JFMid

Members
  • Content Count

    24
  • Joined

  • Last visited

Community Reputation

0 Neutral

About JFMid

  • Rank
    Member
  1. ComboFix 10-11-18.04 - John Midlige 11/19/2010 8:44.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3316.2350 [GMT -5:00] Running from: c:\documents and settings\John Midlige\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\John Midlige\Application Data\Microsoft\stor.cfg c:\documents and settings\John Midlige\Application Data\Microsoft\svchost.exe c:\documents and settings\John Midlige\GoToAssistDownloadHelper.exe C:\Install.exe c:\windows\jestertb.dll . ((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 ))))))))))))))))))))))))))))))) . 2010-11-19 12:38 . 2010-11-19 12:38 172 ---ha-w- C:\aaw7boot.cmd 2010-11-18 18:52 . 2010-11-18 18:52 -------- d-----w- c:\program files\Trend Micro 2010-11-18 13:41 . 2010-11-18 13:41 -------- d-----w- C:\_OTM 2010-11-16 16:29 . 2010-11-04 00:57 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-11-16 16:29 . 2010-11-04 00:57 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-11-16 16:21 . 2010-11-16 16:21 -------- d-----w- c:\program files\iPod 2010-11-16 16:21 . 2010-11-16 16:22 -------- d-----w- c:\program files\iTunes 2010-11-11 15:19 . 2010-11-11 15:19 -------- d-----w- c:\program files\Common Files\xing shared 2010-11-11 15:18 . 2010-11-11 15:19 -------- d-----w- c:\program files\Real . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-04 00:57 . 2009-11-18 19:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-18 16:23 . 2008-04-25 16:16 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2008-04-25 16:16 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2008-04-25 16:16 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2008-04-25 16:16 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-09 13:38 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 13:38 . 2008-04-25 16:16 1830912 ------w- c:\windows\system32\inetcpl.cpl 2010-09-09 13:38 . 2008-04-25 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-09-09 13:38 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll 2010-09-08 15:57 . 2008-04-25 16:16 389120 ----a-w- c:\windows\system32\html.iec 2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-01 11:51 . 2008-04-25 16:16 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:38 . 2008-04-25 16:16 1861888 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2008-04-25 16:16 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2008-04-25 16:16 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2008-04-25 16:16 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-06-26 17:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2008-04-25 16:16 617472 ----a-w- c:\windows\system32\comctl32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XPS Thermal Monitor"="c:\program files\Dell\XPS Thermal Monitor\ThermalApp.exe" [2008-12-09 303104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 16876032] "AlienFX Controller"="c:\program files\Alienware\AlienFX\AlienwareAlienFXController.exe" [2008-10-29 79872] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-16 928496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "360client"="c:\360client\Track360Client.exe" [2009-04-06 2406400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-04 98304] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-11 274608] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160] c:\documents and settings\John Midlige\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] WebSync Reminder.lnk - c:\program files\Dentrix\WebSyncReminder.exe [2008-10-28 86016] c:\documents and settings\Default User\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-21 03:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2009-12-15 22:13 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eSync Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eSync Reminder.lnk backup=c:\windows\pss\eSync Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSync Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WebSync Reminder.lnk backup=c:\windows\pss\WebSync Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter] 2009-01-30 05:50 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DtxQuickLaunch.exe] 2010-03-10 14:44 89240 ----a-w- c:\program files\Dentrix\DtxQuickLaunch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] 2009-07-08 06:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth] 2009-07-07 18:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-09-12 11:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Materialise Dental\\SimPlant Planner 13.0\\SimPlant Planner.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [6/21/2009 12:36 AM 184848] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/10/2009 10:09 AM 64288] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [11/16/2010 11:29 AM 21464] R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [10/2/2008 6:26 PM 122880] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 1:05 PM 155648] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1375992] R2 MatLocalLicenceServer50;Materialise Local License Server 5.0;c:\program files\Common Files\Materialise\LicenseFiles\LicSrv50.exe [9/24/2009 9:08 AM 249856] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [11/16/2010 11:29 AM 69976] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 7:56 AM 15264] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/18/2009 2:55 PM 98392] S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/12/2009 6:41 AM 133104] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [5/14/2008 10:32 AM 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [5/14/2008 10:32 AM 166384] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [5/14/2008 10:31 AM 1120752] S3 RTLE8023;Realtek 10/100/1000 PCI-E NIC Family NT Driver;c:\windows\system32\drivers\rtenic.sys [6/21/2009 12:36 AM 106880] S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\drivers\rtenic64.sys [6/21/2009 12:36 AM 137216] --- Other Services/Drivers In Memory --- *NewlyCreated* - LAVASOFT_KERNEXPLORER . Contents of the 'Scheduled Tasks' folder 2010-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:28] 2010-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:28] 2010-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:28] 2010-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:28] 2010-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-11-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-12 11:40] 2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 11:41] 2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 11:41] 2010-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1297400538-4046397756-1200451295-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 23:32] 2010-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1297400538-4046397756-1200451295-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 23:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:50370 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: onlineordering.materialisedental.com DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB . - - - - ORPHANS REMOVED - - - - HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-11-19 08:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\JOHNMI~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService] "ImagePath"="c:\program files\AMD\OverDrive\AODAssist" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll . Completion time: 2010-11-19 08:49:15 ComboFix-quarantined-files.txt 2010-11-19 13:49 Pre-Run: 429,064,200,192 bytes free Post-Run: 429,019,828,224 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 4F3A4044913DEB45433183B9B350D964 A scan by adaware last pm showed no problems but this am when I got to the office it had found the trojan again and had quarantined it. Thanks for your help so far
  2. Hello All, Adaware is blocking a trojan but repeated scans "removes" it but then it's really still there . Internet wont respond and I had to post this stuff on another station. Followed directions as best as possible and so am attaching logs as indicated from a CD that I burned of the logs. Any help is greatly appreciated. Thanks John GMER 1.0.15.15530 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-11-18 13:46:22 Windows 5.1.2600 Service Pack 3 Harddisk0DR0 -> DeviceScsiahcix861Port2Path0Target0Lun0 Hitachi_ rev.GM4O Running: ogpi9ubp.exe; Driver: C:DOCUME~1JOHNMI~1LOCALS~1Tempkgldqpog.sys ---- System - GMER 1.0.15 ---- SSDT SystemRootsystem32driverssbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xB9D504D0] SSDT SystemRootsystem32driverssbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xB9D50520] ---- Kernel code sections - GMER 1.0.15 ---- .text C:WINDOWSsystem32DRIVERSati2mtag.sys section is writeable [0xB29B5000, 0x267537, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:Program FilesRealRealPlayerupdaterealsched.exe[324] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:WINDOWSsystem32SearchIndexer.exe[2680] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:WINDOWSsystem32MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35272E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526AF C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3526F3 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35263B C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E352675 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352769 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[5284] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352944 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) ? C:Documents and SettingsJohn MidligeApplication DataMicrosoftsvchost.exe[5628] IMAGE_DOS_SIGNATURE not found; ---- Devices - GMER 1.0.15 ---- AttachedDevice DriverTcpip DeviceTcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice FileSystemFastfat Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:15:38 PM, on 11/18/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17091) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:Program FilesDellDellDockDockLogin.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:Program FilesLavasoftAd-AwareAAWService.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesAMDRAIDXpertbinRAIDXpertService.exe C:Program FilesAMDRAIDXpertbinRAIDXpert.exe C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe C:Program FilesCitrixGoToMyPCg2svc.exe C:Program FilesCitrixGoToMyPCg2comm.exe C:Program FilesJavajre6binjqs.exe C:Program FilesCommon FilesMaterialiseLicenseFilesLicSrv50.exe C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE C:Program FilesCitrixGoToMyPCg2pre.exe C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe C:Program FilesDell Support Centerbinsprtsvc.exe C:WINDOWSsystem32svchost.exe C:Program FilesCommon FilesPure Networks SharedPlatformnmsrvc.exe C:WINDOWSsystem32SearchIndexer.exe C:Program FilesCitrixGoToMyPCg2tray.exe C:Program FilesLavasoftAd-AwareAAWTray.exe C:WINDOWSExplorer.EXE C:Documents and SettingsJohn MidligeApplication DataMicrosoftWindowsshell.exe C:WINDOWSSystem32svchost.exe C:Documents and SettingsJohn MidligeApplication DataMicrosoftsvchost.exe C:DOCUME~1JOHNMI~1LOCALS~1Tempdwm.exe C:WINDOWSRTHDCPL.EXE C:Program FilesAlienwareAlienFXAlienwareAlienFXController.exe C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe C:Program FilesAdobeReader 9.0ReaderReader_sl.exe C:360clientTrack360Client.exe C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe C:Program FilesRealRealPlayerupdaterealsched.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesDellXPS Thermal MonitorThermalApp.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesCommon FilesIntuitQuickBooksQBUpdateqbupdate.exe C:Program FilesDentrixWebSyncReminder.exe C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe C:Program FilesiPodbiniPodService.exe C:WINDOWSsystem32WinMsgBalloonServer.exe C:WINDOWSsystem32WinMsgBalloonClient.exe C:Program FilesAlienwareAlienFXAlienFXHook32Mngr.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url="http://g.msn.com/USCON/1"]http://g.msn.com/USCON/1[/url] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = [url="http://www.live.com"]http://www.live.com[/url] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Page_URL = [url="http://g.msn.com/USCON/1"]http://g.msn.com/USCON/1[/url] R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = [url="http://g.msn.com/USCON/1"]http://g.msn.com/USCON/1[/url] R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:50370 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local F3 - REG:win.ini: load=C:DOCUME~1JOHNMI~1LOCALS~1Tempdwm.exe O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSearchHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.2.4204.1700swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE O4 - HKLM..Run: [AlienFX Controller] "C:Program FilesAlienwareAlienFXAlienwareAlienFXController.exe" O4 - HKLM..Run: [PDVDDXSrv] "C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe" O4 - HKLM..Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe" O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe" O4 - HKLM..Run: [360client] C:360clientTrack360Client.exe O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun O4 - HKLM..Run: [ATICustomerCare] "C:Program FilesATIATICustomerCareATICustomerCare.exe" O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [TkBellExe] "C:Program FilesRealRealPlayerupdaterealsched.exe" -osboot O4 - HKLM..Run: [svchost] C:Documents and SettingsJohn MidligeApplication DataMicrosoftsvchost.exe O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKCU..Run: [XPS Thermal Monitor] C:Program FilesDellXPS Thermal MonitorThermalApp.exe O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [ISUSPM] "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -scheduler O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:Program FilesDellDellDockDellDock.exe (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:Program FilesERUNTAUTOBACK.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:Program FilesCommon FilesIntuitQuickBooksQBUpdateqbupdate.exe O4 - Global Startup: WebSync Reminder.lnk = C:Program FilesDentrixWebSyncReminder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O15 - Trusted Zone: http://*.onlineordering.materialisedental.com (HKLM) O16 - DPF: Garmin Communicator Plug-In - [url="https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB"]https://static.garmincdn.com/gcp/ie/2.9.2.0...inAxControl.CAB[/url] O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist514G2AWinLogon.dll O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:Program FilesAMDRAIDXpertbinRAIDXpertService.exe O23 - Service: AODService - Unknown owner - C:Program.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:Program FilesDellDellDockDockLogin.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:Program FilesCitrixGoToAssist514g2aservice.exe O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:Program FilesCitrixGoToMyPCg2svc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe O23 - Service: Materialise Local License Server 5.0 (MatLocalLicenceServer50) - Unknown owner - C:Program FilesCommon FilesMaterialiseLicenseFilesLicSrv50.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:Program FilesCommon FilesPure Networks SharedPlatformnmsrvc.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:Program FilesCommon FilesIntuitQuickBooksFCSIntuit.QuickBooks.FCS.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared10.0SharedCOMRoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared10.0SharedCOMRoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared10.0SharedCOMRoxWatch10.exe O23 - Service: SessionLauncher - Unknown owner - C:DOCUME~1ADMINI~1LOCALS~1TempDX9SessionLauncher.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe -- End of file - 11819 bytes Sorry didn't mention that I did run the adaware scan after an update today but was not able to post a log. Also did the backups as mentioned in step 1. Erunt and the other whose name escapes me as I'm on another machine. Mine wont respond and wont let me log onto Lavasoft. These trojans and such are getting more sophisticated every day. Now they block you from going to a site that might help kill them. It's unreal.
  3. Ok took a while to get everything working Here are the latest logs. Distressing.... Kaspersky seems to have found 2 threats. DDS (Ver_10-03-17.01) - NTFSx86 Run by John Midlige DMD at 19:50:31.60 on Tue 04/20/2010 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2776 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\Documents and Settings\John Midlige DMD\Desktop\REPAIR DVD\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.dell.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll ============= SERVICES / DRIVERS =============== R3 DEXusb;DEXusb USB Driver;c:\windows\system32\drivers\DEXusb.sys [2008-6-3 31872] R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2009-9-11 472644] S3 DEXusb_Loader;DEXusb Loader Service;c:\windows\system32\drivers\DEXusb_Loader.sys [2008-6-3 28800] =============== Created Last 30 ================ 2010-04-20 15:41:42 0 d-----w- c:\documents and settings\john midlige dmd\.SunDownloadManager 2010-04-19 18:44:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-04-19 18:44:04 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-19 18:40:51 0 d-----w- c:\windows\system32\appmgmt 2010-04-19 17:45:23 0 d-sha-r- C:\cmdcons 2010-04-19 17:44:37 98816 ----a-w- c:\windows\sed.exe 2010-04-19 17:44:37 77312 ----a-w- c:\windows\MBR.exe 2010-04-19 17:44:37 261632 ----a-w- c:\windows\PEV.exe 2010-04-19 17:44:37 161792 ----a-w- c:\windows\SWREG.exe 2010-04-15 19:16:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-04-15 19:16:27 0 d-----w- c:\program files\Lavasoft ==================== Find3M ==================== 2010-03-19 22:05:50 4874240 ------w- c:\windows\system32\dllcache\wmp.dll 2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll 2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll 2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll 2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 05:43:57 667136 ------w- c:\windows\system32\dllcache\wininet.dll 2010-02-26 05:43:57 627712 ------w- c:\windows\system32\dllcache\urlmon.dll 2010-02-26 05:43:55 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll 2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-26 05:43:54 81920 ------w- c:\windows\system32\dllcache\ieencode.dll 2010-02-26 05:43:54 251904 ------w- c:\windows\system32\dllcache\iepeers.dll 2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll 2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys ============= FINISH: 19:50:40.43 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/30/2008 7:54:03 AM System Uptime: 4/19/2010 2:45:29 PM (29 hours ago) Motherboard: Dell Inc. | | 0CU409 Processor: Intel Pentium III Xeon processor | Socket 775 | 2826/333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 149 GiB total, 133.662 GiB free. D: is CDROM () N: is NetworkDisk (NTFS) - 249 GiB total, 179.103 GiB free. P: is NetworkDisk (NTFS) - 249 GiB total, 179.103 GiB free. X: is NetworkDisk (NTFS) - 249 GiB total, 179.103 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP580: 1/21/2010 4:23:33 PM - System Checkpoint RP581: 1/22/2010 3:00:13 AM - Software Distribution Service 3.0 RP582: 1/23/2010 3:44:16 AM - System Checkpoint RP583: 1/24/2010 5:20:16 AM - System Checkpoint RP584: 1/25/2010 6:20:16 AM - System Checkpoint RP585: 1/26/2010 7:20:27 AM - System Checkpoint RP586: 1/28/2010 9:17:29 AM - System Checkpoint RP587: 1/29/2010 10:48:34 AM - System Checkpoint RP588: 1/30/2010 12:24:34 PM - System Checkpoint RP589: 1/31/2010 2:24:34 PM - System Checkpoint RP590: 2/1/2010 5:10:55 PM - System Checkpoint RP591: 2/2/2010 6:57:41 PM - System Checkpoint RP592: 2/3/2010 8:18:16 PM - System Checkpoint RP593: 2/4/2010 10:18:16 PM - System Checkpoint RP594: 2/6/2010 12:18:16 AM - System Checkpoint RP595: 2/7/2010 2:18:16 AM - System Checkpoint RP596: 2/8/2010 4:18:16 AM - System Checkpoint RP597: 2/9/2010 4:18:29 AM - System Checkpoint RP598: 2/10/2010 6:18:29 AM - System Checkpoint RP599: 2/11/2010 3:00:13 AM - Software Distribution Service 3.0 RP600: 2/12/2010 3:21:48 AM - System Checkpoint RP601: 2/13/2010 5:21:48 AM - System Checkpoint RP602: 2/14/2010 7:21:48 AM - System Checkpoint RP603: 2/15/2010 8:03:24 AM - System Checkpoint RP604: 2/16/2010 9:22:03 AM - System Checkpoint RP605: 2/17/2010 11:22:03 AM - System Checkpoint RP606: 2/18/2010 12:19:23 PM - System Checkpoint RP607: 2/19/2010 1:22:03 PM - System Checkpoint RP608: 2/20/2010 3:46:03 PM - System Checkpoint RP609: 2/21/2010 5:34:03 PM - System Checkpoint RP610: 2/22/2010 7:22:26 PM - System Checkpoint RP611: 2/23/2010 8:42:59 PM - System Checkpoint RP612: 2/24/2010 10:58:28 PM - System Checkpoint RP613: 2/25/2010 3:00:13 AM - Software Distribution Service 3.0 RP614: 2/26/2010 4:10:28 AM - System Checkpoint RP615: 2/27/2010 5:22:28 AM - System Checkpoint RP616: 3/10/2010 7:57:48 AM - System Checkpoint RP617: 3/11/2010 3:00:13 AM - Software Distribution Service 3.0 RP618: 3/12/2010 3:29:50 AM - System Checkpoint RP619: 3/13/2010 5:29:50 AM - System Checkpoint RP620: 3/14/2010 8:29:50 AM - System Checkpoint RP621: 3/15/2010 11:30:34 AM - System Checkpoint RP622: 3/16/2010 1:39:47 PM - System Checkpoint RP623: 3/17/2010 3:06:15 PM - System Checkpoint RP624: 3/18/2010 5:27:44 PM - System Checkpoint RP625: 3/19/2010 7:18:15 PM - System Checkpoint RP626: 3/20/2010 8:30:15 PM - System Checkpoint RP627: 3/21/2010 10:30:15 PM - System Checkpoint RP628: 3/22/2010 10:54:15 PM - System Checkpoint RP629: 3/24/2010 12:42:15 AM - System Checkpoint RP630: 3/25/2010 2:30:41 AM - System Checkpoint RP631: 3/26/2010 3:06:41 AM - System Checkpoint RP632: 3/27/2010 4:30:41 AM - System Checkpoint RP633: 3/28/2010 6:30:41 AM - System Checkpoint RP634: 3/29/2010 6:42:41 AM - System Checkpoint RP635: 3/30/2010 6:47:36 AM - System Checkpoint RP636: 3/31/2010 7:35:56 AM - System Checkpoint RP637: 4/1/2010 3:00:13 AM - Software Distribution Service 3.0 RP638: 4/1/2010 5:30:12 PM - Installed Java(tm) 6 Update 19 RP639: 4/2/2010 7:00:01 PM - System Checkpoint RP640: 4/3/2010 7:29:44 PM - System Checkpoint RP641: 4/4/2010 7:36:01 PM - System Checkpoint RP642: 4/5/2010 8:36:01 PM - System Checkpoint RP643: 4/6/2010 9:55:52 PM - System Checkpoint RP644: 4/8/2010 12:07:51 AM - System Checkpoint RP645: 4/9/2010 12:49:20 AM - System Checkpoint RP646: 4/10/2010 2:13:20 AM - System Checkpoint RP647: 4/11/2010 4:13:20 AM - System Checkpoint RP648: 4/12/2010 4:37:20 AM - System Checkpoint RP649: 4/13/2010 7:49:20 AM - System Checkpoint RP650: 4/14/2010 3:00:13 AM - Software Distribution Service 3.0 RP651: 4/15/2010 3:45:32 AM - System Checkpoint RP652: 4/16/2010 5:22:03 AM - System Checkpoint RP653: 4/17/2010 7:22:03 AM - System Checkpoint RP654: 4/18/2010 9:34:03 AM - System Checkpoint RP655: 4/19/2010 2:21:40 PM - System Checkpoint RP656: 4/19/2010 2:35:04 PM - Removed Adobe Reader 8.1.2 RP657: 4/19/2010 2:35:29 PM - Installed Adobe Reader 9.3. RP658: 4/19/2010 2:40:37 PM - Removed Java(tm) 6 Update 11 RP659: 4/19/2010 2:41:00 PM - Removed J2SE Runtime Environment 5.0 Update 6 RP660: 4/19/2010 2:41:18 PM - Removed Java(tm) 6 Update 7 RP661: 4/19/2010 2:43:48 PM - Installed Java(tm) 6 Update 20 RP662: 4/20/2010 3:05:18 PM - System Checkpoint ==== Installed Programs ====================== Acrobat.com Ad-Aware Adobe AIR Adobe Reader 9.3 Appointment Book ATI Catalyst Control Center ATI Display Driver Browser Address Error Redirector CAM-740 Crystal Reports Basic Runtime for Visual Studio 2008 Dell Driver Reset Tool Dell Support Center DENTRIX G4 DEXclaim Printer Driver Dexis DEXIS Integrator for Dentrix DexLib Google Desktop Google Toolbar for Internet Explorer Guru Limited Edition High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Deskjet 6500 HP Software Update Intel® PRO Network Connections 12.1.8.0 Java Auto Updater Java(tm) 6 Update 20 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft VC++9.0 redistributables Microsoft Windows Journal Viewer Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) OpenOffice.org Installer 1.0 PowerDVD QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 Roxio Update Manager SearchAssist Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981349) Send to Dentrix Document Center (novaPDF Professional Desktop O Sonic CinePlayer Decoder Pack Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Update for Windows XP (KB978207) Update for Windows XP (KB980182) USB Video/Audio Device Driver Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 4/19/2010 1:54:14 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. 4/19/2010 1:54:14 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1. 4/13/2010 5:27:59 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 02:AE:9D:68:0D:95. Network operations on this system may be disrupted as a result. ==== End Of File =========================== KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, April 20, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, April 20, 2010 13:55:08 Records in database: 3949374 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ N:\ P:\ X:\ Scan statistics Objects scanned 176593 Threats found 2 Infected objects found 2 Suspicious objects found 0 Scan duration 02:47:13 File name Threat Threats count C:\Documents and Settings\John Midlige DMD\Application Data\Sun\Java\Deployment\cache\6.0\1\d86bd01-422d8fd8 Infected: Exploit.Java.CVE-2009-3867.gen 1 C:\Documents and Settings\John Midlige DMD\Application Data\Sun\Java\Deployment\cache\6.0\1\d86bd01-422d8fd8 Infected: Trojan-Downloader.Java.OpenStream.al 1 Selected area has been scanned.
  4. Again Sorry I have no way to zip these. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/30/2008 7:54:03 AM System Uptime: 4/19/2010 1:49:33 PM (1 hours ago) Motherboard: Dell Inc. | | 0CU409 Processor: Intel Pentium III Xeon processor | Socket 775 | 2826/333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 149 GiB total, 134.097 GiB free. D: is CDROM () N: is NetworkDisk (NTFS) - 249 GiB total, 179.116 GiB free. P: is NetworkDisk (NTFS) - 249 GiB total, 179.116 GiB free. X: is NetworkDisk (NTFS) - 249 GiB total, 179.116 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP578: 1/19/2010 3:15:59 PM - System Checkpoint RP579: 1/20/2010 3:21:16 PM - System Checkpoint RP580: 1/21/2010 4:23:33 PM - System Checkpoint RP581: 1/22/2010 3:00:13 AM - Software Distribution Service 3.0 RP582: 1/23/2010 3:44:16 AM - System Checkpoint RP583: 1/24/2010 5:20:16 AM - System Checkpoint RP584: 1/25/2010 6:20:16 AM - System Checkpoint RP585: 1/26/2010 7:20:27 AM - System Checkpoint RP586: 1/28/2010 9:17:29 AM - System Checkpoint RP587: 1/29/2010 10:48:34 AM - System Checkpoint RP588: 1/30/2010 12:24:34 PM - System Checkpoint RP589: 1/31/2010 2:24:34 PM - System Checkpoint RP590: 2/1/2010 5:10:55 PM - System Checkpoint RP591: 2/2/2010 6:57:41 PM - System Checkpoint RP592: 2/3/2010 8:18:16 PM - System Checkpoint RP593: 2/4/2010 10:18:16 PM - System Checkpoint RP594: 2/6/2010 12:18:16 AM - System Checkpoint RP595: 2/7/2010 2:18:16 AM - System Checkpoint RP596: 2/8/2010 4:18:16 AM - System Checkpoint RP597: 2/9/2010 4:18:29 AM - System Checkpoint RP598: 2/10/2010 6:18:29 AM - System Checkpoint RP599: 2/11/2010 3:00:13 AM - Software Distribution Service 3.0 RP600: 2/12/2010 3:21:48 AM - System Checkpoint RP601: 2/13/2010 5:21:48 AM - System Checkpoint RP602: 2/14/2010 7:21:48 AM - System Checkpoint RP603: 2/15/2010 8:03:24 AM - System Checkpoint RP604: 2/16/2010 9:22:03 AM - System Checkpoint RP605: 2/17/2010 11:22:03 AM - System Checkpoint RP606: 2/18/2010 12:19:23 PM - System Checkpoint RP607: 2/19/2010 1:22:03 PM - System Checkpoint RP608: 2/20/2010 3:46:03 PM - System Checkpoint RP609: 2/21/2010 5:34:03 PM - System Checkpoint RP610: 2/22/2010 7:22:26 PM - System Checkpoint RP611: 2/23/2010 8:42:59 PM - System Checkpoint RP612: 2/24/2010 10:58:28 PM - System Checkpoint RP613: 2/25/2010 3:00:13 AM - Software Distribution Service 3.0 RP614: 2/26/2010 4:10:28 AM - System Checkpoint RP615: 2/27/2010 5:22:28 AM - System Checkpoint RP616: 3/10/2010 7:57:48 AM - System Checkpoint RP617: 3/11/2010 3:00:13 AM - Software Distribution Service 3.0 RP618: 3/12/2010 3:29:50 AM - System Checkpoint RP619: 3/13/2010 5:29:50 AM - System Checkpoint RP620: 3/14/2010 8:29:50 AM - System Checkpoint RP621: 3/15/2010 11:30:34 AM - System Checkpoint RP622: 3/16/2010 1:39:47 PM - System Checkpoint RP623: 3/17/2010 3:06:15 PM - System Checkpoint RP624: 3/18/2010 5:27:44 PM - System Checkpoint RP625: 3/19/2010 7:18:15 PM - System Checkpoint RP626: 3/20/2010 8:30:15 PM - System Checkpoint RP627: 3/21/2010 10:30:15 PM - System Checkpoint RP628: 3/22/2010 10:54:15 PM - System Checkpoint RP629: 3/24/2010 12:42:15 AM - System Checkpoint RP630: 3/25/2010 2:30:41 AM - System Checkpoint RP631: 3/26/2010 3:06:41 AM - System Checkpoint RP632: 3/27/2010 4:30:41 AM - System Checkpoint RP633: 3/28/2010 6:30:41 AM - System Checkpoint RP634: 3/29/2010 6:42:41 AM - System Checkpoint RP635: 3/30/2010 6:47:36 AM - System Checkpoint RP636: 3/31/2010 7:35:56 AM - System Checkpoint RP637: 4/1/2010 3:00:13 AM - Software Distribution Service 3.0 RP638: 4/1/2010 5:30:12 PM - Installed Java(tm) 6 Update 19 RP639: 4/2/2010 7:00:01 PM - System Checkpoint RP640: 4/3/2010 7:29:44 PM - System Checkpoint RP641: 4/4/2010 7:36:01 PM - System Checkpoint RP642: 4/5/2010 8:36:01 PM - System Checkpoint RP643: 4/6/2010 9:55:52 PM - System Checkpoint RP644: 4/8/2010 12:07:51 AM - System Checkpoint RP645: 4/9/2010 12:49:20 AM - System Checkpoint RP646: 4/10/2010 2:13:20 AM - System Checkpoint RP647: 4/11/2010 4:13:20 AM - System Checkpoint RP648: 4/12/2010 4:37:20 AM - System Checkpoint RP649: 4/13/2010 7:49:20 AM - System Checkpoint RP650: 4/14/2010 3:00:13 AM - Software Distribution Service 3.0 RP651: 4/15/2010 3:45:32 AM - System Checkpoint RP652: 4/16/2010 5:22:03 AM - System Checkpoint RP653: 4/17/2010 7:22:03 AM - System Checkpoint RP654: 4/18/2010 9:34:03 AM - System Checkpoint ==== Installed Programs ====================== Ad-Aware Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 8.1.2 Appointment Book ATI Catalyst Control Center ATI Display Driver Browser Address Error Redirector CAM-740 Crystal Reports Basic Runtime for Visual Studio 2008 Dell Driver Reset Tool Dell Support Center DENTRIX G4 DEXclaim Printer Driver Dexis DEXIS Integrator for Dentrix DexLib Google Desktop Google Toolbar for Internet Explorer Guru Limited Edition High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Deskjet 6500 HP Software Update Intel® PRO Network Connections 12.1.8.0 J2SE Runtime Environment 5.0 Update 6 Java Auto Updater Java(tm) 6 Update 19 Java(tm) 6 Update 7 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft VC++9.0 redistributables Microsoft Windows Journal Viewer Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) OpenOffice.org Installer 1.0 PowerDVD QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 Roxio Update Manager SearchAssist Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981349) Send to Dentrix Document Center (novaPDF Professional Desktop O Sonic CinePlayer Decoder Pack Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Update for Windows XP (KB978207) Update for Windows XP (KB980182) USB Video/Audio Device Driver Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 4/19/2010 1:54:14 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. 4/19/2010 1:54:14 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1. 4/16/2010 5:40:44 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 02:AE:9D:68:0D:95. Network operations on this system may be disrupted as a result. ==== End Of File =========================== DDS (Ver_10-03-17.01) - NTFSx86 Run by John Midlige DMD at 14:04:58.17 on Mon 04/19/2010 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2943 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\John Midlige DMD\Desktop\REPAIR DVD\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.dell.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll ============= SERVICES / DRIVERS =============== R3 DEXusb;DEXusb USB Driver;c:\windows\system32\drivers\DEXusb.sys [2008-6-3 31872] R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2009-9-11 472644] S3 DEXusb_Loader;DEXusb Loader Service;c:\windows\system32\drivers\DEXusb_Loader.sys [2008-6-3 28800] =============== Created Last 30 ================ 2010-04-19 17:45:23 0 d-sha-r- C:\cmdcons 2010-04-19 17:44:37 98816 ----a-w- c:\windows\sed.exe 2010-04-19 17:44:37 77312 ----a-w- c:\windows\MBR.exe 2010-04-19 17:44:37 261632 ----a-w- c:\windows\PEV.exe 2010-04-19 17:44:37 161792 ----a-w- c:\windows\SWREG.exe 2010-04-15 19:16:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-04-15 19:16:27 0 d-----w- c:\program files\Lavasoft ==================== Find3M ==================== 2010-03-19 22:05:50 4874240 ------w- c:\windows\system32\dllcache\wmp.dll 2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll 2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll 2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll 2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 05:43:57 667136 ------w- c:\windows\system32\dllcache\wininet.dll 2010-02-26 05:43:57 627712 ------w- c:\windows\system32\dllcache\urlmon.dll 2010-02-26 05:43:55 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll 2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-26 05:43:54 81920 ------w- c:\windows\system32\dllcache\ieencode.dll 2010-02-26 05:43:54 251904 ------w- c:\windows\system32\dllcache\iepeers.dll 2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll 2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys ============= FINISH: 14:05:01.18 ===============
  5. Here are the logs exeHelper by Raktor Build 20100414 Run at 13:43:20 on 04/19/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Killed process ave.exe Checking for bad files... Deleting file C:\Documents and Settings\John Midlige DMD\Local Settings\Application Data\ave.exe Checking for bad registry entries... Resetting filetype association for .exe Removing HKCR\secfile Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- ComboFix 10-04-18.04 - John Midlige DMD 04/19/2010 13:46:00.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2916 [GMT -4:00] Running from: c:\documents and settings\John Midlige DMD\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\John Midlige DMD\Local Settings\Temporary Internet Files7KT2SVy.jpg c:\documents and settings\John Midlige DMD\Local Settings\Temporary Internet Files\A0yTAG.jpg c:\documents and settings\John Midlige DMD\Local Settings\Temporary Internet Files\G6Eht4C.jpg c:\documents and settings\John Midlige DMD\Local Settings\Temporary Internet Files\ym22I3h15.jpg c:\windows\jestertb.dll . ((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 ))))))))))))))))))))))))))))))) . 2010-04-15 19:16 . 2010-04-15 19:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-04-15 19:16 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2010-04-15 19:16 . 2010-04-15 19:16 -------- d-----w- c:\program files\Lavasoft 2010-04-15 19:16 . 2010-04-15 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-01 21:30 . 2010-04-01 21:30 61440 ----a-w- c:\documents and settings\John Midlige DMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-211afd68-n\decora-sse.dll 2010-04-01 21:30 . 2010-04-01 21:30 12800 ----a-w- c:\documents and settings\John Midlige DMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-211afd68-n\decora-d3d.dll 2010-04-01 21:30 . 2010-04-01 21:30 503808 ----a-w- c:\documents and settings\John Midlige DMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ab78cc9-n\msvcp71.dll 2010-04-01 21:30 . 2010-04-01 21:30 499712 ----a-w- c:\documents and settings\John Midlige DMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ab78cc9-n\jmc.dll 2010-04-01 21:30 . 2010-04-01 21:30 348160 ----a-w- c:\documents and settings\John Midlige DMD\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ab78cc9-n\msvcr71.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-17 17:48 . 2008-05-30 13:19 -------- d-----w- c:\program files\Dentrix 2010-04-01 21:30 . 2008-05-23 12:48 -------- d-----w- c:\program files\Common Files\Java 2010-04-01 21:30 . 2008-05-23 12:48 -------- d-----w- c:\program files\Java 2010-03-30 15:38 . 2009-11-11 08:23 79488 ----a-w- c:\documents and settings\John Midlige DMD\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-09 11:09 . 2004-08-11 21:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 08:28 . 2008-12-15 21:45 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-26 05:43 . 2004-08-11 21:00 667136 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 05:43 . 2004-08-11 21:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-24 13:11 . 2004-08-11 21:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-11 21:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-04 02:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-08-11 21:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-11 21:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "DtxQuickLaunch.exe"="c:\program files\Dentrix\DtxQuickLaunch.exe" [2009-09-03 66832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-01-14 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-05 258048] "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eSync Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eSync Reminder.lnk backup=c:\windows\pss\eSync Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSync Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WebSync Reminder.lnk backup=c:\windows\pss\WebSync Reminder.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-05-23 12:55 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-05-23 12:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 DEXusb;DEXusb USB Driver;c:\windows\system32\drivers\DEXusb.sys [6/3/2008 11:22 AM 31872] R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [9/11/2009 9:04 AM 472644] S3 DEXusb_Loader;DEXusb Loader Service;c:\windows\system32\drivers\DEXusb_Loader.sys [6/3/2008 11:22 AM 28800] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.dell.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-04-19 13:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe . ************************************************************************** . Completion time: 2010-04-19 13:56:43 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-19 17:56 Pre-Run: 143,628,242,944 bytes free Post-Run: 143,944,646,656 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 830E48A19123F4F95AD231145A973DBA
  6. Here are my logs. I am unable to connect to Lavasoft forums because the virus is blocking connections so I must download things to another computer, burn to a DVD, install on infected computer, run programs, then copy to another and upload. Unable to Zip files. Not sure if thats a problem. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/30/2008 7:54:03 AM System Uptime: 4/15/2010 3:17:59 PM (88 hours ago) Motherboard: Dell Inc. | | 0CU409 Processor: Intel Pentium III Xeon processor | Socket 775 | 2826/333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 149 GiB total, 133.815 GiB free. D: is CDROM (UDF1.02) N: is NetworkDisk (NTFS) - 249 GiB total, 179.118 GiB free. P: is NetworkDisk (NTFS) - 249 GiB total, 179.118 GiB free. X: is NetworkDisk (NTFS) - 249 GiB total, 179.118 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP578: 1/19/2010 3:15:59 PM - System Checkpoint RP579: 1/20/2010 3:21:16 PM - System Checkpoint RP580: 1/21/2010 4:23:33 PM - System Checkpoint RP581: 1/22/2010 3:00:13 AM - Software Distribution Service 3.0 RP582: 1/23/2010 3:44:16 AM - System Checkpoint RP583: 1/24/2010 5:20:16 AM - System Checkpoint RP584: 1/25/2010 6:20:16 AM - System Checkpoint RP585: 1/26/2010 7:20:27 AM - System Checkpoint RP586: 1/28/2010 9:17:29 AM - System Checkpoint RP587: 1/29/2010 10:48:34 AM - System Checkpoint RP588: 1/30/2010 12:24:34 PM - System Checkpoint RP589: 1/31/2010 2:24:34 PM - System Checkpoint RP590: 2/1/2010 5:10:55 PM - System Checkpoint RP591: 2/2/2010 6:57:41 PM - System Checkpoint RP592: 2/3/2010 8:18:16 PM - System Checkpoint RP593: 2/4/2010 10:18:16 PM - System Checkpoint RP594: 2/6/2010 12:18:16 AM - System Checkpoint RP595: 2/7/2010 2:18:16 AM - System Checkpoint RP596: 2/8/2010 4:18:16 AM - System Checkpoint RP597: 2/9/2010 4:18:29 AM - System Checkpoint RP598: 2/10/2010 6:18:29 AM - System Checkpoint RP599: 2/11/2010 3:00:13 AM - Software Distribution Service 3.0 RP600: 2/12/2010 3:21:48 AM - System Checkpoint RP601: 2/13/2010 5:21:48 AM - System Checkpoint RP602: 2/14/2010 7:21:48 AM - System Checkpoint RP603: 2/15/2010 8:03:24 AM - System Checkpoint RP604: 2/16/2010 9:22:03 AM - System Checkpoint RP605: 2/17/2010 11:22:03 AM - System Checkpoint RP606: 2/18/2010 12:19:23 PM - System Checkpoint RP607: 2/19/2010 1:22:03 PM - System Checkpoint RP608: 2/20/2010 3:46:03 PM - System Checkpoint RP609: 2/21/2010 5:34:03 PM - System Checkpoint RP610: 2/22/2010 7:22:26 PM - System Checkpoint RP611: 2/23/2010 8:42:59 PM - System Checkpoint RP612: 2/24/2010 10:58:28 PM - System Checkpoint RP613: 2/25/2010 3:00:13 AM - Software Distribution Service 3.0 RP614: 2/26/2010 4:10:28 AM - System Checkpoint RP615: 2/27/2010 5:22:28 AM - System Checkpoint RP616: 3/10/2010 7:57:48 AM - System Checkpoint RP617: 3/11/2010 3:00:13 AM - Software Distribution Service 3.0 RP618: 3/12/2010 3:29:50 AM - System Checkpoint RP619: 3/13/2010 5:29:50 AM - System Checkpoint RP620: 3/14/2010 8:29:50 AM - System Checkpoint RP621: 3/15/2010 11:30:34 AM - System Checkpoint RP622: 3/16/2010 1:39:47 PM - System Checkpoint RP623: 3/17/2010 3:06:15 PM - System Checkpoint RP624: 3/18/2010 5:27:44 PM - System Checkpoint RP625: 3/19/2010 7:18:15 PM - System Checkpoint RP626: 3/20/2010 8:30:15 PM - System Checkpoint RP627: 3/21/2010 10:30:15 PM - System Checkpoint RP628: 3/22/2010 10:54:15 PM - System Checkpoint RP629: 3/24/2010 12:42:15 AM - System Checkpoint RP630: 3/25/2010 2:30:41 AM - System Checkpoint RP631: 3/26/2010 3:06:41 AM - System Checkpoint RP632: 3/27/2010 4:30:41 AM - System Checkpoint RP633: 3/28/2010 6:30:41 AM - System Checkpoint RP634: 3/29/2010 6:42:41 AM - System Checkpoint RP635: 3/30/2010 6:47:36 AM - System Checkpoint RP636: 3/31/2010 7:35:56 AM - System Checkpoint RP637: 4/1/2010 3:00:13 AM - Software Distribution Service 3.0 RP638: 4/1/2010 5:30:12 PM - Installed Java(tm) 6 Update 19 RP639: 4/2/2010 7:00:01 PM - System Checkpoint RP640: 4/3/2010 7:29:44 PM - System Checkpoint RP641: 4/4/2010 7:36:01 PM - System Checkpoint RP642: 4/5/2010 8:36:01 PM - System Checkpoint RP643: 4/6/2010 9:55:52 PM - System Checkpoint RP644: 4/8/2010 12:07:51 AM - System Checkpoint RP645: 4/9/2010 12:49:20 AM - System Checkpoint RP646: 4/10/2010 2:13:20 AM - System Checkpoint RP647: 4/11/2010 4:13:20 AM - System Checkpoint RP648: 4/12/2010 4:37:20 AM - System Checkpoint RP649: 4/13/2010 7:49:20 AM - System Checkpoint RP650: 4/14/2010 3:00:13 AM - Software Distribution Service 3.0 RP651: 4/15/2010 3:45:32 AM - System Checkpoint RP652: 4/16/2010 5:22:03 AM - System Checkpoint RP653: 4/17/2010 7:22:03 AM - System Checkpoint RP654: 4/18/2010 9:34:03 AM - System Checkpoint ==== Installed Programs ====================== Ad-Aware Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 8.1.2 Appointment Book ATI Catalyst Control Center ATI Display Driver Browser Address Error Redirector CAM-740 Crystal Reports Basic Runtime for Visual Studio 2008 Dell Driver Reset Tool Dell Support Center DENTRIX G4 DEXclaim Printer Driver Dexis DEXIS Integrator for Dentrix DexLib Google Desktop Google Toolbar for Internet Explorer Guru Limited Edition High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Deskjet 6500 HP Software Update Intel® PRO Network Connections 12.1.8.0 J2SE Runtime Environment 5.0 Update 6 Java Auto Updater Java(tm) 6 Update 19 Java(tm) 6 Update 7 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft VC++9.0 redistributables Microsoft Windows Journal Viewer Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) OpenOffice.org Installer 1.0 PowerDVD QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 Roxio Update Manager SearchAssist Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981349) Send to Dentrix Document Center (novaPDF Professional Desktop O Sonic CinePlayer Decoder Pack Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Update for Windows XP (KB978207) Update for Windows XP (KB980182) USB Video/Audio Device Driver Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 4/13/2010 5:27:59 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 02:AE:9D:68:0D:95. Network operations on this system may be disrupted as a result. ==== End Of File =========================== DDS (Ver_10-03-17.01) - NTFSx86 Run by John Midlige DMD at 7:52:53.42 on Mon 04/19/2010 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2745 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\tsnp2std.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Documents and Settings\John Midlige DMD\Local Settings\Application Data\ave.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Dentrix\Apptbook.exe C:\Program Files\Dentrix\chart.exe C:\Program Files\Dentrix\Perio.exe C:\Documents and Settings\John Midlige DMD\Desktop\REPAIR DVD\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080523 uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb mDefault_Page_URL = hxxp://www.dell.com mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.dell.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL ============= SERVICES / DRIVERS =============== R3 DEXusb;DEXusb USB Driver;c:\windows\system32\drivers\DEXusb.sys [2008-6-3 31872] R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2009-9-11 472644] S3 DEXusb_Loader;DEXusb Loader Service;c:\windows\system32\drivers\DEXusb_Loader.sys [2008-6-3 28800] ============== File Associations =============== .exe=secfile =============== Created Last 30 ================ 2010-04-15 19:16:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-04-15 19:16:27 0 d-----w- c:\program files\Lavasoft ==================== Find3M ==================== 2010-03-19 22:05:50 4874240 ------w- c:\windows\system32\dllcache\wmp.dll 2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll 2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll 2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll 2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 05:43:57 667136 ------w- c:\windows\system32\dllcache\wininet.dll 2010-02-26 05:43:57 627712 ------w- c:\windows\system32\dllcache\urlmon.dll 2010-02-26 05:43:55 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll 2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-26 05:43:54 81920 ------w- c:\windows\system32\dllcache\ieencode.dll 2010-02-26 05:43:54 251904 ------w- c:\windows\system32\dllcache\iepeers.dll 2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll 2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys ============= FINISH: 7:53:09.39 =============== GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-04-19 09:30:41 Windows 5.1.2600 Service Pack 3 Running: pp4unz3q.exe; Driver: C:\DOCUME~1\JOHNMI~1\LOCALS~1\Temp\pxtdqpow.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \Fat A912DD20 Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio) ---- EOF - GMER 1.0.15 ----
  7. Thanks Blade 81 What is a script blocker? Not familiar with that term. Is that the same as Popup blocker?? thanks John
  8. Hello All, One of my computers is now infected w/ the Total XP Spyware garbage. It has effectively blocked the use of the computer and also is preventing Adaware from connecting to the internet on startup and also preventing the connection to adaware support forums. I have a hard copy disk that I tried to load Adaware with and it allowed it to install but blocks the launch of the program. What do you advise as my next step Thanks to all in advance John
  9. Tried to do recovery but when I left Administrator password blank and hit enter it told me that it was an invalid password. It is almost funny because I know that there were no passwords ever set for this system. Oh well. I am not going to waste anymore time on this nightmare. We are going to do a low level reformat and wipe the entire hard drive clean down to the bone and reinstall everything. There is nothing important on this system that I need to recover, I just need it to work as quickly as possible. I wonder if anyone has ever done a time motion study of a low level format vs a war to the death to remove a virus. Which takes less time???? I just need to figure out how to wipe out the boot record copy on the hard drive. I know there are utilities that will do that. thanks for your help and if you have a better suggestion I'm all ears. John
  10. I have the Win CD It is a dell Vostro 400 running win xp pro sp 3
  11. Maybe I wasn't clear about the condition of my system. It wont boot up or respond. hitting the start button and allowing a normal start it goes to a grey colored screen that shows the name of the Dell system model "VOSTRO" and hangs and wont respond. Starting up and trying to boot in safe mode just gives me a blue screen of death. I have no way to get into the system to download anything or install anything. What do you suggest? John
  12. The computer gods have punished me. My wifes computer now has the Internet Security 2010 virus. I can't even start the computer in Safe mode as I just get the Blue screen of death. Before I hit restart I ran Ad Aware and it wouldn't remove anything and Eset nod 32 antivirus did a full scan and found nothing but I'll guarantee that it's taken over my system. Any thoughts on where to go from here would be appreciated.
  13. The Nolop program did not find anything and didn't reboot. Seems like all is better. Cant thank you enough for your help and dedication to stopping this BS that is going on throughout the net. Keep up the great work John
  14. Here is the fresh Hijack This log Logfile of HijackThis v1.99.1 Scan saved at 9:06:12 PM, on 11/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Vongo\VongoService.exe C:\WINDOWS\system32\dlbxcoms.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected] O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136681548718 O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  15. Here is the NoLop Log NoLop! Log by Skate_Punk_21 Please Note: any existing old logs will have now been renamed to NoLop!OLD.log Fix running from: C:\Documents and Settings\John Midlige DMD\Desktop [11/29/2006] [9:03:24 PM] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- C:\Documents and Settings\Administrator\Application Data\Gtek C:\Documents and Settings\Administrator\Application Data\Identities C:\Documents and Settings\Administrator\Application Data\Intel C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc C:\Documents and Settings\Administrator\Application Data\Microsoft C:\Documents and Settings\Administrator\Application Data\Sun C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Aol C:\Documents and Settings\All Users\Application Data\Bvrp Software C:\Documents and Settings\All Users\Application Data\Cyberlink C:\Documents and Settings\All Users\Application Data\Gtek C:\Documents and Settings\All Users\Application Data\Hotsync C:\Documents and Settings\All Users\Application Data\Installshield C:\Documents and Settings\All Users\Application Data\Intel C:\Documents and Settings\All Users\Application Data\Intuit C:\Documents and Settings\All Users\Application Data\Jes-soft C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Sbsi C:\Documents and Settings\All Users\Application Data\Skype -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\{a695ad8d-651b-4c8a-91df-51f853449a57} C:\Documents and Settings\Default User\Application Data\Gtek C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Intel C:\Documents and Settings\Default User\Application Data\Jasc Software Inc C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Default User\Application Data\Sun C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory C:\Documents and Settings\John Midlige Dmd\Application Data\Adobe C:\Documents and Settings\John Midlige Dmd\Application Data\Adobeum C:\Documents and Settings\John Midlige Dmd\Application Data\Cyberlink C:\Documents and Settings\John Midlige Dmd\Application Data\Google C:\Documents and Settings\John Midlige Dmd\Application Data\Gtek C:\Documents and Settings\John Midlige Dmd\Application Data\Help -- EMPTY Directory C:\Documents and Settings\John Midlige Dmd\Application Data\Hotsync C:\Documents and Settings\John Midlige Dmd\Application Data\Identities C:\Documents and Settings\John Midlige Dmd\Application Data\Intel C:\Documents and Settings\John Midlige Dmd\Application Data\Intuit C:\Documents and Settings\John Midlige Dmd\Application Data\Jasc Software Inc C:\Documents and Settings\John Midlige Dmd\Application Data\Lavasoft C:\Documents and Settings\John Midlige Dmd\Application Data\Leadertech C:\Documents and Settings\John Midlige Dmd\Application Data\Macromedia C:\Documents and Settings\John Midlige Dmd\Application Data\Microsoft C:\Documents and Settings\John Midlige Dmd\Application Data\Mozilla C:\Documents and Settings\John Midlige Dmd\Application Data\Musicmatch C:\Documents and Settings\John Midlige Dmd\Application Data\Real C:\Documents and Settings\John Midlige Dmd\Application Data\Skype C:\Documents and Settings\John Midlige Dmd\Application Data\Sonic C:\Documents and Settings\John Midlige Dmd\Application Data\Sun C:\Documents and Settings\John Midlige Dmd\Application Data\Symantec C:\Documents and Settings\John Midlige Dmd\Application Data\Vlc C:\Documents and Settings\Localservice\Application Data\Macromedia C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Symantec