 c:\windows\Temp\Perflib_Perfdata__755.dat - 2009-06-09 05:08 . 2009-06-09 05:08 60416 c:\windows\Temp\Perflib_Perfdata__755.dat + 2009-06-09 06:47 . 2009-06-09 06:47 53248 c:\windows\Temp\catchme.dll - 2009-06-09 05:11 . 2009-06-09 05:11 53248 c:\windows\Temp\catchme.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264] "IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928] "Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-02-01 102400] "USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-24 81920] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] c:\documents and settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-8-28 552960] c:\documents and settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\ AutoTBar.exe [2003-6-18 53248] mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Outlook Express\\wab.exe"= "c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aim6.exe"= "c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aolsoftware.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [1/25/2004 7:00 PM 2560] R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [1/17/2004 9:01 PM 30112] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12/17/2008 8:36 PM 33792] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/6/2007 2:58 PM 42112] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34] 2009-01-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/http://www.yahoo.com IE: &AIM Search IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html LSP: c:\windows\system32\DRWEBSP.DLL DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-08 22:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1033579849-865041543-3952056309-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrllkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6] "1"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,36,b1,2e,f7,56,49,5f, 1a "2"=hex:75,4f,d5,56,e6,9d,1a,13,c8,71,03,1e,73,6c,6e,62,58,a8,9a,49,4f,b9,cd, 0f,5b,63,25,a5,82,25,ac,36 "3"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,f0,b4,6d,ee,bc,c7,ac, 0b,c8,17,e0,ea,3a,b9,a9,b3,2b,85,23,84,db,a5,db,15,57,06,da,7a,f2,b6,f8,62,\ [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrllkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6\BC8EEB13EC0E80C548E5EE71D72FCCB1] "1"=hex:7e,63,ed,e4,ff,c6,da,b0,3c,b3,ff,e0,03,2b,bc,b2,da,51,f5,e7,5b,21,e3, 14 "2"=hex:ff,46,a9,cd,53,d2,ef,98 "3"=hex:04,d1,c8,a3,3b,6b,9d,2b,f4,66,3f,34,93,65,a4,2e,0e,13,96,f1,e8,c7,83, 09,69,d3,c6,5b,db,c3,51,5e,90,dd,dd,a5,d2,90,5b,e1,ca,b0,b2,49,e8,b2,87,c4,\ "4"=hex:2f,ad,a2,e7,8a,bf,05,5e "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55, 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\ "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4, 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20 "7"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,56,45,d4,09,32,3d,f1, bb,f7,48,93,b9,38,3c,15,e4,8d,f5,b4,8e,82,72,66,0b,c7,96,98,35,f9,2a,2c,db,\ "8"=hex:63,5a,d7,1b,b1,d4,18,46,1a,71,d0,d8,f4,aa,c9,dc,12,96,5a,35,4b,e0,a7, 97,aa,2b,0b,0b,17,06,5b,f5,f7,ed,c8,65,48,a5,05,1f,94,84,cd,49,ed,e7,fc,e7 "9"=hex:81,20,8f,ab,28,6a,52,9c "18"=hex:70,56,26,33,e3,20,f8,ab "10"=hex:55,0c,d6,b4,90,c5,27,45 "11"=hex:7d,ba,74,77,fe,09,92,36 "12"=hex:81,20,8f,ab,28,6a,52,9c "13"=hex:81,20,8f,ab,28,6a,52,9c "14"=hex:81,20,8f,ab,28,6a,52,9c "24"=hex:81,20,8f,ab,28,6a,52,9c "26"=hex:81,20,8f,ab,28,6a,52,9c "27"=hex:81,20,8f,ab,28,6a,52,9c "19"=hex:81,20,8f,ab,28,6a,52,9c "22"=hex:81,20,8f,ab,28,6a,52,9c . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(900) c:\windows\system32\DRWEBSP.DLL - - - - - - - > 'explorer.exe'(2180) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\libusbd-nt.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\windows\system32\wscntfy.exe c:\progra~1\Yahoo!\browser\ycommon.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************* . Completion time: 2009-06-09 22:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-09 06:54 ComboFix2.txt 2009-06-09 05:19 Pre-Run: 56,327,225,344 bytes free Post-Run: 56,329,396,224 bytes free 446 --- E O F --- 2009-05-30 05:13 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Tuesday, June 9, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Tuesday, June 09, 2009 08:46:59 Records in database: 2330123 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ G:\ H:\ J:\ K:\ L:\ Scan statistics: Files scanned: 105701 Threat name: 7 Infected objects: 46 Suspicious objects: 0 Duration of the scan: 02:42:09 File name / Threat name / Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AAC7B61.exe Infected: not-a-virus:AdWare.Win32.BlazeFind.b 1 C:\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a00724 Infected: Trojan-Clicker.Win32.VB.ku 1 C:\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a02536 Infected: Trojan-Clicker.Win32.VB.ku 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-3973bd34-645e9210.zip.bac_a02536 Infected: Trojan.Java.Femad 4 C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-3973bd34-645e9210.zip.bac_a02536 Infected: Hoax.Win32.Renos.bb 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-5d6c59a1-5d7f637a.zip.bac_a02536 Infected: Trojan.Java.Femad 4 C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-5d6c59a1-5d7f637a.zip.bac_a02536 Infected: Trojan-Downloader.Win32.Tiny.bw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-5f5cccb6-64350184.zip.bac_a02536 Infected: Trojan.Java.Femad 4 C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-5f5cccb6-64350184.zip.bac_a02536 Infected: Trojan.Win32.Small.ev 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-76c9ea78-504f5bbf.zip.bac_a02536 Infected: Trojan.Java.Femad 4 C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-76c9ea78-504f5bbf.zip.bac_a02536 Infected: Trojan.Win32.Small.ev 1 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a00724 Infected: Trojan-Clicker.Win32.VB.ku 1 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a02536 Infected: Trojan-Clicker.Win32.VB.ku 1 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-3973bd34-645e9210.zip.bac_a02536 Infected: Trojan.Java.Femad 4 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-3973bd34-645e9210.zip.bac_a02536 Infected: Hoax.Win32.Renos.bb 1 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-5d6c59a1-5d7f637a.zip.bac_a02536 Infected: Trojan.Java.Femad 4 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-5d6c59a1-5d7f637a.zip.bac_a02536 Infected: Trojan-Downloader.Win32.Tiny.bw 1 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-5f5cccb6-64350184.zip.bac_a02536 Infected: Trojan.Java.Femad 4 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-5f5cccb6-64350184.zip.bac_a02536 Infected: Trojan.Win32.Small.ev 1 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-76c9ea78-504f5bbf.zip.bac_a02536 Infected: Trojan.Java.Femad 4 C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar.jar-76c9ea78-504f5bbf.zip.bac_a02536 Infected: Trojan.Win32.Small.ev 1 C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1120\A0240430.dll Infected: not-a-virus:FraudTool.Win32.Ascentive.b 1 The selected area was scanned. and i have the microsoft defealt firewall and spybot search and destroy

06-10-2009, 10:07 PM	#8 (permalink)
klowery11115 Registered User Join Date: Jun 2009 Location: detroit michigan Posts: 7 OS: windows xp	Re: heres my new scans help plz my computer is running so slow!!!!!!! ComboFix 09-06-09.06 - Owner 06/09/2009 13:32.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.165 [GMT -8:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt FW: Norton Internet Worm Protection disabled {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Symantec c:\documents and settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate c:\documents and settings\Owner\.housecall\Quarantine c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com . ((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 ))))))))))))))))))))))))))))))) . 2009-06-09 19:36 . 2009-06-09 19:50 -------- d-----w- c:\program files\Windows Live Safety Center 2009-06-09 19:35 . 2009-06-09 19:35 -------- d-----w- c:\windows\LastGood 2009-06-08 13:05 . 2009-06-08 13:05 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2009-06-08 13:04 . 2009-06-08 13:04 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-05-30 05:23 . 2009-05-30 05:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-05-30 05:16 . 2009-05-30 05:16 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-05-30 05:12 . 2009-05-30 05:12 -------- d-----w- c:\windows\ie8updates 2009-05-30 05:11 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-05-30 05:09 . 2009-05-30 05:10 -------- dc-h--w- c:\windows\ie8 2009-05-27 01:17 . 2009-05-27 01:17 321536 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\engine_vx.dll 2009-05-27 01:16 . 2009-05-27 01:16 18724 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\bass.dll 2009-05-27 01:16 . 2009-05-27 01:16 26200 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll 2009-05-27 01:16 . 2009-05-27 01:16 16952 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll 2009-05-27 01:16 . 2009-05-27 01:16 15416 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll 2009-05-27 01:16 . 2009-05-27 01:16 14392 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll 2009-05-27 01:16 . 2009-05-27 01:16 13984 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll 2009-05-27 01:16 . 2009-05-27 01:16 10808 ----atw- c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll 2009-05-22 02:37 . 2002-11-05 23:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll 2009-05-18 01:04 . 2009-05-18 01:04 2967799 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-15 18:41 . 2009-06-09 10:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Napster 2009-05-15 11:52 . 2009-05-17 02:10 -------- dc----w- C:\Downloads 2009-05-11 15:51 . 2009-05-11 15:51 -------- d-----w- c:\program files\Windows Media Connect 2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-09 18:59 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf.sys 2009-06-09 10:28 . 2004-05-25 22:26 -------- d-----w- c:\program files\Common Files\Java 2009-06-09 10:28 . 2003-12-25 18:46 -------- d-----w- c:\program files\Java 2009-06-09 10:13 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-07 12:14 . 2006-12-15 00:09 -------- d-----w- c:\program files\AIM6 2009-06-06 13:46 . 2008-02-04 02:53 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-06 07:21 . 2004-12-07 02:09 -------- d-----w- c:\program files\Common Files\Motive 2009-06-06 07:15 . 2004-12-28 10:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-06 04:30 . 2004-12-07 02:09 -------- d-----w- c:\program files\SBC Self Support Tool 2009-06-06 04:28 . 2003-08-24 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive 2009-05-18 01:04 . 2008-11-16 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-09 19:09 . 2004-12-03 05:16 -------- d-----w- c:\program files\Yahoo! 2009-05-06 17:02 . 2008-12-23 07:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit 2009-04-06 23:32 . 2008-11-16 02:37 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 23:32 . 2008-11-16 02:37 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-03-28 02:41 . 2009-03-28 02:41 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2005-11-26 22:48 . 2005-11-26 22:49 774144 -c--a-w- c:\program files\RngInterstitial.dll 2001-09-29 01:00 . 2005-03-16 07:34 164864 -c--a-w- c:\program files\UNWISE.EXE 2005-09-20 08:05 . 2004-01-18 17:29 152 -csh--r- c:\windows\system32\3741FB9001.sys 2003-12-29 06:15 . 2003-12-26 02:07 56 -csh--r- c:\windows\system32\BC2C6383F0.sys 2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(10)(2).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(3).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(10)(4).sys 2005-05-31 00:47 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(10)(5).sys 2006-04-09 18:20 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(10)(6).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(100)(2).sys 2006-03-13 22:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(104)(2).sys 2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(11)(2).sys 2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(3).sys 2005-05-28 08:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(11)(4).sys 2006-04-09 16:51 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(11)(5).sys 2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(12)(2).sys 2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(3).sys 2005-05-28 01:25 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(12)(4).sys 2006-04-09 15:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(12)(5).sys 2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(13)(2).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(3).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(13)(4).sys 2006-04-08 23:04 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(13)(5).sys 2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(14)(2).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(3).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(14)(4).sys 2006-04-08 09:21 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(14)(5).sys 2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(15)(2).sys 2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(3).sys 2005-05-26 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(15)(4).sys 2006-04-08 08:52 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(15)(5).sys 2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(16)(2).sys 2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(3).sys 2005-05-25 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(16)(4).sys 2006-04-07 22:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(16)(5).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(17)(2).sys 2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(3).sys 2005-05-24 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(17)(4).sys 2006-04-07 21:07 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(17)(5).sys 2006-03-31 23:05 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(18)(2).sys 2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(3).sys 2005-05-23 23:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(18)(4).sys 2006-04-07 20:57 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(18)(5).sys 2006-03-31 13:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(19)(2).sys 2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(3).sys 2005-05-23 00:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(19)(4).sys 2006-04-07 16:41 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(19)(5).sys 2004-07-07 22:57 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(2).sys 2006-03-31 12:37 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(20)(2).sys 2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(3).sys 2005-05-21 20:31 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(20)(4).sys 2006-04-07 07:18 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(20)(5).sys 2006-03-31 08:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(21)(2).sys 2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(3).sys 2005-05-21 10:14 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(21)(4).sys 2006-04-07 06:08 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(21)(5).sys 2006-03-31 08:43 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(22)(2).sys 2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(3).sys 2005-05-21 09:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(22)(4).sys 2006-03-30 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(23)(2).sys 2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(3).sys 2005-05-21 08:41 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(23)(4).sys 2006-03-30 21:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(24)(2).sys 2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(3).sys 2005-05-21 03:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(24)(4).sys 2006-03-29 22:55 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(25)(2).sys 2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(3).sys 2005-05-21 03:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(25)(4).sys 2005-05-20 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(26)(2).sys 2006-03-29 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(26)(3).sys 2005-05-20 01:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(27)(2).sys 2006-03-29 06:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(27)(3).sys 2005-05-19 23:28 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(28)(2).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(3).sys 2006-03-12 21:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(28)(4).sys 2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(29)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(29)(3).sys 2004-07-08 00:55 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(3).sys 2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(30)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(30)(3).sys 2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(31)(2).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(31)(3).sys 2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(32)(2).sys 2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(33)(2).sys 2006-04-04 02:21 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(33)(3).sys 2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(34)(2).sys 2006-03-14 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(34)(3).sys 2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(35)(2).sys 2006-03-15 02:10 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(35)(3).sys 2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(36)(2).sys 2006-03-15 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(36)(3).sys 2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(37)(2).sys 2006-03-16 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(37)(3).sys 2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(38)(2).sys 2006-03-16 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(38)(3).sys 2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(39)(2).sys 2006-03-17 14:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(39)(3).sys 2004-07-08 00:52 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(4).sys 2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(40)(2).sys 2006-03-17 22:27 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(40)(3).sys 2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(41)(2).sys 2006-03-17 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(41)(3).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(42)(2).sys 2006-03-18 22:07 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(42)(3).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(43)(2).sys 2006-03-19 09:14 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(43)(3).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(44)(2).sys 2006-03-19 18:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(44)(3).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(45)(2).sys 2006-03-20 02:41 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(45)(3).sys 2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(46)(2).sys 2006-03-20 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(46)(3).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(2).sys 2005-05-16 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(47)(3).sys 2005-05-15 00:07 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(48)(2).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(49)(2).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(10).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(11).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(12).sys 2006-04-07 05:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(13).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(14).sys 2006-04-03 23:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(15).sys 2006-04-10 00:58 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(5)(16).sys 2008-04-22 10:44 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(5)(17).sys 2004-08-04 06:01 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(2).sys 2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(3).sys 2006-04-06 21:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(4).sys 2006-03-28 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(5)(5).sys 2005-06-01 23:05 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(6).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(7).sys 2005-05-29 20:34 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(5)(8).sys 2005-06-12 18:12 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(5)(9).sys 2005-05-16 05:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(54)(2).sys 2005-05-16 07:18 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(55)(2).sys 2005-05-16 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(56)(2).sys 2005-05-16 23:08 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(57)(2).sys 2005-05-17 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(58)(2).sys 2005-05-17 22:53 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(59)(2).sys 2005-05-28 09:02 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(10).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(11).sys 2006-04-07 02:45 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(12).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(13).sys 2006-04-03 22:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(14).sys 2006-04-10 00:15 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(6)(15).sys 2008-04-22 09:20 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(6)(16).sys 2006-02-06 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(2).sys 2006-04-06 04:53 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(6)(3).sys 2005-05-31 00:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(4).sys 2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(5).sys 2005-05-15 11:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(6).sys 2005-06-12 17:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(6)(7).sys 2005-05-29 04:27 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(8).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(6)(9).sys 2005-05-18 05:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(60)(2).sys 2005-05-18 06:44 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(61)(2).sys 2006-03-12 07:36 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(61)(3).sys 2005-05-18 22:48 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(62)(2).sys 2006-03-11 22:48 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(62)(3).sys 2005-05-18 23:23 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(63)(2).sys 2006-03-10 20:29 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(63)(3).sys 2005-05-19 02:13 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(64)(2).sys 2006-03-09 23:19 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(64)(3).sys 2005-05-19 22:50 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(65)(2).sys 2006-03-08 20:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(65)(3).sys 2006-03-08 00:58 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(66)(2).sys 2006-03-07 22:33 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(67)(2).sys 2006-03-07 19:57 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(68)(2).sys 2006-03-06 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(69)(2).sys 2006-10-04 05:08 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(10).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(11).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(12).sys 2006-04-09 21:05 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(7)(13).sys 2008-04-22 08:51 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(7)(14).sys 2006-04-06 04:47 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(7)(3).sys 2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(4).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(5).sys 2005-06-12 03:28 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(7)(6).sys 2005-05-29 04:17 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(7).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(8).sys 2005-05-27 22:47 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(7)(9).sys 2006-03-06 06:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(70)(2).sys 2006-03-05 19:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(71)(2).sys 2006-03-05 05:51 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(72)(2).sys 2006-03-04 22:22 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(73)(2).sys 2006-03-04 18:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(74)(2).sys 2006-04-02 21:06 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(75)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(10).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(11).sys 2006-04-09 20:03 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(8)(12).sys 2008-04-20 21:21 . 2006-04-10 03:07 1057 --sha-w- c:\windows\system32\mmf(8)(13).sys 2006-04-06 04:40 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(2).sys 2006-04-02 05:15 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(8)(3).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(4).sys 2005-05-15 20:06 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(5).sys 2005-06-12 03:19 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(8)(6).sys 2005-05-29 01:11 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(7).sys 2005-05-15 19:24 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(8).sys 2005-05-27 05:30 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(8)(9).sys 2006-04-04 07:02 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(87)(2).sys 2006-04-04 15:31 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(88)(2).sys 2006-04-04 17:35 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(89)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(10).sys 2006-04-09 19:43 . 2006-04-07 06:08 1057 --sha-w- c:\windows\system32\mmf(9)(11).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(12).sys 2006-04-06 04:20 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(3).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(4).sys 2005-05-15 20:36 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(5).sys 2005-06-12 06:59 . 2005-06-01 19:29 1057 -csha-w- c:\windows\system32\mmf(9)(6).sys 2005-05-28 21:35 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(7).sys 2005-05-14 23:09 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(9)(8).sys 2006-04-06 22:50 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(9)(9).sys 2006-04-04 20:16 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(90)(2).sys 2005-06-01 19:19 . 2004-01-26 03:00 1057 -csha-w- c:\windows\system32\mmf(90)(3).sys 2006-04-04 22:52 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(91)(2).sys 2006-04-05 23:09 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(92)(2).sys 2006-04-05 23:24 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(93)(2).sys 2006-04-01 19:49 . 2005-06-01 19:29 1057 --sha-w- c:\windows\system32\mmf(99)(2).sys 2004-12-17 23:29 . 2004-12-17 23:29 71 -csha-w- c:\windows\system32\SYSDRVREB.SYS . ((((((((((((((((((((((((((((( SnapShot@2009-06-09_05.11.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-09 18:59 . 2009-06-09 18:59 16384 c:\windows\Temp\Perflib_Perfdata_130.dat + 2009-06-09 21:38 . 2009-06-09 21:38 53248 c:\windows\Temp\catchme.dll - 2009-06-09 05:11 . 2009-06-09 05:11 53248 c:\windows\Temp\catchme.dll + 2009-03-16 22:01 . 2009-03-16 22:01 452488 c:\windows\Downloaded Program Files\wlscBase.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264] "IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928] "Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-02-01 102400] "USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-24 81920] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] c:\documents and settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-8-28 552960] c:\documents and settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\ AutoTBar.exe [2003-6-18 53248] mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Outlook Express\\wab.exe"= "c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aim6.exe"= "c:\\Program Files\\Common Files\\AOL\\1145570059\\ee\\aolsoftware.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [1/25/2004 7:00 PM 2560] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/29/2007 4:26 PM 24652] R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [1/17/2004 9:01 PM 30112] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12/17/2008 8:36 PM 33792] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/6/2007 2:58 PM 42112] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34] 2009-01-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/http://www.yahoo.com IE: &AIM Search IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html LSP: c:\windows\system32\DRWEBSP.DLL DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-09 13:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1033579849-865041543-3952056309-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrllkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6] "1"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,36,b1,2e,f7,56,49,5f, 1a "2"=hex:75,4f,d5,56,e6,9d,1a,13,c8,71,03,1e,73,6c,6e,62,58,a8,9a,49,4f,b9,cd, 0f,5b,63,25,a5,82,25,ac,36 "3"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,f0,b4,6d,ee,bc,c7,ac, 0b,c8,17,e0,ea,3a,b9,a9,b3,2b,85,23,84,db,a5,db,15,57,06,da,7a,f2,b6,f8,62,\ [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \7B89AC59B91B61F6\BC8EEB13EC0E80C548E5EE71D72FCCB1] "1"=hex:7e,63,ed,e4,ff,c6,da,b0,3c,b3,ff,e0,03,2b,bc,b2,da,51,f5,e7,5b,21,e3, 14 "2"=hex:ff,46,a9,cd,53,d2,ef,98 "3"=hex:04,d1,c8,a3,3b,6b,9d,2b,f4,66,3f,34,93,65,a4,2e,0e,13,96,f1,e8,c7,83, 09,69,d3,c6,5b,db,c3,51,5e,90,dd,dd,a5,d2,90,5b,e1,ca,b0,b2,49,e8,b2,87,c4,\ "4"=hex:2f,ad,a2,e7,8a,bf,05,5e "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55, 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\ "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4, 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20 "7"=hex:e2,7f,28,b3,f4,78,a8,90,a3,fe,4e,87,45,83,70,cb,56,45,d4,09,32,3d,f1, bb,f7,48,93,b9,38,3c,15,e4,8d,f5,b4,8e,82,72,66,0b,c7,96,98,35,f9,2a,2c,db,\ "8"=hex:63,5a,d7,1b,b1,d4,18,46,1a,71,d0,d8,f4,aa,c9,dc,12,96,5a,35,4b,e0,a7, 97,aa,2b,0b,0b,17,06,5b,f5,f7,ed,c8,65,48,a5,05,1f,94,84,cd,49,ed,e7,fc,e7 "9"=hex:81,20,8f,ab,28,6a,52,9c "18"=hex:70,56,26,33,e3,20,f8,ab "10"=hex:55,0c,d6,b4,90,c5,27,45 "11"=hex:7d,ba,74,77,fe,09,92,36 "12"=hex:81,20,8f,ab,28,6a,52,9c "13"=hex:81,20,8f,ab,28,6a,52,9c "14"=hex:81,20,8f,ab,28,6a,52,9c "24"=hex:81,20,8f,ab,28,6a,52,9c "26"=hex:81,20,8f,ab,28,6a,52,9c "27"=hex:81,20,8f,ab,28,6a,52,9c "19"=hex:81,20,8f,ab,28,6a,52,9c "22"=hex:81,20,8f,ab,28,6a,52,9c . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\DRWEBSP.DLL . Completion time: 2009-06-09 13:45 ComboFix-quarantined-files.txt 2009-06-09 21:44 ComboFix2.txt 2009-06-09 06:55 ComboFix3.txt 2009-06-09 05:19 Pre-Run: 56,170,618,880 bytes free Post-Run: 56,243,617,792 bytes free 425 --- E O F --- 2009-05-30 05:13 Avira AntiVir Personal Report file date: Wednesday, June 10, 2009 22:42 Scanning for 1462412 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : KJL4LIFE Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/11/2009 06:36:35 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 19:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 20:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 19:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 21:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 05:33:26 ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 5/29/2009 06:36:35 ANTIVIR3.VDF : 7.1.4.82 321024 Bytes 6/10/2009 06:36:35 Engineversion : 8.2.0.183 AEVDF.DLL : 8.1.1.1 106868 Bytes 6/11/2009 06:36:35 AESCRIPT.DLL : 8.1.2.0 389497 Bytes 6/11/2009 06:36:35 AESCN.DLL : 8.1.2.3 127347 Bytes 6/11/2009 06:36:35 AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 03:24:41 AEPACK.DLL : 8.1.3.18 401783 Bytes 6/11/2009 06:36:35 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 05:01:56 AEHEUR.DLL : 8.1.0.129 1761655 Bytes 6/11/2009 06:36:35 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 05:01:56 AEGEN.DLL : 8.1.1.45 348532 Bytes 6/11/2009 06:36:35 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 23:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 6/11/2009 06:36:35 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 23:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 17:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 19:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 23:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 19:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/25/2009 00:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 19:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/29/2009 00:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 17:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 19:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/11/2009 06:36:35 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 19:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Wednesday, June 10, 2009 22:42 Starting search for hidden objects. '78594' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned Scan process 'dpupdchk.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'ycommon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'itype.exe' - '1' Module(s) have been scanned Scan process 'ybrwicon.exe' - '1' Module(s) have been scanned Scan process 'USISrv.exe' - '1' Module(s) have been scanned Scan process 'IPClient.exe' - '1' Module(s) have been scanned Scan process 'shwicon2k.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'Runservice.exe' - '1' Module(s) have been scanned Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 43 processes with 43 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Master boot sector HD4 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '70' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\AutoTBar.exe [DETECTION] Is the TR/Agent.duu Trojan C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe [DETECTION] Is the TR/Agent.duu Trojan C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a00724 [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a00724 [DETECTION] Is the TR/Click.VB.KU Trojan C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a02536 [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a02536 [DETECTION] Is the TR/Click.VB.KU Trojan C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\archive.jar-1803745e-249b4939.zip [0] Archive type: ZIP --> B.class [DETECTION] Is the TR/Fortn.A Trojan --> D.class [DETECTION] Is the TR/Fortn.B Trojan C:\hp\bin\AUTOTKIT.EXE [DETECTION] Is the TR/Agent.duu Trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AAC7B61.exe.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AAC7B61.exe.vir [DETECTION] Is the TR/Dldr.Small.D.2 Trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000011.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000011.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/BookedSpa.e.1 adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000013.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000013.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/BookedSpa.e.1 adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000001.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000001.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000005.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000005.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000006.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000006.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000007.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000007.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000008.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000008.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000009.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000009.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/ZenoSearch.S adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000001.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000001.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/180Solution.Q adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000002.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000002.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/180Solution.Q adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000003.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000003.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/180Solution.BC adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000004.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000004.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/180Solution.Q adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000005.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000005.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/180Solution.K adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1E33E0B1-86D8-4408-8C75-5FFA4A31149F}\00000001.URM.vir [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1E33E0B1-86D8-4408-8C75-5FFA4A31149F}\00000002.URM.vir [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\00000019.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\00000019.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/AbetterInet adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\0000001A.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\0000001A.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/AbetterInet adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{D9C160FF-DFE7-4328-BE00-0ED01EE59B3D}\00000001.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{D9C160FF-DFE7-4328-BE00-0ED01EE59B3D}\00000001.URM.vir [DETECTION] Is the TR/Dldr.BlaBlockz.3 Trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000009.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000009.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/Delfin.B adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000039.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000039.URM.vir [DETECTION] Contains recognition pattern of the ADSPY/Delphin.f.4.B adware or spyware C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F00BE4D0-4AE3-43DA-B71A-19B91618DF14}\00000001.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F00BE4D0-4AE3-43DA-B71A-19B91618DF14}\00000001.URM.vir [DETECTION] Is the TR/Dldr.IstB.gx.3.A Trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F4692FAE-B01D-49D2-A5AB-20B926292E16}\00000001.URM.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F4692FAE-B01D-49D2-A5AB-20B926292E16}\00000001.URM.vir [DETECTION] Is the TR/Dldr.Small.ASF.3 Trojan C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a00724.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a00724.vir [DETECTION] Is the TR/Click.VB.KU Trojan C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a02536.vir [0] Archive type: HIDDEN --> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a02536.vir [DETECTION] Is the TR/Click.VB.KU Trojan C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1158\A0245166.exe [0] Archive type: HIDDEN --> FIL\\\?\C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1158\A0245166.exe [DETECTION] Is the TR/Dldr.Small.D.2 Trojan C:\WINDOWS\system32\mmf.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\webdlg32.inf [DETECTION] Contains recognition pattern of the ADSPY/SBSoft adware or spyware C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd1517.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <HP_RECOVERY> Beginning disinfection: C:\Documents and Settings\Administrator.KJL4LIFE.000\Start Menu\Programs\Startup\AutoTBar.exe [DETECTION] Is the TR/Agent.duu Trojan [NOTE] The file was moved to '4aa4b9de.qua'! C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe [DETECTION] Is the TR/Agent.duu Trojan [NOTE] The file was moved to '4bc36bff.qua'! C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a00724 [NOTE] The file was moved to '4a9fb9cd.qua'! C:\Documents and Settings\Owner\.housecall6.6\Quarantine\adobemgr.exe.bac_a02536 [NOTE] The file was moved to '4bc6b406.qua'! C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\archive.jar-1803745e-249b4939.zip [NOTE] The file was moved to '4a93b9db.qua'! C:\hp\bin\AUTOTKIT.EXE [DETECTION] Is the TR/Agent.duu Trojan [NOTE] The file was moved to '4a84b9be.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AAC7B61.exe.vir [NOTE] The file was moved to '4a71b9ab.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000011.URM.vir [NOTE] The file was moved to '4a60b99a.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0A473F68-84AE-44D4-BF39-7814F54BAAE8}\00000013.URM.vir [NOTE] The file was moved to '489d9a53.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000001.URM.vir [NOTE] The file was moved to '489e920b.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000005.URM.vir [NOTE] The file was moved to '489f8ac3.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000006.URM.vir [NOTE] The file was moved to '496082bb.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000007.URM.vir [NOTE] The file was moved to '4961fb73.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000008.URM.vir [NOTE] The file was moved to '4962f32b.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0E3439F3-807E-4D81-839F-6D3E0B253AFA}\00000009.URM.vir [NOTE] The file was moved to '4963ebe3.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000001.URM.vir [NOTE] The file was moved to '4964e3db.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000002.URM.vir [NOTE] The file was moved to '4965db93.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000003.URM.vir [NOTE] The file was moved to '4966d04b.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000004.URM.vir [NOTE] The file was moved to '4967c803.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0FCD981F-CC6C-44FE-81B0-A1CC4247FE47}\00000005.URM.vir [NOTE] The file was moved to '4968c0fb.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1E33E0B1-86D8-4408-8C75-5FFA4A31149F}\00000001.URM.vir [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan [NOTE] The file was moved to '496938b3.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1E33E0B1-86D8-4408-8C75-5FFA4A31149F}\00000002.URM.vir [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan [NOTE] The file was moved to '496a316b.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\00000019.URM.vir [NOTE] The file was moved to '496b2923.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{68F8690B-BF73-4BD5-B6A0-2BF4D97170F5}\0000001A.URM.vir [NOTE] The file was moved to '496c211b.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{D9C160FF-DFE7-4328-BE00-0ED01EE59B3D}\00000001.URM.vir [NOTE] The file was moved to '4a60b99b.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000009.URM.vir [NOTE] The file was moved to '48964c84.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E3355687-DDD7-42CF-BDE8-1A213201DBDF}\00000039.URM.vir [NOTE] The file was moved to '496f1644.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F00BE4D0-4AE3-43DA-B71A-19B91618DF14}\00000001.URM.vir [NOTE] The file was moved to '49700e3c.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F4692FAE-B01D-49D2-A5AB-20B926292E16}\00000001.URM.vir [NOTE] The file was moved to '497106f4.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a00724.vir [NOTE] The file was moved to '4a9fb9cf.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall\Quarantine\adobemgr.exe.bac_a02536.vir [NOTE] The file was moved to '4866bd78.qua'! C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1158\A0245166.exe [NOTE] The file was moved to '4a62b99b.qua'! C:\WINDOWS\system32\webdlg32.inf [DETECTION] Contains recognition pattern of the ADSPY/SBSoft adware or spyware [NOTE] The file was moved to '4a92b9d0.qua'! End of the scan: Wednesday, June 10, 2009 23:59 Used time: 1:00:20 Hour(s) The scan has been done completely. 11953 Scanned directories 416931 Files were scanned 34 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 33 Files were moved to quarantine 0 Files were renamed 4 Files cannot be scanned 416893 Files not concerned 16306 Archives were scanned 4 Warnings 34 Notes 78594 Objects were scanned with rootkit scan 0 Hidden objects were found Malwarebytes' Anti-Malware 1.37 Database version: 2255 Windows 5.1.2600 Service Pack 2 6/10/2009 6:12:05 PM mbam-log-2009-06-10 (18-12-00).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 209861 Time elapsed: 40 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files\bps data shredder\CtxMenu.dll (Rogue.BulletProofSpyware) -> No action taken. c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP1120\A0240429.dll (Rogue.BulletProofSpyware) -> No action taken. c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP1120\A0240430.dll (Adware.Ascentive) -> No action taken. c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP1143\A0243370.exe (Adware.RelevantKnowledge) -> No action taken. c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP1143\A0243371.exe (Adware.RelevantKnowledge) -> No action taken. c:\Qoobox\quarantine\C\program files\relevantknowledge\rlservice.exe.vir (Adware.RelevantKnowledge) -> No action taken. c:\Qoobox\quarantine\C\program files\relevantknowledge\rlvknlg.exe.vir (Adware.RelevantKnowledge) -> No action taken. C:\WINDOWS\system32\lncom_.exe (Backdoor.ProRat) -> No action taken.

06-11-2009, 08:10 AM	#9 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,420 OS: XP SP3	Re: heres my new scans help plz my computer is running so slow!!!!!!! Hi, It's looking good ...... just a couple more things to take care of. How is the system behaving now? Open Notepad and copy/paste the entire contents of the codebox below into Notepad: Code: @echo off if exist "%temp%\log.txt" del "%temp%\log.txt" For %%g in ( C:\WINDOWS\system32\lncom_.exe ) do if exist %%g ( del /a/f %%g if exist echo.%%g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! nircmd wait 7000 del %0 Save this Notepad file as del.bat and choose to Save as type: - All Files then close the Notepad file. It should look like this: Double-click on del.bat to run it. Post back to tell me what it says. ==================================== Download regsrch.zip to your Desktop. 1. Unzip the contents of RegSrch.zip to a convenient location. 2. Double-click on RegSrch.vbs. 3. If you have an anti-virus installed it might prompt you about a running script. 4. Please ignore this warning and allow the script to run. 5. In the "Enter search string (case insensitive) and click OK..." box, paste this string: 990F9400-4CEE-43EA-A83A-D013ADD8EA6E 6. Click "OK" to search the registry for that string. 7. Wait for a few minutes while it completes the search. 8. Click "OK" to open the results in WordPad. 9. Copy and paste the entire results into your next post. ==================================== Please download HJTInstall.exe from here and save it to your desktop Double click on the HJTInstall.exe icon on your desktop Click I Accept HijackThis will open Click on the Do a system scan and save a log file button. It will scan and then the log will open in notepad. Paste the log as a reply to this thread. Don't use the Analyse This button - its findings are dangerous if misinterpreted. Do NOT have HijackThis fix anything yet. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

06-11-2009, 05:31 PM	#10 (permalink)
klowery11115 Registered User Join Date: Jun 2009 Location: detroit michigan Posts: 7 OS: windows xp	Re: heres my new scans help plz my computer is running so slow!!!!!!! ok i tried the del.bat and it didnt even do anything a window pops up for like not even a second, RegSrch.vbs. i tried and it said it didnt find any instances of this 990F9400-4CEE-43EA-A83A-D013ADD8EA6E and i hit ok and nothing happend with that no wordpad popped up now heres my hijack log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:27:04 PM, on 6/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\libusbd-nt.exe C:\WINDOWS\runservice.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] "C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'SYSTEM') O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://a305.ac-images.myspacecdn.com...220c778870.jpg -- End of file - 9330 bytes

06-11-2009, 06:24 PM	#11 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,420 OS: XP SP3	Re: heres my new scans help plz my computer is running so slow!!!!!!! Hi, ViewPoint Manager is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". You can read more about it here: http://www.clickz.com/news/article.php/3561546 Additional info: http://vil.nai.com/vil/content/v_137262.htm If you decide to uninstall it, you can do so via Add or Remove Programs in Control Panel. Also delete the following Folders if they still exist afterwards: C:\Program Files\Viewpoint C:\Documents and Settings\All Users\Application Data\Viewpoint ======================= Scan with HijackThis again and put a checkmark against the following entry: R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com Close all browsers and windows other than HijackThis, including this one, and click on "fix checked". Exit HijackThis and restart your computer. ===================== Scan with Malwarebytes' Antimalware again, but this time when the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. ====================== Next, scan with DDS. Post the fresh DDS.txt and the Malwarebytes' log please. Also, let me know how the system is running now. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

06-14-2009, 08:03 AM	#12 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,420 OS: XP SP3	Re: heres my new scans help plz my computer is running so slow!!!!!!! Hi klowery1111, Are you still with us. I usually unsubscribe from the topic if I don't receive a reply within two days without any explanation. The symptoms may have stopped, we still have some job to do. Please reply if you wish to continue. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

06-16-2009, 01:31 PM	#13 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,420 OS: XP SP3	Re: heres my new scans help plz my computer is running so slow!!!!!!! Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: http://www.techsupportforum.com/secu...oval-help.html __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006